ZimbraApache

From Zimbra :: Wiki

Jump to: navigation, search

Contents

Running apache and zimbra webmail on the same host

   Article-alert.png  - This article is a community contribution and may include unsupported customizations for network edition customers.



Apache over http (port 80) and Zimbra over https (port 443)

If you don't need to have non-SSL (http/port 80) access to zimbra webmail and you don't need to have SSL (https/port 443) access to apache, configure zimbra to only listen on https port 443.

su - zimbra
zmtlsctl https
tomcat restart

That's it! Now apache will serve websites (presumably over port 80), and zimbra will serve webmail over port 443.


Sharing http (port 80) and/or https (port 443) between Zimbra and Apache

If you do need to have access to both zimbra and apache over the same port, use this guide.

Q: How to run Apache + Zimbra on the same host without having to use a weird port to access any of them ?

A: Use mod_proxy ;)

This wiki page is based on this zimbra forums thread: http://www.zimbra.com/forums/showthread.php?t=2476 (I am using a Debian Sarge).

You must have several hostnames for your server (for example zimbra.domain.com and www.domain.com).

First of all, change zimbraMailPort, and recreate zimbraMtaAuthHost and restart zimbra so our apache can listen on 80, do it like this :

zmprov ms zimbra.mydom.com zimbraMailPort 81
zmprov ms zimbra.mydom.com zimbraMtaAuthHost zimbra.mydom.com
/etc/init.d/zimbra restart

Then, install your prefered apache version (1.3 / 2) and add the proxy module :

for apache 1.3 :

echo "LoadModule proxy_module /usr/lib/apache/1.3/libproxy.so" >> /etc/apache/modules.conf
apachectl restart


for apache 2 :

ln -s /etc/apache2/mods-available/proxy.load /etc/apache2/mods-enabled/proxy.load
ln -s /etc/apache2/mods-available/proxy.conf /etc/apache2/mods-enabled/proxy.conf
/etc/init.d/apache2 restart

Now we can add our virtualhosts.

for apache 1.3, go into /etc/apache/conf.d/ and create/edit vhosts.conf :

[for apache 2 go into /etc/apache2/conf.d/]

NameVirtualHost *:80
  
<VirtualHost *:80>
   ServerAdmin dz@mydom.com
   DocumentRoot /var/www/myweb
   ServerName www.mydom.com
   ErrorLog /var/log/apache/www-error.log
   CustomLog /var/log/apache/www-access.log common
</VirtualHost>
  
<VirtualHost *:80>
   ServerName zimbra.mydom.com
   ServerAdmin dz@mydom.com
   ProxyPass / http://zimbra.mydom.com:81/
   ProxyPassReverse / http://zimbra.mydom.com:81/
   ErrorLog /var/log/apache/zimbra-error.log
   CustomLog /var/log/apache/zimbra-access.log common
</VirtualHost>

To do mod_proxy on the admin side do something along the following lines in httpd.conf

<VirtualHost *:80>
   ServerName zimbras.domain.tld
   ServerAdmin admin@domain.tld
   SSLProxyEngine On
   ProxyPass / https://zimbra.domain.tld:7071/    (the hostname of the real zimbra server)
   ProxyPassReverse / https://zimbra.domain.tld:7071/  (the hostname of the real zimbra server)
   ErrorLog /var/log/zimbras.domain-error.log
   CustomLog /var/log/zimbras.domain-access.log combined
   CustomLog /var/log/all-access.log combined     (something i have on all my hosts)
</VirtualHost>

Almost done. Restart everything. Test your new hosts.

Enjoy Zimbra ;)

Sharing both HTTP and HTTPS between both Zimbra and Apache using Different Domain Names

I found that the above wouldn't work when I tried to preserve http and https access for both Zimbra and Apache. Here is what I did to fix it. Instead of using ProxyPass, I used Redirect, as follows.

Change the ports that the Zimbra webmail client listens on

zmprov ms mail.yourdomain.com zimbraMailPort 60081
zmprov ms mail.yourdomain.com zimbraMailSSLPort 60443
zmprov ms mail.yourdomain.com zimbraMtaAuthHost mail.yourdomain.com
zmcontrol stop
zmcontrol start

Set up your redirects in Apache

Set up the http redirects

Under Apache2 on CentOS, I just create a file called /etc/httpd/conf.d/vhosts.conf with the following content:

NameVirtualHost *:80

<VirtualHost *:80>
    ServerAdmin admin@yourdomain.com
    DocumentRoot /var/www/html
    ServerName www.yourdomain.com
    ErrorLog /var/log/httpd-error.log
    CustomLog /var/log/httpd-access.log common
</VirtualHost>

<VirtualHost *:80>
    ServerName mail.yourdomain.com
    ServerAdmin admin@yourdomain.com
    Redirect / https://mail.yourdomain.com:60443/
    ErrorLog /var/log/zimbra-error.log
   CustomLog /var/log/zimbra-access.log common
</VirtualHost>

Set up your https redirects

Under Apache2 on CentOS, I just edit the file called /etc/httpd/conf.d/ssl.conf. Look for the line that says:

<VirtualHost _default_:443>

Comment it out, and add the following just below it:

NameVirtualHost *:443
<VirtualHost *:443>

Below that, look for the commented-out line that starts with ServerName, uncomment it, and add your server name that you want to use for Apache:

ServerName www.yourdomain.com

Next, go to the bottom of the file and setup your Zimbra virtual host

<VirtualHost *:443>
   ServerName mail.yourdomain.com
   ServerAdmin admin@yourdomain.com
   ErrorLog /var/log/zimbra-ssl-error.log
   CustomLog /var/log/zimbra-ssl-access.log common
   SSLEngine on
   SSLProtocol all -SSLv2
   SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
   SSLCertificateFile /etc/pki/tls/certs/zimbra.crt
   SSLCertificateKeyFile /etc/pki/tls/private/zimbra.key
   SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
   Redirect / https://mail.yourdomain.com:60443/
</VirtualHost>

Why do we bother specifying the SSL certificate if we are only going to redirect from Apache to Zimbra? Because if you don't, your user will get an "invalid certificate" error from their browser before the redirect happens.

Restart Apache

/etc/init.d/httpd restart

Sharing both HTTP and HTTPS between both Zimbra and Apache using Different IP Addresses

Instead of using different domain names, as in the above example, I find that it is much easier and cleaner to simply use different IP addresses. On my box, I only have one network interface card, but I have six public IP addresses that all point to it. Therefore, in my DNS I simply assign the www.yourdomain.com subdomain to XXX.XXX.XXX.100 and the mail.yourdomain.com subdomain to XXX.XXX.XXX.101. This gives you the added flexibility of adding many different sub domain aliases in your DNS and simply pointing them all to the same IP address. For example, you could add aliases like webmail.yourdomain.com and zimbra.yourdomain.com to the DNS, and you wouldn't have to change any of the configuration files below for it to work properly.

Change the ports that the Zimbra webmail client listens on

zmprov ms mail.yourdomain.com zimbraMailPort 60081
zmprov ms mail.yourdomain.com zimbraMailSSLPort 60443
zmprov ms mail.yourdomain.com zimbraMtaAuthHost mail.yourdomain.com
zmcontrol stop
zmcontrol start

Set up your redirects in Apache

Make sure Apache is listening on all IP addresses

Check your Apache configuration to make sure that it is listening on all IP addresses. For most installations, this will be the default, so if you haven't changed it yourself it should be working. Just to be sure, open your httpd.conf file (in CentOS it is /etc/httpd/conf/httpd.conf) and look for a line that starts with "Listen". It should just say:

Listen 80

Or, it might say:

Listen *:80

If it has a specific IP address in it, such as:

Listen XXX.XXX.XXX.XXX:80

You will either need to delete the IP address reference or simply add multiple Listen lines for each of your IP addresses.

Set up the http redirects

Under Apache2 on CentOS, I just create a file called /etc/httpd/conf.d/vhosts.conf with the following content:

NameVirtualHost XXX.XXX.XXX.100:80
NameVirtualHost XXX.XXX.XXX.101:80

<VirtualHost XXX.XXX.XXX.100:80>
    ServerAdmin admin@yourdomain.com
    DocumentRoot /var/www/html
    ErrorLog /var/log/httpd-error.log
    CustomLog /var/log/httpd-access.log common
</VirtualHost>

<VirtualHost XXX.XXX.XXX.101:80>
    ServerAdmin admin@yourdomain.com
    Redirect / https://mail.yourdomain.com:60443/
    ErrorLog /var/log/zimbra-error.log
    CustomLog /var/log/zimbra-access.log common
</VirtualHost>

Set up your https redirects

Under Apache2 on CentOS, I just edit the file called /etc/httpd/conf.d/ssl.conf. Look for the line that says:

<VirtualHost _default_:443>

Comment it out, and add the following just below it:

NameVirtualHost XXX.XXX.XXX.100:443
NameVirtualHost XXX.XXX.XXX.101:443
<VirtualHost XXX.XXX.XXX.100:443>

Next, go to the bottom of the file and setup your Zimbra virtual host

<VirtualHost XXX.XXX.XXX.101:443>
   ServerName mail.yourdomain.com
   ServerAdmin admin@yourdomain.com
   ErrorLog /var/log/zimbra-ssl-error.log
   CustomLog /var/log/zimbra-ssl-access.log common
   SSLEngine on
   SSLProtocol all -SSLv2
   SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
   SSLCertificateFile /etc/pki/tls/certs/zimbra.crt
   SSLCertificateKeyFile /etc/pki/tls/private/zimbra.key
   SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
   Redirect / https://mail.yourdomain.com:60443/
</VirtualHost>

Why do we bother specifying the SSL certificate if we are only going to redirect from Apache to Zimbra? Because if you don't, your user will get an "invalid certificate" error from their browser before the redirect happens.

Restart Apache

/etc/init.d/httpd restart

Other Links

Provide_HTTP(s)_Integration_with_Apache

Zimbra_with_Apache_using_mod_jk_-_mod_proxy_-_mod_proxy_ajp

Using_Tomcat_with_Apache_(mod_jk)


Verified Against: Unknown Date Created: 5/5/2006
Article ID: http://wiki.zimbra.com/index.php?title=ZimbraApache Date Modified: 05/7/2009
Personal tools