2ajon20%8 Zimbra Proxy Manvatinsialing, Configuring, Disabling the Zibra Prony = Zim Tech Center Zimbra Proxy Manual:Installing , Configuring, Disabling the Zimbra Proxy 1. Zimbra Tech Center 2. Centified 3. Zimbra Proxy Manual:Installing , Configuring, Disabling the Zimbra Proxy Zimbra Proxy: Installing , Configuring, Disabling the Zimbra Proxy = This article is a Work in Progress, and may be unfinished or missing sections, General Proxy Overview Overview And Planning | Installing , Configuring, Disabling |Zimbra Proxy Related _| Troubleshooting For Zimbra Proxy the Zimbra Proxy CLI Commands Zimbra Proxy Advanced Topics Configuration And Template | Advanced Proxy Miscellaneous Zimbra Proxy Manual: Adding Files And Proxy Related Configuration Examples 700%. Additional Reverse Proxy To ‘Variables via CLI Ps Zimbra Proxy Things To Review First Prerequisite Variables To Check First zimbraPublieServiceHostname zimbraPublieServiceProtocol and zimbraPublicServieePort * Needs more details, incomplete right now. In order for the change password link, calendar launching in separate window, and other various funetionality to work correctly - meaning, to use the proxy instead of mailbox server, the following LDAP attributes have to be set to the proxy values: = zimbraPublicServiceHostname(Name to be used in public API such as REST or SOAP proxy) - proxy hostname = zimbraPublicServiceProtocol(Protocol to be used in public API such as REST or SOAP proxy) - proxy protocol (http or https) = zimbraPublicServicePort(Port to be used in public API such as REST or SOAP proxy) - proxy port zimbraVirtualHostname * Needs more details, incomplete right now. vimbra_auth_always_send_refer psi zimora.comiwik'Zimbra_Proxy_Marual Insaling__Configuing, Disabling. the_Zimbra, Proxy w2a10212018 Zimbra Proxy Manualnstaling, Configuring, Disabing the Zimbra Proxy Zimbra Tech Center The zmlocaleonfig key zimbra_auth_always_send_refer is now obsolete. Its been replaced by LDAP attribute zimbraMailReferMode. Now with a full-fledged reverse proxy, users do not need to be redirected. The LDAP attribute zimbraMailReferMode is used directly by the Nginx reverse proxy. zmtlsetl * Needs more details, incomplete right now. zmtisetl sets the zimbraMailMode , this is different than the zimbraReverseProxyMailMode . ntlsctl help Usage: /opt/zinora/bin/zmtisctl [nixed|both|http|https [redirect] zmprov desc -2 zinbratiai Mode j2inbratad Mode Whether to run HTTP on HITPS or both/aixed node on redirect node. See also related attributes zinbrattailPort and zinbrata!1ssiPort type + coum E value : hetpynttps,both,mixed, redirect callback : LocalBing amutable : false cardinality + single requiredin = optionalTa : globalcontig, server Flags + serverinherited defaults + id : 308 requiresRestart = eprecatessince = % amprov dese -2 zinbraReverseProxylaslMode [BinbraReverseProxyiai Mode whether to run proxy in HTTP, HTTPS, both, mixed, or redirect node. See also relates attributes zinbrataileroxyPort and zinbratas SSLProxyPort i type + coum valve | httpjnttps,bothymixed, redirect callback + immutable : false cardinality + single requiredin = ‘optionalTa : globalcontig, server Flags : serverinherited defaults + id: 685 requiresRestart + nginxprexy since + 5.0.7 eprecatessince 8.5 server install: 's anprov ge “zehostrane’ | grep MailMode f2inbratas Mode: hetp= ;rinbeaReverse®roxyai Mode: https psi zimora.comiwik'Zimbra_Proxy_Marual Insaling__Configuing, Disabling. the_Zimbra, Proxy an2810272018 Zima Proxy Manuatlnstaling , Configuring, Disabling the Zimbra Proxy - Zimbra Tech Center ‘The New WebApp Services In ZCS 8.5 and zm_auth_token Source: From admin guide draft under 'Configur Zimbra HTTP Proxy’ * Needs more details, incomplete right now Note - <> [From Admin Guide Draft] New ZCS Deployment Single ZCS Server Environment * Needs more details, incomplete right now. = Note, for ZCS 8.7 - proxy will be required even for single ZCS deployments. = Require proxy & memcached nodes exist prior to upgrading to ZCS 8.7 = https://bugzilla.zimbra.com/show_bug.cgi?id-96920 Multi-Server ZCS Environment * Needs more details, incomplete right now. Adding Zimbra Proxy Services To Existing Non-Proxy Environments via ZCS Installer [Recommended Method] Using New Servers Source: http://wiki.zimbra.com/wiki/Enabling_Zimbra_Proxy#Using_new_servers Here you are installing the proxy on a brand new server and having all your existing mailbox servers being accessed through the proxy on this new server. Simply use the installer script (install.sh) and select the proxy and memcached packages ('Y' by default with ZCS 8.5+, just need to hit enter). This will ask you for LDAP hostname/password, Bind password for nginx Idap user which you need to provide (do 'zmlocaleonfig -s ginx_password’ on the host running Idap to get this) and then the Zimbra Proxy configuration menu would layed which would look like this Proxy configuration Enable PoP/INAP Proxy: TRUE. IMAP server port: na IAP server SSL port 7393 IAP proxy port: 1s IMAP SSL_proxy port: 393 POP server port? me PoP server SSL port: 7998, POP proxy port 108 POP SSL proxy port: 995 Bind password for nginx dap user: set Enable HT79[3] Proxy TRUE Web server HTTP port: 080 Web server HTTPS! port: 2403 ATP proxy port ae AITPS: proxy port: aa Proxy Server ode: https psi zimbra.comivik'Zimbra_Proxy_Marual Insaling__ Configuring, Disabling. the_Zimbra, Proxy2810212018 Zima Proxy Manuatlnstaling , Configuring, Disabling the Zimbra Proxy - Zimbra Tech Center If you need to change any of these intentionally, you can do that now by selecting the corresponding config item from the menu (say for eg. to disable POP/IMAP proxy, select '2' from the above menu). Otherwise, just proceed with all the defaults and you would have the proxy+memcached installed on this new server. Now, to have all the mailbox servers use the proxy, simply set the zimbraMailReferMode to reverse-proxied on each mailbox server and restart mailboxd to have all the traffic go through the proxy. Using Existing Servers * Needs more details, incomplete right now. Adding Zimbra Proxy Services To Existing Non-Proxy Environments via CLI [Advanced Method] Using New Servers Using Existing Servers Source: http://wviki.zimbra.com/wiki/Enabling_Zimbra_Proxy#Using_existing_servers Assuming you are running a 8.0 or earlier version ZCS with no proxy/memeached, zimbraMailMode as https and now want to upgrade to 8.5+ along with adding proxy & memcached, you need to follow the following steps Start 8.5+ installer (install.sh script) Do you wish to upgrade? [Y] y Install zimbra-memeached [N] y Install zimbra-proxy [N] y After install is done, enable web/mail proxy, and set the proxy mode and ports: ind "both" are valid modes = Iflocalconfig key 'zimbra_require_interprocess_security’ is set, Only "https" /zinbra/bexee/2mproxyconfig-e -w -0 -2 8880:80:8443:443 -x -H “znhostnane = Else if ‘zimbra_require_interprocess_security’ is unset, Only "http" and "both" are valid modes /ninbra/libexec/2mproxycontig,-@ -w -0 -2 8080:60:8443:443 -x chttp/both> -M “zmhostnane’ = Set the mail proxy ports jpt/zinbra/Libexec/zmproxyconfig -e -m -0 -L 7243:143:7993:993 -p 7118:110:7895:995 -4 “zmhostnare” ‘Now, to have all the mailbox servers use the proxy, simply set the zimbraMailReferMode to reverse-proxied on each mailbox server and restart mailboxd to have all the traffic go through the proxy. Do a 'zmcontrol restart’ on this node and you should be up and running. psi zimora.comiwik'Zimbra_Proxy_Marual Insaling__Configuing, Disabling. the_Zimbra, Proxy an2ajon20%8 Zimbra Proxy Manvatinsialing, Configuring, Disabling the Zibra Prony = Zim Tech Center Manually Modifying Zimbra Proxy Services And Related Variables via CLI Source: http://wiki.zimbra.com/wiki/Enabling_Zimbra_Proxy'fManually Modifying Proxy_.26 related_Variables_via_CLI Simple Command With Defaults Source: http://wiki.zimbra.com/wiki/Enabling_Zimbra_Proxy#Simple_Command_With_Defaults The zmproxyconfig command can be run with limited arguments if the command defaults are acceptable. Run Jopt'zimbrallibexec/zmproxyconfig to view all the argument options and the usage Protocol Requirements Including HTTPS Redirect Source: http://wiki.zimbra.com/wiki/Enabling_Zimbra_Proxy‘Protocol_Requirements_Including HTTPS_Redireet HTTP proxy can support protocol modes for HTTP or HTTPS only, both HTTP and HTTPS, mixed HTTP and HTTPS or HTTPS redirect from HTTP. Redirect is a popular configuration. This configuration must be made to the Proxy servers. = HTTPS redirect from HTTP lenprov ms proxy.server.nane zimbraReverseProxyMailiode redirect = HTTP and HTTPS (support both) = HTTP only enprov ms proxy.server.nane zinbrafeverseProxyMailMode = “mixed” will cause only authentication to be sent over HTTPS lemprov ns proxy.server.nane zinbraReverseProxyMailMoce mixed Documents & Sharing - The zimbraPublicService variables Source: http:/wiki.zimbra.com/wiki/Enabling_Zimbra_Proxy#Documents_26_ Sharing psi zimora.comiwik'Zimbra_Proxy_Marual Insaling__Configuing, Disabling. the_Zimbra, Proxy co2a10212018 Zimbra Proxy Manualnstaling, Configuring, Disabing the Zimbra Proxy Zimbra Tech Center It is important to consider access to documents (Briefcase) and shares when setting up HTTP proxy. A publicly reachable address must be configured to be used for the REST and SOAP proxy interfaces otherwise components requiring access to these interfaces will fail. Calendar sharing is an example of one component. Set zimbraPublicServiceHostname, zimbraPublicServiceProtocol, and zimbraPublicServicePort when applicable. These values are usually not required without proxy sinee the REST and SOAP proxy interfaces take the value of the Zimbra mailbox service hostname by default. These attributes can be set globally to be inherited by all domains or per domain. Set zimbraPublicServiceHostname to the value of the host that will be used in the URL for access to the HTTP. proxy. = This command sets mail.domain.com as the public hostname to be used for access to all domains in the Zimbra directory prov ncf zinbraPublicServicedostnane mail.domain.con = This command sets mail.domaina.com as the public hostname to be used for access to domaina.com domain: prov md donaina.con zinbraPublicServicetiostnane mall. domain = Set zimbraPublicServiceProtocol to hutp or https depending on the protocol requirements for HTTP proxy: prev nd donsina.con zinbraPublicServiceProtocel https = Set zimbraPublicServicePort to the value that corresponds to the HTTP proxy port used in the URL (optional if standard ports 80 or 443 are used for proxy listeners): prov nd donsina.con zinbraPublicServicePort 443 Disabling Zimbra Proxy Completely Disable Proxy In Single ZCS Server Environment Completely Disable Proxy In Multi-Server ZCS Environment Disable POP/IMAP Proxy In Single ZCS Server Environment Source: http://wiki.zimbra.com/wiki/Ajcody-Proxy- Notes#Need_To_Disable_Pop.2Flmap_Proxy_And_Use_POP.2FIMAP_Normally ‘show Sometimes, people install/setup proxy services on their single ZCS server and they don't need them. Hei you would disable the proxy stuff and get imap/pop working over the default ports. a anprov -1 gs “znhostnane” | grep -4 port st the ports, then set variables to port @: prey ns “zthostname™ zinbrainapProxyaindPort @ prev mz “zehostname” rinbraznapsSLProxyBincPort @ prov ms ~zehostname™ zinbraPopsProxysindPort @ psi zimbra.comiwik'Zimbra_Proxy_Marual Insaling__ Configuring, Disabling. the_Zimbra, Proxy co2810212018 Zima Proxy Manuatlnstaling , Configuring, Disabling the Zimbra Proxy - Zimbra Tech Center fenprov ms “zshostrane’ zinbraPop3sSLProxyBindPort @ E en, set the non “Proxy” ports to the desired standard ports *anhostnane™ zinbratnapBindPort 143 awnostrane’ zinbeamapSsStBindPort 993 zehostrane’ zinbraPop3BindPort 118 zenostrane’ zinbraPop3ssisindPort 995 prov ms “2ehostname™ -rinbraServicetnabled mencached prov ms “zmhostname” ~rimbraServicernabled smapproxy rproxyctl stop mmencachedetl stop nailboxdct top inal Iboxdet start Disable Web [Mail] Proxy In Single ZCS Server Environment Source: hitp://wiki.zimbra.com/wiki/Ajeody-Proxy- Notes#Need_To_Disable_Pop.2Flmap_Proxy_And_Use_POP.2FIMAP_Normally Sometimes, people install/setup proxy services on their single ZCS server and they don't need them. Here's how you would disable the proxy stuff and get imap/pop working over the default ports. prov =1 gs “znhostnane™ | grep -1 port tthe ports, then set variables to port &: prey ns “zthostnane™ zinbraviailProxyPort @ annostrane’ 2inbraMadlSsiProxyPort @ ‘the non “Proxy” ports to the desired standard ports anhostrane’ zinbraMailPort 80 Pro ms “zehostrane™ zinbraMailssLPort 993 18 conplete prov ms “2ehostname” -zinbraServiceénabled mencached Retrieved from "https://wiki.zimbra.com/index.php? title=Zimbra_Proxy_Manual:Installing_, Configuring, Disabling_the_Zimbra_Proxy&oldid=62005" Categories: ZCS 8.5 | Certified | WorkInProgress | Author:Ajcody psi zimora.comiwik'Zimbra_Proxy_Marual Insaling__Configuing, Disabling. the_Zimbra, Proxy 7