NGINX Configuration Directive Reference

From Zimbra :: Wiki

Jump to: navigation, search
Admin Article

Article Information

This article applies to the following ZCS versions.
  ZCS 5.0 Article  ZCS 5.0

Almost all the configuration directives for Zimbra NGINX Proxy are controlled by LDAP attributes, and in some cases, by LocalConfig values. To simplify the Proxy Configuration, the NGINX Proxy Configuration Generator reads these LDAP/LocalConfig values, and generates the Proxy configuration files. To allow more flexibility to the process of config generation, the Config Generator reads in a set of template files, substitutes certain keywords with the actual values from LDAP/LocalConfig, and generates the configuration files for use with NGINX.

Both, the Proxy configuration files, and the Proxy configuration templates, are hierarchical in nature, which means that a main, top-level configuration file or template, includes other configuration files or templates respectively. Refer to the NGINX Configuration Structure for the Proxy Configuration Inclusion Hierarchy

Contents

Configuration Keywords

core.cprefix

 NGINX Keyword:         core.cprefix
 Description:           Common config file prefix
 Controlling Attribute: (none)
 Default Value:         nginx.conf
 Config Text:           nginx.conf
 How to modify:         N/A

core.includes

 NGINX Keyword:         core.includes
 Description:           Include directory (relative to ${core.workdir}/conf) containing sub-configuration files
 Controlling Attribute: (none)
 Default Value:         nginx/includes
 Config Text:           nginx/includes
 How to modify:         N/A

core.tprefix

 NGINX Keyword:         core.tprefix
 Description:           Common template file prefix
 Controlling Attribute: (none)
 Default Value:         nginx.conf
 Config Text:           nginx.conf
 How to modify:         N/A

core.workdir

 NGINX Keyword:         core.workdir
 Description:           Working Directory for NGINX worker processes
 Controlling Attribute: (none)
 Default Value:         /opt/zimbra
 Config Text:           /opt/zimbra
 How to modify:         N/A

mail.:auth_http

 NGINX Keyword:         mail.:auth_http
 Description:           List of mail route lookup handlers (i.e. servers for which zimbraReverseProxyLookupTarget is true)
 Controlling Attribute: zimbraReverseProxyLookupTarget
 Default Value:         []
 Current Value:         [<server>:7072]
 Config Text:               auth_http   <server>:7072/service/extension/nginx-lookup;
 How to modify:         zmprov ms <server> zimbraReverseProxyLookupTarget TRUE       // to add a server to route-lookup list
                        zmprov ms <server> zimbraReverseProxyLookupTarget FALSE      // to remove a server from route-lookup list

mail.authwait

 NGINX Keyword:         mail.authwait
 Description:           Time delay (ms) after which an incorrect POP/IMAP login attempt will be rejected
 Controlling Attribute: zimbraReverseProxyAuthWaitInterval
 Default Value:         10000
 Config Text:           10000ms
 How to modify:         zmprov mcf zimbraReverseProxyAuthWaitInterval 15s            // s=seconds, m=minutes, h=hours, d=days

mail.defaultrealm

 NGINX Keyword:         mail.defaultrealm
 Description:           Default SASL realm used in case Kerberos principal does not contain realm information
 Controlling Attribute: zimbraReverseProxyDefaultRealm
 Default Value:         
 Config Text:           
 How to modify:         zmprov ms <server> zimbraReverseProxyDefaultRealm MYREALM.COM

mail.dpasswd

 NGINX Keyword:         mail.dpasswd
 Description:           Password for master credentials used by NGINX to log in to upstream for GSSAPI authentication
 Controlling Attribute: ldap_nginx_password
 Default Value:         zmnginx
 Config Text:           zmnginx
 How to modify:         N/A

mail.enabled

 NGINX Keyword:         mail.enabled
 Description:           Indicates whether Mail Proxy is enabled
 Controlling Attribute: zimbraReverseProxyMailEnabled
 Default Value:         true
 Config Text:           
 How to modify:         zmprov ms <server> zimbraReverseProxyMailEnabled FALSE

mail.imap.authgssapi.enabled

 NGINX Keyword:         mail.imap.authgssapi.enabled
 Description:           Whether SASL GSSAPI is enabled for IMAP
 Controlling Attribute: zimbraReverseProxyImapSaslGssapiEnabled
 Default Value:         false
 Config Text:           
 How to modify:         zmprov ms <server> zimbraReverseProxyImapSaslGssapiEnabled TRUE

mail.imap.authplain.enabled

 NGINX Keyword:         mail.imap.authplain.enabled
 Description:           Whether SASL PLAIN is enabled for IMAP
 Controlling Attribute: zimbraReverseProxyImapSaslPlainEnabled
 Default Value:         true
 Config Text:           
 How to modify:         zmprov ms <server> zimbraReverseProxyImapSaslPlainEnabled FALSE

mail.imap.greeting

 NGINX Keyword:         mail.imap.greeting
 Description:           Proxy IMAP banner message (contains build version if zimbraReverseProxyImapExposeVersionOnBanner is true)
 Controlling Attribute: zimbraReverseProxyPop3ExposeVersionOnBanner
 Default Value:         
 Config Text:           
 How to modify:         zmprov ms zimbraReverseProxyPop3ExposeVersionOnBanner TRUE

mail.imap.literalauth

 NGINX Keyword:         mail.imap.literalauth
 Description:           Whether NGINX uses literal strings for user name/password when logging in to upstream IMAP server - if false, NGINX uses quoted strings
 Controlling Attribute: (none)
 Default Value:         true
 Config Text:           on
 How to modify:         N/A

mail.imap.port

 NGINX Keyword:         mail.imap.port
 Description:           Mail Proxy IMAP Port
 Controlling Attribute: zimbraImapProxyBindPort
 Default Value:         143
 Config Text:           143
 How to modify:         N/A

mail.imap.tls

 NGINX Keyword:         mail.imap.tls
 Description:           TLS support for IMAP - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel
 Controlling Attribute: zimbraReverseProxyImapStartTlsMode
 Default Value:         only
 Config Text:           on
 How to modify:         N/A

mail.imapcapa

 NGINX Keyword:         mail.imapcapa
 Description:           IMAP Capability List
 Controlling Attribute: zimbraReverseProxyImapEnabledCapability
 Default Value:         []
 Current Value:         [ACL, BINARY, CATENATE, CHILDREN, CONDSTORE, ENABLE, ESEARCH, ESORT, I18NLEVEL=1, ID, IDLE, IMAP4rev1, LIST-EXTENDED, LITERAL+, MULTIAPPEND, NAMESPACE, QRESYNC, QUOTA, RIGHTS=ektx, SASL-IR, SEARCHRES, SORT, THREAD=ORDEREDSUBJECT, UIDPLUS, UNSELECT, WITHIN]
 Config Text:            "ACL" "BINARY" "CATENATE" "CHILDREN" "CONDSTORE" "ENABLE" "ESEARCH" "ESORT" "I18NLEVEL=1" "ID" "IDLE" "IMAP4rev1" "LIST-EXTENDED" "LITERAL+" "MULTIAPPEND" "NAMESPACE" "QRESYNC" "QUOTA" "RIGHTS=ektx" "SASL-IR" "SEARCHRES" "SORT" "THREAD=ORDEREDSUBJECT" "UIDPLUS" "UNSELECT" "WITHIN"
 How to modify:         N/A

mail.imapid

 NGINX Keyword:         mail.imapid
 Description:           NGINX response to IMAP ID command
 Controlling Attribute: (none)
 Default Value:         "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"
 Current Value:         "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"
 Config Text:           "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"
 How to modify:         N/A

mail.imaps.port

 NGINX Keyword:         mail.imaps.port
 Description:           Mail Proxy IMAPS Port
 Controlling Attribute: zimbraImapSSLProxyBindPort
 Default Value:         993
 Config Text:           993
 How to modify:         N/A

mail.ipmax

 NGINX Keyword:         mail.ipmax
 Description:           IP Login Limit (Throttle) - 0 means infinity
 Controlling Attribute: zimbraReverseProxyIPLoginLimit
 Default Value:         0
 Config Text:           0
 How to modify:         N/A

mail.iprej

 NGINX Keyword:         mail.iprej
 Description:           Rejection message for IP throttle
 Controlling Attribute: zimbraReverseProxyIpThrottleMsg
 Default Value:         Login rejected from this IP
 Config Text:           Login rejected from this IP
 How to modify:         N/A

mail.ipttl

 NGINX Keyword:         mail.ipttl
 Description:           Time interval (ms) after which IP Login Counter is reset
 Controlling Attribute: zimbraReverseProxyIPLoginLimitTime
 Default Value:         3600000
 Config Text:           3600000ms
 How to modify:         N/A

mail.passerrors

 NGINX Keyword:         mail.passerrors
 Description:           Indicates whether mail proxy will pass any protocol specific errors from the upstream server back to the downstream client
 Controlling Attribute: zimbraReverseProxyPassErrors
 Default Value:         true
 Config Text:           on
 How to modify:         N/A

mail.pop3.authgssapi.enabled

 NGINX Keyword:         mail.pop3.authgssapi.enabled
 Description:           Whether SASL GSSAPI is enabled for POP3
 Controlling Attribute: zimbraReverseProxyPop3SaslGssapiEnabled
 Default Value:         false
 Config Text:           
 How to modify:         N/A

mail.pop3.authplain.enabled

 NGINX Keyword:         mail.pop3.authplain.enabled
 Description:           Whether SASL PLAIN is enabled for POP3
 Controlling Attribute: zimbraReverseProxyPop3SaslPlainEnabled
 Default Value:         true
 Config Text:           
 How to modify:         N/A

mail.pop3.greeting

 NGINX Keyword:         mail.pop3.greeting
 Description:           Proxy POP3 banner message (contains build version if zimbraReverseProxyPop3ExposeVersionOnBanner is true)
 Controlling Attribute: zimbraReverseProxyPop3ExposeVersionOnBanner
 Default Value:         
 Config Text:           
 How to modify:         N/A

mail.pop3.port

 NGINX Keyword:         mail.pop3.port
 Description:           Mail Proxy POP3 Port
 Controlling Attribute: zimbraPop3ProxyBindPort
 Default Value:         110
 Config Text:           110
 How to modify:         N/A

mail.pop3.tls

 NGINX Keyword:         mail.pop3.tls
 Description:           TLS support for POP3 - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel
 Controlling Attribute: zimbraReverseProxyPop3StartTlsMode
 Default Value:         only
 Config Text:           on
 How to modify:         N/A

mail.pop3capa

 NGINX Keyword:         mail.pop3capa
 Description:           POP3 Capability List
 Controlling Attribute: zimbraReverseProxyPop3EnabledCapability
 Default Value:         []
 Current Value:         [EXPIRE 31 USER, TOP, UIDL, USER, XOIP]
 Config Text:            "EXPIRE 31 USER" "TOP" "UIDL" "USER" "XOIP"
 How to modify:         N/A

mail.pop3s.port

 NGINX Keyword:         mail.pop3s.port
 Description:           Mail Proxy POP3S Port
 Controlling Attribute: zimbraPop3SSLProxyBindPort
 Default Value:         995
 Config Text:           995
 How to modify:         N/A

mail.sasl_host_from_ip

 NGINX Keyword:         mail.sasl_host_from_ip
 Description:           Whether to use incoming interface IP address to determine service principal name (if true, IP address is reverse mapped to DNS name, else host name of proxy is used)
 Controlling Attribute: krb5_service_principal_from_interface_address
 Default Value:         false
 Config Text:           off
 How to modify:         N/A

mail.saslapp

 NGINX Keyword:         mail.saslapp
 Description:           Application name used by NGINX to initialize SASL authentication
 Controlling Attribute: (none)
 Default Value:         nginx
 Config Text:           nginx
 How to modify:         N/A

mail.ssl.cert

 NGINX Keyword:         mail.ssl.cert
 Description:           Mail Proxy SSL certificate file
 Controlling Attribute: (none)
 Default Value:         /opt/zimbra/conf/nginx.crt
 Config Text:           /opt/zimbra/conf/nginx.crt
 How to modify:         N/A

mail.ssl.ciphers

 NGINX Keyword:         mail.ssl.ciphers
 Description:           Permitted ciphers for mail proxy
 Controlling Attribute: zimbraReverseProxySSLCiphers
 Default Value:         !SSLv2:!MD5:HIGH
 Config Text:           !SSLv2:!MD5:HIGH
 How to modify:         N/A

mail.ssl.key

 NGINX Keyword:         mail.ssl.key
 Description:           Mail Proxy SSL certificate key
 Controlling Attribute: (none)
 Default Value:         /opt/zimbra/conf/nginx.key
 Config Text:           /opt/zimbra/conf/nginx.key
 How to modify:         N/A

mail.ssl.preferserverciphers

 NGINX Keyword:         mail.ssl.preferserverciphers
 Description:           Requires protocols SSLv3 and TLSv1 server ciphers be preferred over the client's ciphers
 Controlling Attribute: (none)
 Default Value:         true
 Config Text:           on
 How to modify:         N/A

mail.timeout

 NGINX Keyword:         mail.timeout
 Description:           Time interval (ms) after which, if a POP/IMAP connection is inactive, it will be automatically disconnected
 Controlling Attribute: zimbraReverseProxyInactivityTimeout
 Default Value:         3600000
 Config Text:           3600000ms
 How to modify:         N/A

mail.upstream.imapid

 NGINX Keyword:         mail.upstream.imapid
 Description:           Whether NGINX issues the IMAP ID command to the upstream server prior to logging in (audit purpose)
 Controlling Attribute: zimbraReverseProxySendImapId
 Default Value:         true
 Config Text:           on
 How to modify:         N/A

mail.upstream.pop3xoip

 NGINX Keyword:         mail.upstream.pop3xoip
 Description:           Whether NGINX issues the POP3 XOIP command to the upstream server prior to logging in (audit purpose)
 Controlling Attribute: zimbraReverseProxySendPop3Xoip
 Default Value:         true
 Config Text:           on
 How to modify:         N/A

mail.usermax

 NGINX Keyword:         mail.usermax
 Description:           User Login Limit (Throttle) - 0 means infinity
 Controlling Attribute: zimbraReverseProxyUserLoginLimit
 Default Value:         0
 Config Text:           0
 How to modify:         N/A

mail.userrej

 NGINX Keyword:         mail.userrej
 Description:           Rejection message for User throttle
 Controlling Attribute: zimbraReverseProxyUserThrottleMsg
 Default Value:         Login rejected for this user
 Config Text:           Login rejected for this user
 How to modify:         N/A

mail.userttl

 NGINX Keyword:         mail.userttl
 Description:           Time interval (ms) after which User Login Counter is reset
 Controlling Attribute: zimbraReverseProxyUserLoginLimitTime
 Default Value:         3600000
 Config Text:           3600000ms
 How to modify:         N/A

main.connections

 NGINX Keyword:         main.connections
 Description:           Maximum number of simultaneous connections per worker process
 Controlling Attribute: zimbraReverseProxyWorkerConnections
 Default Value:         10240
 Config Text:           10240
 How to modify:         N/A

main.group

 NGINX Keyword:         main.group
 Description:           The group as which the worker processes will run
 Controlling Attribute: (none)
 Default Value:         zimbra
 Config Text:           zimbra
 How to modify:         N/A

main.krb5keytab

 NGINX Keyword:         main.krb5keytab
 Description:           Path to kerberos keytab file used for GSSAPI authentication
 Controlling Attribute: krb5_keytab
 Default Value:         /opt/zimbra/conf/krb5.keytab
 Config Text:           /opt/zimbra/conf/krb5.keytab
 How to modify:         N/A

main.logfile

 NGINX Keyword:         main.logfile
 Description:           Log file path (relative to ${core.workdir})
 Controlling Attribute: (none)
 Default Value:         log/nginx.log
 Config Text:           log/nginx.log
 How to modify:         N/A

main.loglevel

 NGINX Keyword:         main.loglevel
 Description:           Log level - can be debug|info|notice|warn|error|crit
 Controlling Attribute: zimbraReverseProxyLogLevel
 Default Value:         info
 Config Text:           info
 How to modify:         N/A

main.pidfile

 NGINX Keyword:         main.pidfile
 Description:           PID file path (relative to ${core.workdir})
 Controlling Attribute: (none)
 Default Value:         log/nginx.pid
 Config Text:           log/nginx.pid
 How to modify:         N/A

main.user

 NGINX Keyword:         main.user
 Description:           The user as which the worker processes will run
 Controlling Attribute: (none)
 Default Value:         zimbra
 Config Text:           zimbra
 How to modify:         N/A

main.workers

 NGINX Keyword:         main.workers
 Description:           Number of worker processes
 Controlling Attribute: zimbraReverseProxyWorkerProcesses
 Default Value:         4
 Config Text:           4
 How to modify:         N/A

memcache.:servers

 NGINX Keyword:         memcache.:servers
 Description:           List of known memcache servers (i.e. servers having imapproxy service enabled)
 Controlling Attribute: (none)
 Default Value:         []
 Current Value:         [<server>:11211]
 Config Text:             servers   <server>:11211;
 How to modify:         N/A

memcache.reconnect

 NGINX Keyword:         memcache.reconnect
 Description:           Time (ms) after which NGINX will attempt to re-establish a broken connection to a memcache server
 Controlling Attribute: zimbraReverseProxyCacheReconnectInterval
 Default Value:         60000
 Config Text:           60000ms
 How to modify:         N/A

memcache.timeout

 NGINX Keyword:         memcache.timeout
 Description:           Time (ms) given to a cache-fetch operation to complete
 Controlling Attribute: zimbraReverseProxyCacheFetchTimeout
 Default Value:         3000
 Config Text:           3000ms
 How to modify:         N/A

memcache.ttl

 NGINX Keyword:         memcache.ttl
 Description:           Time interval (ms) for which cached entries remain in memcache
 Controlling Attribute: zimbraReverseProxyCacheEntryTTL
 Default Value:         3600000
 Config Text:           3600000ms
 How to modify:         N/A

memcache.unqual

 NGINX Keyword:         memcache.unqual
 Description:           Deprecated - always set to false
 Controlling Attribute: (none)
 Default Value:         false
 Config Text:           off
 How to modify:         N/A

web.:routehandlers

 NGINX Keyword:         web.:routehandlers
 Description:           List of web route lookup handlers (i.e. servers for which zimbraReverseProxyLookupTarget is true)
 Controlling Attribute: zimbraReverseProxyLookupTarget
 Default Value:         []
 Current Value:         [<server>:7072]
 Config Text:               zmroutehandlers   <server>:7072/service/extension/nginx-lookup;
 How to modify:         N/A

web.enabled

 NGINX Keyword:         web.enabled
 Description:           Indicates whether HTTP proxying is enabled
 Controlling Attribute: zimbraReverseProxyHttpEnabled
 Default Value:         false
 Config Text:           
 How to modify:         N/A

web.http.enabled

 NGINX Keyword:         web.http.enabled
 Description:           Indicates whether HTTP Proxy will accept connections on HTTP (true unless zimbraReverseProxyMailMode is 'https')
 Controlling Attribute: (none)
 Default Value:         true
 Config Text:           
 How to modify:         N/A

web.http.maxbody

 NGINX Keyword:         web.http.maxbody
 Description:           Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413
 Controlling Attribute: zimbraFileUploadMaxSize
 Default Value:         10485760
 Config Text:           10485760
 How to modify:         N/A

web.http.port

 NGINX Keyword:         web.http.port
 Description:           Web Proxy HTTP Port
 Controlling Attribute: zimbraMailProxyPort
 Default Value:         0
 Config Text:           80
 How to modify:         N/A

web.http.uport

 NGINX Keyword:         web.http.uport
 Description:           Web upstream server port
 Controlling Attribute: zimbraMailPort
 Default Value:         80
 Config Text:           7070
 How to modify:         N/A

web.https.enabled

 NGINX Keyword:         web.https.enabled
 Description:           Indicates whether HTTP Proxy will accept connections on HTTPS (true unless zimbraReverseProxyMailMode is 'http')
 Controlling Attribute: (none)
 Default Value:         true
 Config Text:           
 How to modify:         N/A

web.https.maxbody

 NGINX Keyword:         web.https.maxbody
 Description:           Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413
 Controlling Attribute: zimbraFileUploadMaxSize
 Default Value:         10485760
 Config Text:           10485760
 How to modify:         N/A

web.https.port

 NGINX Keyword:         web.https.port
 Description:           Web Proxy HTTPS Port
 Controlling Attribute: zimbraMailSSLProxyPort
 Default Value:         0
 Config Text:           443
 How to modify:         N/A

web.mailmode

 NGINX Keyword:         web.mailmode
 Description:           Reverse Proxy Mail Mode - can be http|https|both|redirect|mixed
 Controlling Attribute: zimbraReverseProxyMailMode
 Default Value:         both
 Config Text:           mixed
 How to modify:         N/A

web.routetimeout

 NGINX Keyword:         web.routetimeout
 Description:           Time interval (ms) given to web route lookup handler to respond to route lookup request (after this time elapses, Proxy fails over to next handler, or fails the request if there are no more lookup handlers)
 Controlling Attribute: (none)
 Default Value:         15000
 Config Text:           15000ms
 How to modify:         N/A

web.ssl.cert

 NGINX Keyword:         web.ssl.cert
 Description:           Web Proxy SSL certificate path
 Controlling Attribute: (none)
 Default Value:         /opt/zimbra/conf/nginx.crt
 Config Text:           /opt/zimbra/conf/nginx.crt

web.ssl.key

 NGINX Keyword:         web.ssl.key
 Description:           Web Proxy SSL certificate key
 Controlling Attribute: (none)
 Default Value:         /opt/zimbra/conf/nginx.key
 Config Text:           /opt/zimbra/conf/nginx.key
 How to modify:         N/A

web.uploadmax

 NGINX Keyword:         web.uploadmax
 Description:           Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413
 Controlling Attribute: zimbraFileUploadMaxSize
 Default Value:         10485760
 Config Text:           10485760
 How to modify:         N/A

web.upstream.:servers

 NGINX Keyword:         web.upstream.:servers
 Description:           List of upstream HTTP servers used by Web Proxy (i.e. servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both)
 Controlling Attribute: zimbraReverseProxyLookupTarget
 Default Value:         []
 Current Value:         [<server>:7070]
 Config Text:               server   <server>:7070;
 How to modify:         N/A

web.upstream.name

 NGINX Keyword:         web.upstream.name
 Description:           Symbolic name for HTTP upstream cluster
 Controlling Attribute: (none)
 Default Value:         zimbra
 Config Text:           zimbra
 How to modify:         N/A


Verified Against: ZCS 5.0.10 and later Date Created: 9/8/2008
Article ID: http://wiki.zimbra.com/index.php?title=NGINX_Configuration_Directive_Reference Date Modified: 04/15/2010
Personal tools