Can't redirect http to https

[erni84]

Hi,

I just installed ssl certificate in my zimbra server. However, the webmail login page can't redirect to https. When I access http://myemailserver.domain.com, it returns This site can't be reached. But when I access https://myemailserver.domain.com, the webmail login page appear successfully.

I have tried this solution here https://wiki.zimbra.com/wiki/Enabling_Z ... S_Redirect but it doesn't work. Is there any other solution?

[erni84]

Thanks for your reply. Currently I've adviced users to access via https. Is there other way to set redirect the http to the https page?

[DualBoot]

did you try to telnet the port number 80 on your remote email server ?
Regards,

[L. Mark Stone]

Best to set the server running Zimbra's Proxy service to "redirect" mode. As the zimbra user, you can run on the proxy server:

Code: Select all

zmprov ms `zmhostname` zimbraReverseProxyMailMode redirect
zmproxyctl restart

Both 80 and 443 need to open in your firewall, but if the zimbraReverseProxyMailMode attribute was set to "https", then trying to telnet in to port 80 will fail as the proxy will not be listening on that port at all.

Hope that helps,
Mark

[erni84]

did you try to telnet the port number 80 on your remote email server ?
Regards,

I tried to telnet but it returns Trying....xx.xx.xx.xx. with no response.

[erni84]

Best to set the server running Zimbra's Proxy service to "redirect" mode. As the zimbra user, you can run on the proxy server:

Code: Select all

zmprov ms `zmhostname` zimbraReverseProxyMailMode redirect
zmproxyctl restart

Both 80 and 443 need to open in your firewall, but if the zimbraReverseProxyMailMode attribute was set to "https", then trying to telnet in to port 80 will fail as the proxy will not be listening on that port at all.

Hope that helps,
Mark

I ran the zmprov gs command and below is the result :

[zimbra@mail ~]$ zmprov gs `zmhostname` zimbraMailPort zimbraMailProxyPort zimbraMailSSLPort zimbraMailSSLProxyPort zimbraReverseProxyMailMode zimbraReverseProxyHttpEnabled zimbraReverseProxyMailEnabled zimbraServiceEnabled zimbraServiceInstalled zimbraReverseProxySSLToUpstreamEnabled zimbraReverseProxyStrictServerNameEnabled zimbraReverseProxyLookupTarget zimbraMailMode
# name mail.mydomain.com
zimbraMailMode: https
zimbraMailPort: 80
zimbraMailProxyPort: 0
zimbraMailSSLPort: 443
zimbraMailSSLProxyPort: 0
zimbraReverseProxyHttpEnabled: FALSE
zimbraReverseProxyLookupTarget: TRUE
zimbraReverseProxyMailEnabled: TRUE
zimbraReverseProxyMailMode: redirect
zimbraReverseProxySSLToUpstreamEnabled: TRUE
zimbraReverseProxyStrictServerNameEnabled: FALSE

I will check with my network admin regarding the 80 and 443 port.

[DualBoot]

zimbraMailMode: https

This one is wrong, your mailbox is listening only on 443.

[L. Mark Stone]

To expand on what Dual Boot has reported, both the Proxy Service and the Mailbox Service need to be configured correctly for proxy to work. And by "correctly" I mean that both Services need to agree on Ports and Protocols. For example:

Code: Select all

zimbra@mail2:~$ zmprov gs mb18.missioncriticalemail.com | grep "SSLPort\|SSLProxyPort"
zimbraMailSSLPort: 8443
zimbraMailSSLProxyPort: 443
zimbra@mail2:~$ 

443 is the port which the public-facing side of the Proxy Service listens on, and 8443 is the port that the mailbox-facing side of the Proxy and Mailbox Services use for this same traffic.

Note there are separate pairs of attributes for IMAPS, POP3S, etc., as each of those uses separate ports.

That takes care of the ports, now on to the Protocols. The protocol the Proxy uses to connect to both users and the mailbox service is determined by the attribute zimbraReverseProxyMailMode. If that attribute is set to redirect or https, then the Proxy Service will talk to users and mailboxd on https. For this to work, mailboxd needs to be configured to use the https protocol as well, and that attribute is zimbraMailMode.

I'm guessing the root cause of your problem is more than just getting the Proxy Service to redirect, or to open up a port in your firewall, so I'd like to suggest this wiki: https://wiki.zimbra.com/wiki/Enabling_Z ... ng_servers for detailed information in the section about how to configure proxy in an existing environment.

Hope that helps,
Mark

[erni84]

Thank you Mark for the assistance. I will try it out and hopefully it will turns out well. Will the incorrect configuration affect the traffic in the mail server now? And how should it looked like (by running command zmprov gs) after proxy being configured correctly? Sorry, I'm new to this.

[L. Mark Stone]

The MTA side of things should be just fine as is, so the server will continue to receive mail OK, and smtp-auth users (port 587/465) should still be able to send email.

But given the current state of this, I’d not worry about what good settings zmprov gs should return and instead I’d focus on running the suite of proxy configure commands in the wiki to get everything back to working order.

Not sure I saw what version you are running, but if Network Edition you are totally entitled to open a Support Case and get help for something like this.

All the best,
Mark