Scalix Forums

Hi,

I have an issue logging into webmail servers via the reverse proxy.

We have 5 webmail servers located at various locations in our domain.When we log in on those servers from inside the network all is hunky dory. The problem arises when we come from the outside via the reverse proxy. Please find the reverse proxy apache config entires for the all the webmail servers.

ProxyPass /webmail/ http://bismuth.telecity1.uk.ssp:/webmail/
ProxyPass /webmail-tc/ http://bismuth.telecity1.uk.ssp:/webmail/
ProxyPass /webmail-man/ http://webmail-man.manchester.uk.ssp:/webmail/
ProxyPass /webmail-eu/ http://webmail-eu.euston.uk.ssp:/webmail/
ProxyPass /webmail-rb/ http://webmail-rb.rubery.uk.ssp:/webmail/
ProxyPass /webmail-wb/ http://webmail-wb.weybridge.uk.ssp:/webmail/

Now when users login to any of the webmail servers i.e webmail-eu, webmail-rb, webmail-wb and webmail -man coming from outside via the revproxy, the servers lookup the /webmail path on the revproxy config and then use http://bismuth.telecity1.uk.ssp:/webmail/ to log in. I have tested this by changing the /webmail entry to one of the webmail servers and its fine. This defeats our purpose of building webmail servers at each location as we wanted to reduce the brokering load on one webmail server(bismuth).

Is there a way of configuring the webmail servers to look up their own entries on the rev-proxy config rather than the default /webmail entry so that they broker their own sessions rather than piling them all on bismuth. So at logon webmail-eu server looks up /webmail-eu path, webmail-man server looks up /webmail-man path and so on.

I have tried playing around with the 2 scalix-tomcat directories with no luck:
/etc/opt/scalix-tomcat/connector/ajp and /etc/opt/scalix-tomcat/connector/jk

Hope I have been clear. Any help wll me much appreciated as im on my wit's end as to how to resolve this?

Regards,

Shouvik Bakshi
SSPUk

This looks complicated. May I ask why you dont make use of one central SWA in conjunction with a plain multi-server setup (using IMAP-referrals)? Your company name indicates that you have an Enterprise license which would allow this scenario.

Many thanks for your speedy response!

We already have that. We have one webmail server i.e bismuth which polls all the individual scalix servers at different locations. But that makes the brokering very slow as the webmail server is at one location and and the the scalix servers are at their respecive locations and hence the webmail sessions are extremely slow.

Which is why we are working towards this solution where we have a landing page which lists links pointing to the respective webmail servers and then the webmail sessions then run on each webmail server. This works brilliantly internally (we have an internal landing page as well) but not externally as explained in my last post.

Is there no way of getting the webmail servers to look up their respective webmail paths on the revproxy, even if there is a complicated way of doing so.

Regards,

Shouvik Bakshi
SSPUK

Hi,

Further on this issue, I have built a test reverse proxy server and have deleted the webmail entry in the reverse proxy so that the webmail servers are forced not to use the webmail enrty path in the config.

But now when I try and log into any webmail server it gives off error ; "The server failed to send back a valid XML response".

Is Java crashing out and causing an error.

I am desperate to get this working. Please help!!!!

Regards,

Shouvik

Have you tried using squid a the proxy server? I haven't tried it with Scalix Web Access, but i have used it with various other web services and it usually worked OK?

An easier solution may be to create a list of links on the external server that will link you directly to the closest server. So if you want the EU server you go to https://mail.company.eu/webmail and if you want to go to the GB server you go to https://mail.company.co.uk/webmail. This will also allow for connections when your primary server is congested, because the users can directly bookmark the pages. If you aren't adverse to some PHP scripting you may even autoselect a server and redirect the user appropriately, if you have a way to figure out on which server his user is.

I prefer using a connection directly via AJP to tomcat, instead of using a HTTP proxy directive. It feels a bit faster, though I may be wrong. And it's also possibe that /webmail is hardcoded into the AJAX request (haven't tested this yet). In that case the data in the request and the JavaScript will have to be rewritten too, not just the URL.