Nginx in front of Zarafa-Apache. Issue with Z-Push service


  • Hey folks,

    I have a vm using zarafa mail and webapp based on Apache. I will soon update to kopano but in the while, in our company we are re-arranging inbound request always passing throught twin reverse proxies with Nginx (nginx-full package).

    I was able to get webapp working both with http and https. Real problem is z-push service.

    Since Z-push use OPTIONS over android, it always return an error 405. Somewhere on the i found how to handle this error with nginx, so i put in my config

    server {
            listen 443 ssl http2;
            ...
                    error_page 405 =200 @405;
                    location @405 {
                            root /;      
                            proxy_pass https://mail.comoalt.com;
                    }
                    ....
                    ....
    }        
    

    In this way, log reports a status 200 like this

    [20/Oct/2020:18:09:02 +0200] 162.158.38.31 - mail.comoalt.com\x5Cpinotto - mail.comoalt.com (mail.comoalt.com) to: mail.comoalt.com:443: 200 OPTIONS /Microsoft-Server-ActiveSync?Cmd=Options&User=mail.comoalt.com%5Cpinotto&DeviceId=60b3bc584fb544a1b835ae3a866ef4e7&DeviceType=Outlook HTTP/1.1 upstream_response_time 0.008 msec 1603210142.324 request_time 0.008
    

    Instead on the apache error log over the zarafa box, i can find

    [Tue Oct 20 18:09:02.328089 2020] [core:error] [pid 28571] [client XXX.XXX.XXX.XXX:35854]  script '/var/www/html/index.php' not found or unable to stat
    

    I tried to use a symlink to solve but using same request i get

    Symbolic link not allowed or link target not accessible: /var/www/html/index.php
    

    I did not find any useful resource around about how to reverse proxy zarafa/kopano z-push service with nginx.
    Also i read that Apache Alias, where /Microsoft-Server-ActiveSync resides, are a bit odd to work with.

    Any help is well appreciated.

  • Kopano

    Hi @Nagaraja75,

    an example Nginx proxy configuration can be found in the old webmeetings manual: https://documentation.kopano.io/web_meetings_manual/configuration.html#configuring-nginx

    While that example does not include Z-Push, this can be achieved by copying the WebApp block, so your final z-push instructions (for z-push itself, for Autodiscover I leave that to you):

            location /Microsoft-Server-ActiveSync {
                    proxy_pass http://localhost:8000;
                    proxy_http_version 1.1;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection $connection_upgrade;
                    proxy_set_header X-Forwarded-Proto $scheme;
                    proxy_set_header Host $http_host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }
    

    I have not yet seen a system where the 405 http code needed to be modified.


  • Hello fbartel,

    you enlightened me about status 405. So i removed that intercept and deeply cleaned the configuration and i finally got it working.

    So the strict configuration you pasted runs perfectly for Z-push reverse proxy.

    Thanks a lot

    Walter