Issues setting up Zammad behind Application Firewall

Infos:

  • Used Zammad version: Latest
  • Used Zammad installation source: (source, package, …) : apt
  • Operating system: Ubuntu 18
  • Browser + version: Chrome / Firefox Version: Latest

Expected behavior:

All SSL connections should terminate on the firewall. The Firewall request web content from the Zammad Webserver. The firewall serves web content on behalf of the zammad server
*

Actual behavior:

A loading page is displayed when the Sites-Available configuration is changed.

Configuration Lines changed:

from server_name x.x.x.x[private IP];
to server_name example.com;

from location /
to location /support/

Please see below sites available config file:

upstream zammad-railsserver {
server 127.0.0.1:3000;
}

upstream zammad-websocket {
server 127.0.0.1:6042;
}

server {
listen 80;

# replace 'localhost' with your fqdn if you want to use zammad from remote
server_name example.com;

root /opt/zammad/public;

access_log /var/log/nginx/zammad.access.log;
error_log  /var/log/nginx/zammad.error.log;

client_max_body_size 50M;

location ~ ^/(assets/|robots.txt|humans.txt|favicon.ico) {
    expires max;
}

location /ws {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header CLIENT_IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_read_timeout 86400;
    proxy_pass http://zammad-websocket;
}

location /support/ {
    proxy_set_header Host $http_host;
    proxy_set_header CLIENT_IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_read_timeout 300;
    proxy_pass http://zammad-railsserver/;

    gzip on;
    gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
    gzip_proxied any;
}

}

My logs are showing 404 errors when trying to load assests when i go to example.com/support. Am i missing configuration in a file required to make this work?

Please see below logs:

192.168.1.100 - - [15/Dec/2019:03:20:17 +0000] “GET /support/ HTTP/1.1” 404 152 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0”
192.168.1.100 - - [15/Dec/2019:03:20:17 +0000] “GET /support/ HTTP/1.1” 404 152 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0”

192.168.1.100 - - [15/Dec/2019:03:09:43 +0000] “GET /ws HTTP/1.1” 404 209 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36”
192.168.1.100 - - [15/Dec/2019:03:09:52 +0000] “GET /ws HTTP/1.1” 404 209 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36”

Note: 192.168.1.100 is the WAF

Key things to note:

When i swap the servername in the sites-available file back to private IP and navigate to 10.150.150.15/support the server serves the page appropriately. There is only issue when i utilize a hostname instead of the private IP.

please see below logs:

192.168.1.200 - - [15/Dec/2019:03:22:54 +0000] “POST /support/api/v1/knowledge_bases/init HTTP/1.1” 200 402 “http://10.150.150.15/support/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0”

192.168.1.200 - - [15/Dec/2019:03:32:55 +0000] “POST /support/api/v1/knowledge_bases/init HTTP/1.1” 200 402 “http://10.150.150.15/support/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0”

I am looking for help with this and I believe there is a minor config change that need to occur

Zammad does not support subfolder usuage at the moment.
/support needs to be changed to /

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.