Difference between revisions of "Ajcody-Proxy-Guide-Rewrite-Project"

(Created page with "= Overview And Planning = == Overview Of Proxy And Related Components == Zimbra Proxy is a high-performance reverse proxy service for passing IMAP/POP3/HTTP[S] client request...")
 
m
 
(179 intermediate revisions by 4 users not shown)
Line 1: Line 1:
= Overview And Planning =
+
{{BC|Community Sandbox}}
== Overview Of Proxy And Related Components ==
+
__FORCETOC__
 +
<div class="col-md-12 ibox-content">
 +
=Ajcody Proxy Guide Rewrite Project=
 +
{{KB|{{Unsupported}}|{{ZCS 8.0}}|{{ZCS 7.0}}|}}
 +
{{WIP}}
 +
= Overview And Planning For Zimbra Proxy=
 +
Moved to:
 +
* https://wiki.zimbra.com/wiki/Zimbra_Proxy_Manual:Overview_And_Planning_For_Zimbra_Proxy
  
Zimbra Proxy is a high-performance reverse proxy service for passing IMAP/POP3/HTTP[S] client requests to other internal ZCS services. A reverse proxy server is an Internet-facing services that protects and manages client connections to your internal services. It can also provide functions like: GSSAPI authentication, throttle control, SSL connection with different certificates for different virtual host names, and other features described later below.
+
= Installing , Configuring, Disabling the Zimbra Proxy =
 +
Moved To:
 +
* https://wiki.zimbra.com/wiki/Zimbra_Proxy_Manual:Installing_,_Configuring,_Disabling_the_Zimbra_Proxy
  
 +
= Zimbra Proxy Related CLI Commands =
  
The Zimbra Proxy services allows other zimbra services [mailbox, webapp, etc.] that can be hidden from the Internet by acting as a reverse proxy for the other services and allows end-users to access the mail system via a single Login URL [for example, userA and userB can both use mail.domain.com] instead of knowing their specific mailbox hostnames [for example, userA uses mail12.domain.com and userB is uses mail13.domain.com]. It acts as the first entry point for all the HTTP/IMAP/POP traffic and then intelligently routes all static UI (HTML/CSS/JS etc) and dynamic (SOAP/REST/IMAP/POP) requests to the appropriate upstream server. The proxy configuration options for POP/IMAP allows end users to configure their POP/IMAP clients to use this single mail server hostname. The proxy configuration options around HTTP[S] allows end-users to use this single hostname for ZWC, REST, CalDAV, Zimbra Connector for Outlook, Zimbra Connector for BES, Zimbra Mobile Sync connections and so forth. The Zimbra Proxy service will also do URL rewriting so these internal hostnames that are providing the various services aren't exposed to the public or end-clients. For example, a Zimbra briefcase share from userA on mail12.domain.com to userB on mail13.domain.com will simply have mail.domain.com [per our example above] within the url. [ see [https://bugzilla.zimbra.com/show_bug.cgi?id=82236 bug 82236] ]
+
Moved To:
 +
https://wiki.zimbra.com/wiki/Zimbra_Proxy_Manual:Zimbra_Proxy_Related_CLI_Commands
  
 +
= Troubleshooting Zimbra Proxy =
  
With ZCS 8.5, the proxy components are installed by default and therefor would be enabled on a single ZCS server deployment. Normally though, the proxy services would be installed on Internet-facing servers and the other specific ZCS services [zimbra-store for example] would be on installed on internal servers. Generally, these packages are installed on dedicated Internet-facing servers intended to just do the proxy services or those that also run the zimbra-mta package. When the Zimbra Proxy package is installed, the proxy feature is enabled with default values that normally require no modification.
+
Moved TO:
 +
* https://wiki.zimbra.com/wiki/Zimbra_Proxy_Manual:Troubleshooting_Zimbra_Proxy
  
 +
= Advance Topics For Zimbra Proxy - Configuration And Template Files And Proxy Related Variables =
  
The Zimbra Proxy installation components consists of the zimbra-proxy and zimbra-memcached options during the installation package choice menu. The zimbra-proxy packages is Zimbra’s modified version of Nginx [http://nginx.org/], pronounced like “engine-ex”. And the zimbra-memcached packages is our modified version of memcached [http://memcached.org], pronounced like “memcache-dee”. A third component needed for our proxy environment to work is the Zimbra Proxy Route Lookup Handler or called the “Nginx Lookup Extension” (NLE for short). This is a java servlet that is installed from the zimbra-store package on the Zimbra mailbox servers. This servlet handles nginx queries for the user account route information (the server and port number where the user account resides).
+
https://wiki.zimbra.com/wiki/Zimbra_Proxy_Manual:Configuration_And_Template_Files_And_Proxy_Related_Variables
  
 +
Merged and Updated the following pages below and then set a REDIRECT to the main page above:
 +
* https://wiki.zimbra.com/wiki/NGINX_Configuration_Structure
 +
* https://wiki.zimbra.com/wiki/NGINX_Configuration_Directive_Reference
 +
* https://wiki.zimbra.com/wiki/Zimbra_Proxy_Attributes-Detailed
  
In a typical use case, the proxy services extracts the user login details and then fetches the route to the upstream mail server or web servers’ address from NLE servlet, and finally proxies the interactions between clients and upstream ZCS servers. To accelerate the speed of future route lookups for a user, memcached caches the lookup results. Therefore, the subsequent login with the same username will directly be proxied without calling to the NLE servlet.
+
= Advance Topics For Zimbra Proxy - Advanced Proxy Configuration Examples via CLI=
  
== What Is Zimbra Proxy ==
+
Created :
== Benefits And Reasons To Use ==
+
* https://wiki.zimbra.com/wiki/Zimbra_Proxy_Manual:Advanced_Proxy_Configuration_Examples_via_CLI
== Zimbra Proxy Components ==
 
== Architecture and Flow ==
 
== Position In ZCS Runtime ==
 
== Zimbra Proxy Ports ==
 
== Deployment Strategies, Server Specifications, Impact To Other Non-Proxy Hosts ==
 
  
= Installing And Configuring Zimbra Proxy =
+
= Advance Topics For Zimbra Proxy - Miscellaneous Topics =
== New ZCS Deployment ==
 
=== Single ZCS Server Environment ===
 
=== Multi-Server ZCS Environment ===
 
== Adding Proxy Services To Existing Non-Proxy Environments via ZCS Installer [Recommended Method] ==
 
=== Using New Servers ===
 
=== Using Existing Servers ===
 
== Adding Proxy Services To Existing Non-Proxy Environments via CLI [Advanced Method] ==
 
=== Using New Servers ===
 
=== Using Existing Servers ===
 
== Manually Modifying Proxy Services And Related Variables via CLI ==
 
=== Simple Command With Defaults ===
 
=== Protocol Requirements Including HTTPS Redirect ===
 
=== Documents & Sharing ===
 
  
= Troubleshooting =
+
Moved To:
== Proxy Related Log Files ==
+
* https://wiki.zimbra.com/wiki/Zimbra_Proxy_Manual:Miscellaneous_Topics
== Proxy Login Slow ==
 
== No Route To Host Errors ==
 
== 5xx Errors ==
 
  
= Advance Topics =
+
= Ports Scratchpad =
== Ldap Attributes For Proxy ==
+
 
=== Pre 8.5 Attributes ===
+
To see ports available on your server, you can do as '''root''' :
=== New 8.5 Attributes ===
+
 
== Proxy Configuration And Template Files ==
+
netstat -anltp | egrep '^tcp' | grep LISTEN | awk '{print $4 " "$7}' | sed -e 's/.*://' | sort -n | uniq
=== Understanding The Proxy Config Rewrite (zmproxyconfgen) Process (zmproxyconfig And zmproxyctl) ===
+
 
=== Config Files And Config Templates ===
+
{| class="wikitable sortable"
=== Config File Hierarchy ===
+
! Port !! If Proxied [Defaults] !! PID Name !! Pid Name If Proxied !! Package Name !! Package Name If Proxied !! zmprov related Variables !! Description !! Comments !! Binds To localhost Or Network Interface !! Open Or Routed Through Firewall
=== Description of Config Files ===
+
|-  style="background:white; color:black"
== Proxy Related CLI Commands ==
+
| 22 ||  || sshd ||  || sshd - from OS ||  || zimbraRemoteManagementPort || Remote Management Port ||  ||  ||
=== zmproxyconfig ===
+
|-  style="background:white; color:black"
==== Syntax ====
+
| 25 ||  || master ||  || mta ||  || zimbraSmtpPort || SMTP || Incoming mail to postfix ||  ||
==== Description ====
+
|-  style="background:white; color:black"
=== zmproxyctl ===
+
| 53 ||  || unbound ||  || dnscache ||  || || DNS Cache Server || Comments || localhost ||
==== Syntax ====
+
|-  style="background:white; color:black"
==== Description ====
+
| 80 || 8080 || java || nginx  || store || proxy || zimbraMailPort ; '''''zimbraMailProxyPort'''''  || HTTP ; '''''HTTP Backend (when proxied)''''' || Comments ||  ||
=== zmprov ===
+
|-  style="background:white; color:black"
==== Syntax ====
+
| 443 || 8443 || java || nginx || store || proxy || zimbraMailSSLPort ; '''''zimbraMailSSLProxyPort''''' || HTTPS ; '''''HTTPS Backend (when proxied''''') || Comments ||  ||
==== Description ====
+
|-  style="background:white; color:black"
== Advanced Proxy Configuration Examples via CLI ==
+
|  || 11211 ||  || memcached ||  || proxy || zmprov related Variables || Memcached || Comments ||  ||
=== Configure Zimbra Proxy For POP[S] And IMAP[S] Only ===
+
|-  style="background:white; color:black"
=== Configure Zimbra Proxy For POP[S] Only ===
+
| 7072 ||  || java ||  || store ||  ||  || Route Lookup Handler || ZCS Nginx Lookup (backend http service for nginx lookup/authentication) ||  ||
=== Configure Zimbra Proxy For POP[S] And HTTP[S] Only ===
+
|-  style="background:white; color:black"
=== Configure Zimbra Proxy For IMAP[S] Only ===
+
| 3443 || 9443 || ? || nginx || ? || nginx || zimbraMailSSLClientCertPort ; '''''zimbraMailSSLProxyClientCertPort''''' || Mail Client Cert ; '''''Mail Client Cert Backend (when proxied)''''' || Comments ||  ||
=== Configure Zimbra Proxy For IMAP[S] And HTTP[S] Only ===
+
|-  style="background:white; color:black"
=== Configure Zimbra Proxy For HTTP[S] Only ===
+
| 110 || 7110 || java || nginx || store || nginx || zimbraMailProxyPort ; '''''zimbraMailSSLProxyPort''''' || POP3 ; '''''POP3 Backend (when proxied)''''' || Comments ||  ||
=== Configure Or Customize The Zimbra Proxy For The Admin Console ===
+
|-  style="background:white; color:black"
=== Configure Zimbra Proxy For Kerberos Authentication ===
+
| 995 || 7995 || java || nginx || store || nginx || zimbraPop3SSLBindPort ; '''''zimbraPop3SSLProxyBindPort''''' || POP3S (Secure POP3) ; '''''POP3S Backend (when proxied)''''' || POP over SSL ||  ||
 +
|-  style="background:white; color:black"
 +
| 143 || 7143 || java || nginx || store || nginx || zimbraImapBindPort ; '''''zimbraImapProxyBindPort''''' || IMAP ; '''''IMAP Backend (when proxied)''''' || Comments ||  ||
 +
|-  style="background:white; color:black"
 +
| 993 || 7993 || java || nginx || store || nginx || zimbraImapSSLBindPort ; '''''zimbraImapSSLProxyBindPort''''' || IMAPS (Secure IMAP) ; '''''IMAPS Backend (when proxied)''''' || IMAP over SSL ||  ||
 +
|-  style="background:white; color:black"
 +
| 7071 || 9071 || java || nginx || store || nginx || zimbraAdminPort ; '''''zimbraAdminProxyPort''''' ; '''''zimbraReverseProxyAdminEnabled [default FALSE]''''' || Admin Console ; '''''Admin Console Through Proxy [If Enabled]''''' || HTTPS [nginx => mailbox when enabled]  ||  ||
 +
|-  style="background:white; color:black"
 +
| 465 ||  || master ||  || mta ||  ||  || SMTPS || Incoming mail to postfix over ssl (Legacy Outlook only?) If possible, use 587 instead) ||  ||
 +
|-  style="background:white; color:black"
 +
| 587 ||  || master ||  || mta ||  ||  || SMTP || Mail submission over TLS ||  ||
 +
|-  style="background:white; color:black"
 +
| 3310 ||  || clamd ||  || mta ||  || zimbraClamAVListenPort || ClamAV || Comments ||  ||
 +
|-  style="background:white; color:black"
 +
| 7025 ||  || java ||  || store ||  || zimbraLmtpBindPort || LMTP || Local mail delivery ||  ||
 +
|-  style="background:white; color:black"
 +
| 8465 ||  || opendkim ||  || mta ||  || zmprov related Variables || Description || Comments ||  ||
 +
|-  style="background:white; color:black"
 +
| 10024 ||  || amavisd ||  || mta ||  || zmprov related Variables || SMTP || To Amavis from Postfix ||  ||
 +
|-  style="background:white; color:black"
 +
| 10025 ||  || master ||  || mta ||  || zmprov related Variables || SMTP || To Postfix from Amavis ||  ||
 +
|-  style="background:white; color:black"
 +
| 10026 ||  || amavisd ||  || mta ||  || zmprov related Variables || Description || Comments ||  ||
 +
|-  style="background:white; color:black"
 +
| 10027 ||  || master ||  || mta ||  || zmprov related Variables || Description || Comments ||  ||
 +
|-  style="background:white; color:black"
 +
| 10028 ||  || master ||  || mta ||  || zmprov related Variables || Description || Comments ||  ||
 +
|-  style="background:white; color:black"
 +
| 10029 ||  || master ||  || mta ||  || zmprov related Variables || Description || Comments ||  ||
 +
|-  style="background:white; color:black"
 +
| 10030 ||  || master ||  || mta ||  || zmprov related Variables || Description || Comments ||  ||
 +
|-  style="background:white; color:black"
 +
| 10031 ||  ||  ||  || mta ||  || zimbraCBPolicydBindPort || CB Policy || Comments ||  ||
 +
|-  style="background:white; color:black"
 +
| 10032 ||  || amavisd ||  || mta ||  || zmprov related Variables || Description || Comments ||  ||
 +
|-  style="background:white; color:black"
 +
| 389 ||  || slapd ||  || ldap ||  ||  || LDAP || Comments ||  ||
 +
|-  style="background:white; color:black"
 +
| 636 ||  || slapd ||  || ldap ||  ||  || LDAPS || If enabled. ||  ||
 +
|-  style="background:white; color:black"
 +
| 7047 ||  || httpd ||  || convertd ||  || zmprov related Variables || Conversion server || Comments ||  ||
 +
|-  style="background:white; color:black"
 +
| 7306 ||  || mysqld ||  || store ||  || zmprov related Variables || Mysql || Comments ||  ||
 +
|-  style="background:white; color:black"
 +
| 7780 ||  || httpd ||  || spell ||  || zmprov related Variables || Spell check || Comments ||  ||
 +
|-  style="background:white; color:black"
 +
| Port || If Proxied || PID Name || Pid Name If Proxied || Package Name || Package Name If Proxied || zmprov related Variables || Description || Comments ||  ||
 +
|}
 +
{{Article Footer|Zimbra Collaboration 8.0, 7.0|04/16/2014}}
 +
 
 +
----
 +
 
 +
[[Category: Community Sandbox]]
 +
[[Category: Author:Ajcody]]

Latest revision as of 22:00, 7 June 2016

Ajcody Proxy Guide Rewrite Project

   KB 21113        Last updated on 2016-06-7  




0.00
(0 votes)

Overview And Planning For Zimbra Proxy

Moved to:

Installing , Configuring, Disabling the Zimbra Proxy

Moved To:

Zimbra Proxy Related CLI Commands

Moved To:

Troubleshooting Zimbra Proxy

Moved TO:

Advance Topics For Zimbra Proxy - Configuration And Template Files And Proxy Related Variables

https://wiki.zimbra.com/wiki/Zimbra_Proxy_Manual:Configuration_And_Template_Files_And_Proxy_Related_Variables

Merged and Updated the following pages below and then set a REDIRECT to the main page above:

Advance Topics For Zimbra Proxy - Advanced Proxy Configuration Examples via CLI

Created :

Advance Topics For Zimbra Proxy - Miscellaneous Topics

Moved To:

Ports Scratchpad

To see ports available on your server, you can do as root :

netstat -anltp | egrep '^tcp' | grep LISTEN | awk '{print $4 " "$7}' | sed -e 's/.*://' | sort -n | uniq
Port If Proxied [Defaults] PID Name Pid Name If Proxied Package Name Package Name If Proxied zmprov related Variables Description Comments Binds To localhost Or Network Interface Open Or Routed Through Firewall
22 sshd sshd - from OS zimbraRemoteManagementPort Remote Management Port
25 master mta zimbraSmtpPort SMTP Incoming mail to postfix
53 unbound dnscache DNS Cache Server Comments localhost
80 8080 java nginx store proxy zimbraMailPort ; zimbraMailProxyPort HTTP ; HTTP Backend (when proxied) Comments
443 8443 java nginx store proxy zimbraMailSSLPort ; zimbraMailSSLProxyPort HTTPS ; HTTPS Backend (when proxied) Comments
11211 memcached proxy zmprov related Variables Memcached Comments
7072 java store Route Lookup Handler ZCS Nginx Lookup (backend http service for nginx lookup/authentication)
3443 9443  ? nginx  ? nginx zimbraMailSSLClientCertPort ; zimbraMailSSLProxyClientCertPort Mail Client Cert ; Mail Client Cert Backend (when proxied) Comments
110 7110 java nginx store nginx zimbraMailProxyPort ; zimbraMailSSLProxyPort POP3 ; POP3 Backend (when proxied) Comments
995 7995 java nginx store nginx zimbraPop3SSLBindPort ; zimbraPop3SSLProxyBindPort POP3S (Secure POP3) ; POP3S Backend (when proxied) POP over SSL
143 7143 java nginx store nginx zimbraImapBindPort ; zimbraImapProxyBindPort IMAP ; IMAP Backend (when proxied) Comments
993 7993 java nginx store nginx zimbraImapSSLBindPort ; zimbraImapSSLProxyBindPort IMAPS (Secure IMAP) ; IMAPS Backend (when proxied) IMAP over SSL
7071 9071 java nginx store nginx zimbraAdminPort ; zimbraAdminProxyPort ; zimbraReverseProxyAdminEnabled [default FALSE] Admin Console ; Admin Console Through Proxy [If Enabled] HTTPS [nginx => mailbox when enabled]
465 master mta SMTPS Incoming mail to postfix over ssl (Legacy Outlook only?) If possible, use 587 instead)
587 master mta SMTP Mail submission over TLS
3310 clamd mta zimbraClamAVListenPort ClamAV Comments
7025 java store zimbraLmtpBindPort LMTP Local mail delivery
8465 opendkim mta zmprov related Variables Description Comments
10024 amavisd mta zmprov related Variables SMTP To Amavis from Postfix
10025 master mta zmprov related Variables SMTP To Postfix from Amavis
10026 amavisd mta zmprov related Variables Description Comments
10027 master mta zmprov related Variables Description Comments
10028 master mta zmprov related Variables Description Comments
10029 master mta zmprov related Variables Description Comments
10030 master mta zmprov related Variables Description Comments
10031 mta zimbraCBPolicydBindPort CB Policy Comments
10032 amavisd mta zmprov related Variables Description Comments
389 slapd ldap LDAP Comments
636 slapd ldap LDAPS If enabled.
7047 httpd convertd zmprov related Variables Conversion server Comments
7306 mysqld store zmprov related Variables Mysql Comments
7780 httpd spell zmprov related Variables Spell check Comments
Port If Proxied PID Name Pid Name If Proxied Package Name Package Name If Proxied zmprov related Variables Description Comments
Verified Against: Zimbra Collaboration 8.0, 7.0 Date Created: 04/16/2014
Article ID: https://wiki.zimbra.com/index.php?title=Ajcody-Proxy-Guide-Rewrite-Project Date Modified: 2016-06-07



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »




Jump to: navigation, search