Hi there,
while migrating a company to grommunio I noticed that the webinterface (which has to be reached over nginx as reverse proxy) is terribly slow – most requests end in "Gateway timeout 504". Looking in the browser console I see stuff like this:
This is not a big mailbox – it only contains a few mails and there are no shared mailboxes attached to it. So the number of mails can not be the cause.
If I click on the folders like this (Inbox, Outbox, Sent, Inbox and so on) the spinner is spinning for almost all time and for every click another four requests are added to the queue which all get a timeout after exactly 60 seconds:
There are no errors in any of the logs in grommunio so it seems the root cause is the reverse proxy setup or the grommunio nginx which is slow. Grommunio is mostly idle.
Here's the reverse proxy configuration in front of grommunio – I already played around with the keepalive, keepalive_timeout, proxy_buffering and proxy_request_buffering parameters according to some tutorials on the web. Result: Nothing changed.
upstream grommunio01-web1 {
server 10.0.0.30:443;
keepalive 2;
keepalive_timeout 3h;
# keepalive_requests 50;
# keepalive_timeout 60s;
}
upstream grommunio01-web2 {
server 10.0.0.30:8443;
keepalive 2;
keepalive_timeout 3h;
# keepalive_requests 50;
# keepalive_timeout 60s;
}
# Redirect HTTP requests to HTTPS
server {
listen 80;
listen [::]:80;
server_name mail.domain.de autodiscover.domain.de;
error_log /var/log/nginx/error_80_mail.domain.de.log;
access_log /var/log/nginx/access_80_mail.domain.de.log;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# CHANGE-SERVER-NAME-HERE
server_name mail.domain.de autodiscover.domain.de;
# !!! WILDCARD SSL CERTIFICATE !!!
ssl_certificate /etc/ssl/mail.domain.de.pem;
ssl_certificate_key /etc/ssl/mail.domain.de.key;
include ssl_params;
# CHANGE-SERVER-NAME-HERE
error_log /var/log/nginx/error_443_mail.domain.de.log;
access_log /var/log/nginx/access_443_mail.domain.de.log;
charset utf-8;
# client_max_body_size 50m;
# Set global proxy settings
proxy_read_timeout 3h;
proxy_http_version 1.1;
proxy_buffering off; # Some tutorial says this is not recommended
proxy_request_buffering off; # Some tutorial says this is not recommended
proxy_pass_request_headers on;
proxy_pass_header Date;
proxy_pass_header Server;
proxy_pass_header Authorization;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Accept-Encoding "";
proxy_set_header Connection "Keep-Alive";
#more_set_input_headers 'Authorization: $http_authorization';
#more_set_headers -s 401 'WWW-Authenticate: Basic realm="10.0.0.30"';
client_max_body_size 0;
location /web { proxy_pass https://grommunio01-web1/web; }
location /chat { proxy_pass https://grommunio01-web1/chat; }
location /meet { proxy_pass https://grommunio01-web1/meet; }
location /files { proxy_pass https://grommunio01-web1/files; }
location /archive { proxy_pass https://grommunio01-web1/archive; }
location / { proxy_pass https://grommunio01-web2/; }
location /owa { proxy_pass https://grommunio01-web2/owa; }
location /OWA { proxy_pass https://grommunio01-web2/owa; }
location /EWS { proxy_pass https://grommunio01-web2/EWS; }
location /ews { proxy_pass https://grommunio01-web2/EWS; }
location /Microsoft-Server-ActiveSync { proxy_pass https://grommunio01-web2/Microsoft-Server-ActiveSync; }
location /mapi { proxy_pass https://grommunio01-web2/mapi; }
location /MAPI { proxy_pass https://grommunio01-web2/mapi; }
location /rpc { proxy_pass https://grommunio01-web2/Rpc; }
location /RPC { proxy_pass https://grommunio01-web2/Rpc; }
location /oab { proxy_pass https://grommunio01-web2/OAB; }
location /OAB { proxy_pass https://grommunio01-web2/OAB; }
location /autodiscover { proxy_pass https://grommunio01-web2/Autodiscover; }
location /Autodiscover { proxy_pass https://grommunio01-web2/Autodiscover; }
}
And of course I did restart nginx after changing the configuration with systemctl restart nginx
.
Any hint appreciated
Some of the tutorials / guides I followed:
https://community.grommunio.com/d/291-grommunio-with-a-nginx-reverse-proxy-in-front
https://community.grommunio.com/d/91-solved-nginx-reverse-proxy
https://docs.nginx.com/nginx/deployment-guides/load-balance-third-party/microsoft-exchange/
https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes/