Provide HTTP(s) Integration with Apache
Setting up HTTP and HTTPS support through Apache VirtualHosts
Scenario
Single production server, with public IP address running apache web server hosting multiple virtual domains, and Zimbra Groupware server to providing email and webmail access to users in multiple virtual domains.
The example domain used in this article is 'server.com' - replace with your own domain.
Aims
- You want to provide both http (insecure) and https (secure) access to clients through the webmail interface.
- On 'server.com' you want to provide webmail access when users visit 'http://webmail.server.com' and secure acces when they visit 'https://webmail.server.com'.
- The Apache server listens on default ports 80 and 443, the Zimbra server listens on port 81 and uses the insecure login authentication method (zmtlsctl http).
System Requirements
- Installed Apache webserver
- Familiarity with Apache VirtualHost configurations
- Working Zimbra installation
Time To Implement
Outside of meeting the system requirements, and reading this article through - the actual coding will take between 5-15 minutes depending on how familiar you are with the Linux command-line and the Zimbra server.
Advice
The article has been written by community members, Zimbra administrators and experienced coders - the proof reading may not be perfect and aims to provide ideas and an exampe of a successful working practice.
Please feel free to use the Zimbra Forums to request more specific help, follow the article closely and do not rush - it will only take longer !!
Laying the foundations
Plan of Action
All following commands are issued whilst logged in with the 'zimbra' user.
sudo su - zimbra
Step 1
- Ensure Zimbra is running on port 81
Using the syntax : zmprov ms <your-server> zimbraMailPort <your-port-number>
zmprov ms server.com zimbraMailPort 81
Breakdown
We logged in as the 'zimbra' user, then using the zmprov command to manipulate server name pair values, tell Zimbra to use the mail port number 81.
n.b. a more detailed thread here
Step 2
- Tell Zimbra to use the http authentication method - this does not redirect logins to SSL basically.
zmtlsctl http
zmcontrol stop;zmcontrol start
Breakdown
We issued the 'zmtlsctl' command and passed the http value (other options include https,both,mixed,redirect but they do not apply to this article)
The Zimbra server was then restarted using the 'zmcontrol' command.
Step 3 - requires root access
- Create a new apache configuration file to contain our virtualhosts
sudo su -
nano /etc/httpd/conf.d/zimbra.conf
Once within your text editor ensure it looks like this:
<VirtualHost *:80>
ServerAlias webmail.*
ProxyPass / http://server.com:81/
ProxyPassReverse / http://server.com:81/
ErrorLog /var/log/httpd/zimbra-error.log
</VirtualHost>
Step 3 Breakdown
We logged in as root using the 'sudo su - ' command, allowing us write access to the Apache configuration directory - located at /etc/httpd/conf.d/.
Then created a new virtual host that listens on port 80 on all network interfaces.
The new virtual host has a server alias of webmail.* - meaning any virtual domain on your server's IP addresses beginning with webmail. will be handled here.
The proxypass line silently redirects all traffic to the zimbra port without the user knowing what is going on behind the scenes.
The proxypassreverse line, simply listens for traffic coming back from the redirect - again without the end user knowing what is going on behind the scenes.
Always usefull - we tell Apache to keep a log of any errors in the usual /var/log/httpd/ directory - in case we experience problems we can use the log to troubleshoot. (If all runs smoothly just a # to the beginning of this line to turn the error logging off).