Nginx in front of Zarafa-Apache. Issue with Z-Push service

Nagaraja75

Hey folks,

I have a vm using zarafa mail and webapp based on Apache. I will soon update to kopano but in the while, in our company we are re-arranging inbound request always passing throught twin reverse proxies with Nginx (nginx-full package).

I was able to get webapp working both with http and https. Real problem is z-push service.

Since Z-push use OPTIONS over android, it always return an error 405. Somewhere on the i found how to handle this error with nginx, so i put in my config

server {
        listen 443 ssl http2;
        ...
                error_page 405 =200 @405;
                location @405 {
                        root /;      
                        proxy_pass https://mail.comoalt.com;
                }
                ....
                ....
}        

In this way, log reports a status 200 like this

[20/Oct/2020:18:09:02 +0200] 162.158.38.31 - mail.comoalt.com\x5Cpinotto - mail.comoalt.com (mail.comoalt.com) to: mail.comoalt.com:443: 200 OPTIONS /Microsoft-Server-ActiveSync?Cmd=Options&User=mail.comoalt.com%5Cpinotto&DeviceId=60b3bc584fb544a1b835ae3a866ef4e7&DeviceType=Outlook HTTP/1.1 upstream_response_time 0.008 msec 1603210142.324 request_time 0.008

Instead on the apache error log over the zarafa box, i can find

[Tue Oct 20 18:09:02.328089 2020] [core:error] [pid 28571] [client XXX.XXX.XXX.XXX:35854]  script '/var/www/html/index.php' not found or unable to stat

I tried to use a symlink to solve but using same request i get

Symbolic link not allowed or link target not accessible: /var/www/html/index.php

I did not find any useful resource around about how to reverse proxy zarafa/kopano z-push service with nginx.
Also i read that Apache Alias, where /Microsoft-Server-ActiveSync resides, are a bit odd to work with.

Any help is well appreciated.

fbartels

Hi @Nagaraja75,

an example Nginx proxy configuration can be found in the old webmeetings manual: https://documentation.kopano.io/web_meetings_manual/configuration.html#configuring-nginx

While that example does not include Z-Push, this can be achieved by copying the WebApp block, so your final z-push instructions (for z-push itself, for Autodiscover I leave that to you):

        location /Microsoft-Server-ActiveSync {
                proxy_pass http://localhost:8000;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

I have not yet seen a system where the 405 http code needed to be modified.

Nagaraja75

Hello fbartel,

you enlightened me about status 405. So i removed that intercept and deeply cleaned the configuration and i finally got it working.

So the strict configuration you pasted runs perfectly for Z-push reverse proxy.

Thanks a lot

Walter