How to build zimbra nginx?

Have a great idea for extending Zimbra? Share ideas, ask questions, contribute, and get feedback.
Post Reply
rainer_d
Advanced member
Advanced member
Posts: 96
Joined: Fri Sep 12, 2014 11:40 pm

How to build zimbra nginx?

Post by rainer_d »

Hi,

I realized the "build.sh" script doesn't actually build nginx but downloads the package.

It's basically here:

https://github.com/Zimbra/packages/tree ... arty/nginx

However, when I try to build that according to the README(s),

Code: Select all

[rainer@zimbra-build nginx]$ make build
sudo yum -y install zimbra-base zimbra-openssl-devel zimbra-cyrus-sasl-devel
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: linuxsoft.cern.ch
 * epel: it1.mirror.vhosting-it.com
 * extras: linuxsoft.cern.ch
 * updates: linuxsoft.cern.ch
Nothing to do
mkdir -p /home/rainer/packages/thirdparty/nginx/build/RHEL7_64
cp -prf zimbra-* /home/rainer/packages/thirdparty/nginx/build/RHEL7_64
cd /home/rainer/packages/thirdparty/nginx/build/RHEL7_64/zimbra-nginx/rpm && \
  perl -pi -e 's|VERSION|1.24.0|g; s|ITERATION|1zimbra8.8b1|g; s|PKG_OS_TAG|r7|g; s|ZAPPEND|.el7|g' SPECS/nginx.spec && \
  perl -pi -e 's|OZCLE|/opt/zimbra/common/libexec|g; s|OZCB|/opt/zimbra/common/bin|g; s|OZCE|/opt/zimbra/common/etc|g; s|OZCI|/opt/zimbra/common/include|g; s|OZCL|/opt/zimbra/common/lib|g; s|OZCS|/opt/zimbra/common/share|g; s|OZC|/opt/zimbra/common|g;' SPECS/nginx.spec && \
mkdir -p BUILD BUILDROOT RPMS SOURCES SRPMS && \
cp /home/rainer/packages/thirdparty/nginx/build/RHEL7_64/src/zimbra-nginx-1.24.0.tar.gz SOURCES/ && \
cp /home/rainer/packages/thirdparty/nginx/patches/*.patch SOURCES/ && \
rpmbuild -v --define "_topdir $PWD" -ba SPECS/nginx.spec
cp: cannot stat ‘/home/rainer/packages/thirdparty/nginx/build/RHEL7_64/src/zimbra-nginx-1.24.0.tar.gz’: No such file or directory
make: *** [build_rpm] Error 1
[rainer@zimbra-build nginx]$ 

ghen
Outstanding Member
Outstanding Member
Posts: 273
Joined: Thu May 12, 2016 1:56 pm
Location: Belgium
ZCS/ZD Version: 9.0.0

Re: How to build zimbra nginx?

Post by ghen »

First run "make getsrc".
rainer_d
Advanced member
Advanced member
Posts: 96
Joined: Fri Sep 12, 2014 11:40 pm

Re: How to build zimbra nginx?

Post by rainer_d »

ghen wrote: Wed May 15, 2024 4:59 pm First run "make getsrc".
OK, thanks!

Now, when I install the package, the nginx binary can't bind to port 143 anymore.
Even with an unchanged configuration.

Worse, even if I reinstall the original binary, it can't bind to Port 143 anymore.
I thought it was selinux - but I put it into permissive mode (CentOS 7) and it still couldn't bind.

Had to revert the snapshot....

Now, the really funny thing is that apparently, nginx builds the real_ip module for the mail-part anyway, regardless of what you tell it on the http-side.

So, you can just use it with the original binary....

Still doesn't solve the http problem...
ghen
Outstanding Member
Outstanding Member
Posts: 273
Joined: Thu May 12, 2016 1:56 pm
Location: Belgium
ZCS/ZD Version: 9.0.0

Re: How to build zimbra nginx?

Post by ghen »

There was a recent change to both OpenLDAP and nginx to no longer be started with sudo, but use CAP_NET_BIND_SERVICE capability for unprivileged users/binaries to bind privileged ports.
I think only the ldap change was part of the package, and the nginx change had to be applied manually from documentation on the support portal (quite messy). Did you apply that earlier, but not again after your upgrade?
rainer_d
Advanced member
Advanced member
Posts: 96
Joined: Fri Sep 12, 2014 11:40 pm

Re: How to build zimbra nginx?

Post by rainer_d »

I never applied this (network edition).
Maybe because I skipped an update and it was included in later version.

I tried to terminate SSL on haproxy and added the IP of the haproxy server to the "zimbraMailTrustedIP" list - but that doesn't make it appear in log files either.

I believe you need the real_ip module, still.
rainer_d
Advanced member
Advanced member
Posts: 96
Joined: Fri Sep 12, 2014 11:40 pm

Re: How to build zimbra nginx?

Post by rainer_d »

zmfixperms fixed that.
User avatar
barrydegraaff
Zimbra Employee
Zimbra Employee
Posts: 248
Joined: Tue Jun 17, 2014 3:31 am
Contact:

Re: How to build zimbra nginx?

Post by barrydegraaff »

--
Barry de Graaff
Email: barry.degraaff [at] synacor [dot] com
Admin of Zimbra-Community Github: https://github.com/orgs/Zimbra-Community/ and the
Zimlet Gallery https://gallery.zetalliance.org/extend/
rainer_d
Advanced member
Advanced member
Posts: 96
Joined: Fri Sep 12, 2014 11:40 pm

Re: How to build zimbra nginx?

Post by rainer_d »

Thanks, Barry.

Strange enough, this never came up with my google searches - and I did search.
Maybe it will be better now that you've linked from it here ;-)

I believe running Zimbra behind HAproxy without transparent proxying is not a totally uncommon or unusual request and it should be easier.
I would assume, your containerized product that I believe runs the cloud also uses haproxy...

I've done this before (haproxy in front of nginx in front of apache with PHP) and it has never been such a problem to get it "right".
So I really wonder what I am missing.

I will go over the configuration once more...
Post Reply