ZCS 8.8 upgrade failed with IPv6 enabled

Ask questions about your setup or get help installing ZCS server (ZD section below).
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

ZCS 8.8 upgrade failed with IPv6 enabled

Post by phoenix »

This was an upgrade from ZCS 8.7.11 and the proxy refuses to start and gives the following error:

Code: Select all

Stopping proxy...proxy is not running.
Starting proxy...nginx: [emerg] duplicate listen options for [::]:443 in /opt/zimbra/conf/nginx/includes/nginx.conf.web.https.default:25
failed.
I did run the command from this article before the upgrade: https://wiki.zimbra.com/wiki/IPv6_Issue ... mbra-proxy

BTW, that article has an incorrect path, Step 2 in the solutions has zimbra spelled as /opt/zimbraa
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
ajcody
Advanced member
Advanced member
Posts: 53
Joined: Fri Sep 12, 2014 11:26 pm
Location: Michigan
Contact:

Re: ZCS 8.8 upgrade failed with IPv6 enabled

Post by ajcody »

phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: ZCS 8.8 upgrade failed with IPv6 enabled

Post by phoenix »

Thanks Adam, I'll add my comment to that - I would have thought that might get a mention in the release notes as the use of IPv6 is increasing.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2782
Joined: Thu May 22, 2014 4:47 pm

Re: ZCS 8.8 upgrade failed with IPv6 enabled

Post by jorgedlcruz »

I remember something like this testing, can you please run a yum update or apt-get update/upgrade and see if you have a new nginx module?

Best regards
Jorge de la Cruz https://jorgedelacruz.es
Systems Engineer at Veeam Software https://www.veeam.com/
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: ZCS 8.8 upgrade failed with IPv6 enabled

Post by phoenix »

That would be a "dnf update". :)

Nothing is available and this is the currently installed version:

Code: Select all

dnf info zimbra-nginx
Last metadata expiration check: 0:00:24 ago on Wed Sep 06 20:49:47 2017 CEST.
Installed Packages
Name         : zimbra-nginx
Version      : 1.7.1
Release      : 1zimbra8.7b7.el7
Arch         : x86_64
Size         : 1.3 M
Source       : zimbra-nginx-1.7.1-1zimbra8.7b7.el7.src.rpm
Repo         : @System
From repo    : zimbra
Summary      : Zimbra's nginx build
URL          : http://nginx.org
License      : MIT
Description  : The Zimbra nginx build
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: ZCS 8.8 upgrade failed with IPv6 enabled

Post by phoenix »

ajcody wrote:Not a package issue, it's a problem with what is being done to the configuration file.

[zimbra irc]
(8:53:48 AM) barrydg: maxxer: Now we could upgrade...
(8:54:29 AM) maxxer: no I cannot, there's a bug on IPv6 proxy
(8:54:41 AM) maxxer: https://bugzilla.zimbra.com/show_bug.cgi?id=108293
(8:55:13 AM) barrydg: Ahh
(8:55:15 AM) barrydg: Nice
(8:55:57 AM) maxxer: luckily I spotted it with a random install
(8:56:12 AM) maxxer: rather easy to fix, just remove the first stanza of the configuration
I assume that means from the template file as the config is rewritten when you start the proxy?
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
ajcody
Advanced member
Advanced member
Posts: 53
Joined: Fri Sep 12, 2014 11:26 pm
Location: Michigan
Contact:

Re: ZCS 8.8 upgrade failed with IPv6 enabled

Post by ajcody »

Not a package issue, it's a problem with what is being done to the configuration file.

[zimbra irc]
(8:53:48 AM) barrydg: maxxer: Now we could upgrade...
(8:54:29 AM) maxxer: no I cannot, there's a bug on IPv6 proxy
(8:54:41 AM) maxxer: https://bugzilla.zimbra.com/show_bug.cgi?id=108293
(8:55:13 AM) barrydg: Ahh
(8:55:15 AM) barrydg: Nice
(8:55:57 AM) maxxer: luckily I spotted it with a random install
(8:56:12 AM) maxxer: rather easy to fix, just remove the first stanza of the configuration
ajcody
Advanced member
Advanced member
Posts: 53
Joined: Fri Sep 12, 2014 11:26 pm
Location: Michigan
Contact:

Re: ZCS 8.8 upgrade failed with IPv6 enabled

Post by ajcody »

Not 100% sure, Maxxer and Barry are still talking about it now in IRC. Barry just asked him if he had a patch or would submit one for the bug.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: ZCS 8.8 upgrade failed with IPv6 enabled

Post by phoenix »

ajcody wrote:Not 100% sure, Maxxer and Barry are still talking about it now in IRC. Barry just asked him if he had a patch or would submit one for the bug.
Yes, it's the template that's the problem. I've just done the following on a test server and it came up fine:

Change to the templates directory and save a copy of the original file.

Code: Select all

cd /opt/zimbra/conf/nginx/templates

cp nginx.conf.web.https.default.template nginx.conf.web.https.default.template.original
Edit the following file and remove the first stanza i.e. just the code in the box below:

vi nginx.conf.web.https.default.template

Code: Select all

server {
    ${core.ipboth.enabled}listen                  [::]:${web.https.port} default_server ipv6only=off;
    ${core.ipv4only.enabled}listen                ${web.https.port} default_server;
    ${core.ipv6only.enabled}listen                [::]:${web.https.port} default_server;

    ssl                     on;
    ssl_protocols           ${web.ssl.protocols};
    ssl_prefer_server_ciphers ${web.ssl.preferserverciphers};
    ssl_session_cache       ${ssl.session.cachesize};
    ssl_session_timeout     ${ssl.session.timeout};
    ssl_ciphers             ${web.ssl.ciphers};
    ssl_ecdh_curve          ${web.ssl.ecdh.curve};
    ssl_certificate         ${ssl.crt.default};
    ssl_certificate_key     ${ssl.key.default};
    ssl_verify_client       ${ssl.clientcertmode.default};
    ssl_verify_depth        ${ssl.clientcertdepth.default};
    ${web.ssl.dhparam.enabled}ssl_dhparam             ${web.ssl.dhparam.file};
    return 444;
}
zmprov ms `zmhostname` zimbraIPMode both ; /opt/zimbra/libexec/zmiptool ; zmcontrol restart - that should all start correctly.

Mind you, I haven't yet tested it with any email - I'll be back with an answer soon.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: ZCS 8.8 upgrade failed with IPv6 enabled

Post by phoenix »

That's a more elegant solution than mine, I tend to go for the sledgehammer approach as I'm a novice. :) I'll try your patch shortly and post back here.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
Post Reply