Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » OS X Server web proxy and Kerio Connect (Conflict of Kerio and OS X Server version 5.0.4)
  •  
tv

Messages: 11
Karma: 0
Send a private message to this user
After updating OS X Server to version 4, there is a conflict on ports 80 and 443 - these ports are occupied by apache2 web proxy, configured by OS X server update.

@KERIO: Is there available a guideline from how to properly configure OS X Server web proxy to co-existent with Kerio Connect?

Or does anybody have gone already through the configuration and can share the experience?
Thanks.
  •  
anarvey

Messages: 36
Karma: 5
Send a private message to this user
First off you will need the newly released OS X Server 5.1.5.

Then check out the Reverse Proxy Tutorial in the tutorials section of the RAIS page:

http://rais.precursor.ca

This describes how to do it for Server 3, 4 and 5.

I will be posting revisions to the tutorial later today (version 1.0.10)
  •  
Brian Carmichael (Kerio)

Messages: 645
Karma: 65
Send a private message to this user
If you have Kerio Control, you can use the reverse proxy feature. http://kb.kerio.com/product/kerio-control/proxy-server/confi guring-the-reverse-proxy-1568.html

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
tv

Messages: 11
Karma: 0
Send a private message to this user
Hi Brian,

Thank you for your prompt reaction.

However, problem is different: With the Apple update of OS X Server, Apple introduced an apache2 proxy, which is started automatically by default and cannot be disabled from server application interface. This proxy occupies ports 80 and 443 and thus blocking Kerio.

This is a situation which will occur to every customer running Kerio on OS X Server - the server update is offered for Yosemite users (not just for El Capitano early adopters) and there is no warning about such crucial change. The documentation on proper proxy configuration is not provided.
  •  
Brian Carmichael (Kerio)

Messages: 645
Karma: 65
Send a private message to this user
If you need to keep the MacOS web server running, then you need to set the HTTP / HTTPS ports in Kerio Connect to run on an alternative port number.
You can use the reverse proxy in Kerio Control to redirect to the different port based on the requested hostname.
You can configure the same behavior with a different reverse proxy (probably the one in MacOS) but for that configuration you might consider a different forum.

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
tv

Messages: 11
Karma: 0
Send a private message to this user
Changing default Kerio ports 80 and 443 to something else is not an solution, at least 443 is a standard port for ActiveSync and EWS and thus to change it is not feasible. I can imagine some redirection on Kerio Control from standard ports to non standard ports set on Kerio Connect, however - many customers (including me) will not be running Kerio Control or will not find as feasible to play with redirections on firewall just to overcome a conflict. The solution is either in configuration of Apple OS X Server proxy (like proposed by Anarvey) or simply by disabling it.

Is there anybody from Kerio team doing a regression testing on OS X when new OS updates are out?

I will look at Anarvey contribution, this looks promissing - however a bit overkill for my purpose - we run Kerio behind Juniper firewall and the best would be just disable the proxy, introduced by OS X Server update...

Thanks for sharing your ideas!
  •  
anarvey

Messages: 36
Karma: 5
Send a private message to this user
ActiveSync will work using the the method of reverse proxy for OS X Server in the RAIS page tutorial mentioned earlier in this thread.

OS X Server will pass ports 80 and 443 to the ports I chose for Kerio (8003 and 8013) and client software seems to have no issues.

Of course, this is neither tested by nor recommended by Kerio.

I have just had to employ it some circumstances where clients could only host Kerio Connect on the OS X server.

When starting from scratch I now recommend they purchase a separate and non Server Mac to host Kerio Connect.
  •  
Pavel Dobry (Kerio)

Messages: 5228
Karma: 251
Send a private message to this user
anarvey wrote on Wed, 28 October 2015 21:12

I have just had to employ it some circumstances where clients could only host Kerio Connect on the OS X server.


We do regression testing for new Kerio Connect builds. New supported systems (like new OS X) is not "regression" per se. We usually inform about potential conflicts in our Knowledge Base or in this forum. For Kerio Connect we recommend to use dedicated server with no conflicting software. I recommend to not use OS X Server to host any other service as the system cannot be easily configured for running another server software without conflicting on network port level.
  •  
sfpete

Messages: 151
Karma: 8
Send a private message to this user
TV - do you need Apache to continue to function in this instance?

Or are you just trying to stop it all-together, so Kerio Connect can continue to function normally?
  •  
tv

Messages: 11
Karma: 0
Send a private message to this user
Hi sfpete, in a short term, I am willing regularly disable Apache proxy. I have stopped Apache in a "dirty way" as update has been installed on a live server and I had to re-enable Kerio within minutes in order to reestablish mail services. I will be happy to learn how to disable Apache proxy on OS X Server 5 properly (I have a Juniper FW sitting in front of Kerio, so additional proxy is not necessary).
Thanks.
Previous Topic: SSL/TLS domainfactory Port 25/465 relay smtp server
Next Topic: Webmail: DoS vulnerability via client-initiated renegotiation
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon May 01 06:15:17 CEST 2017

Total time taken to generate the page: 0.01084 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.