This Zimbra upgrade drove me crazy:

- You need memchache and reverse proxy installed and active

- zimbraReverseProxySSLToUpstreamEnabled is enforced
  if ssl cert is not matching server name, ldaps querys fail
  no useable infos on zimbra page for single server instances (do they really need ssl for localhost querys :)

hope this helps ... looks so easy ... took me hours :-(

cheers

 

ssh -lroot mail01
vi /etc/rc.local
------
/sbin/iptables -I INPUT 1 -s 10.1.12.111 -j ACCEPT # my workstation
/sbin/iptables -I INPUT 2 -s 10.1.1.101 -j ACCEPT  # this mailserver 
/sbin/iptables -I INPUT 3 -s 10.1.1.24 -j ACCEPT   # monitoring
/sbin/iptables -I INPUT 4 -s 127.0.0.0/8 -j ACCEPT # guess
/sbin/iptables -I INPUT 5 -p tcp -m multiport --destination-ports 25,110,143,443,587,993,995 -j REJECT # block other traffic 
------

# start it now
/sbin/iptables -I INPUT 1 -s 10.1.12.111 -j ACCEPT # my workstation
/sbin/iptables -I INPUT 2 -s 10.1.1.101 -j ACCEPT  # this mailserver 
/sbin/iptables -I INPUT 3 -s 10.1.1.24 -j ACCEPT   # monitoring
/sbin/iptables -I INPUT 4 -s 127.0.0.0/8 -j ACCEPT # guess
/sbin/iptables -I INPUT 5 -p tcp -m multiport --destination-ports 25,110,143,443,587,993,995 -j REJECT # block other traffic 

# create VM snapshot

root@mail01:~/update/zcs-NETWORK-8.6.0_GA_1153.UBUNTU12_64.20141215195643# dpkg -i ./packages/zimbra-memcached_8.6.0.GA.1153.UBUNTU12.64_amd64.deb ./packages/zimbra-proxy_8.6.0.GA.1153.UBUNTU12.64_amd64.deb
root@mail01:~/update/zcs-NETWORK-8.6.0_GA_1153.UBUNTU12_64.20141215195643# su - zimbra
zimbra@mail01:~$ zmcontrol restart

zimbra@mail01:~$ zmprov gs mail01.domain.ch zimbraReverseProxySSLToUpstreamEnabled
# name mail01.domain.com
zimbraReverseProxySSLToUpstreamEnabled: TRUE

zimbra@mail01:~$ ./libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both  -H `zmhostname`
zimbra@mail01:~$ zmproxyctl restart


root@mail01:~/update/zcs-NETWORK-8.7.1_GA_1670.UBUNTU12_64.20161025050804# lsof -i :443
COMMAND   PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   16695 zimbra   11u  IPv4 356460      0t0  TCP *:https (LISTEN)
...


root@mail01:~/update/zcs-NETWORK-8.7.1_GA_1670.UBUNTU12_64.20161025050804# lsof -i :80
COMMAND   PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   16695 zimbra   10u  IPv4 356459      0t0  TCP *:http (LISTEN)
...


root@mail01:~/update/zcs-NETWORK-8.7.1_GA_1670.UBUNTU12_64.20161025050804# su - zimbra
zimbra@mail01:~$ zmprov ms `zmhostname` +zimbraServiceEnabled memcached
zimbra@mail01:~$ zmcontrol restart


root@mail01:~/update/zcs-NETWORK-8.7.1_GA_1670.UBUNTU12_64.20161025050804# lsof -i :11211
   COMMAND    PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
   memcached 2383 zimbra   26u  IPv4 451107      0t0  TCP *:11211 (LISTEN)
   ...

# ldap can not be accessed after upgrade:
# Unable to start TLS: hostname verification failed when connecting to ldap master
# do this before upgrade
zimbra@mail01:~$ zmprov ms  `zmhostname` zimbraReverseProxySSLToUpstreamEnabled FALSE

root@mail01:~/update/zcs-NETWORK-8.7.1_GA_1670.UBUNTU12_64.20161025050804#
    cd ~/update/zcs-NETWORK-8.7.1_GA_1670.UBUNTU12_64.20161025050804
   ./install.sh --skip-activation-check --skip-upgrade-check