Enabling Zimbra Proxy and memcached: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
{{Article Infobox|{{admin}}||{{ZCS | {{Article Infobox|{{admin}}||{{ZCS 8.0}}|}} | ||
== ZCS Versions == | == ZCS Versions == | ||
This document is applicable to ZCS | This document is applicable to ZCS 8.0+. | ||
== Multi-node == | == Multi-node == | ||
=== Simple Command With Defaults === | === Simple Command With Defaults === | ||
The '' | The ''zmproxyconfig'' command can be run with limited arguments if the command defaults are acceptable. Run /opt/zimbra/libexec/zmproxyconfig to view all the argument options and the usage | ||
==== Preparing Proxy Hosts ==== | ==== Preparing Proxy Hosts ==== | ||
Line 12: | Line 12: | ||
* Enable (-e) IMAP/POP3 mail (-m) and HTTP (-w) in both HTTP and HTTPS (-x) mode for host (-H) returned by the zmhostname command | * Enable (-e) IMAP/POP3 mail (-m) and HTTP (-w) in both HTTP and HTTPS (-x) mode for host (-H) returned by the zmhostname command | ||
/opt/zimbra/libexec/ | /opt/zimbra/libexec/zmproxyconfig -m -w -e -x both -H `zmhostname` | ||
or | or | ||
* Enable IMAP/POP3 proxy only without HTTP | * Enable IMAP/POP3 proxy only without HTTP | ||
/opt/zimbra/libexec/ | /opt/zimbra/libexec/zmproxyconfig -m -e -H `zmhostname` | ||
or | or | ||
* Enable HTTP proxy only without IMAP/POP3 in both mode | * Enable HTTP proxy only without IMAP/POP3 in both mode | ||
/opt/zimbra/libexec/ | /opt/zimbra/libexec/zmproxyconfig -w -e -x both -H `zmhostname` | ||
Note: the | Note: the zmproxyconfig command can be run more than once with the (-e) flag to enable proxy services. It is common, for example, to enable HTTP proxy after having used proxy for IMAP/POP3 services. | ||
==== Preparing Mailbox Server Hosts ==== | ==== Preparing Mailbox Server Hosts ==== | ||
Log into each mailbox server host and run as user ''zimbra'' | Log into each mailbox server host and run as user ''zimbra'' | ||
/opt/zimbra/libexec/ | /opt/zimbra/libexec/zmproxyconfig -m -w -e -H `zmhostname` | ||
'''** STOP **''' here if the simple commands are used. | '''** STOP **''' here if the simple commands are used. | ||
Line 35: | Line 35: | ||
=== HTTP === | === HTTP === | ||
When using '' | When using ''zmproxyconfig'' to enable HTTP proxy, ''-w'' is used to indicate web proxy and ''-a'' is used to specify a colon separated list of web ports in format '''HTTP-STORE:HTTP-PROXY:HTTPS-STORE:HTTPS-PROXY'''. Note these port designations only specify listener ports for the server specified with ''-H'', therefore, use a value of "0" (disabled) to avoid port conflict errors. | ||
==== Preparing Proxy Hosts ==== | ==== Preparing Proxy Hosts ==== | ||
Enable the proxy host to listen on ports 80 and 443. Login to each host running zimbra-proxy and run | Enable the proxy host to listen on ports 80 and 443. Login to each host running zimbra-proxy and run | ||
/opt/zimbra/libexec/ | /opt/zimbra/libexec/zmproxyconfig -w -e -a 0:80:0:443 -x both -H `zmhostname` | ||
HTTP-PROXY and HTTPS-PROXY ports are set to indicate listener ports for the HTTP proxy host. HTTP-STORE and HTTPS-STORE designations are 0 (disabled) since they apply only to mailbox server configurations and this is a proxy only host. | HTTP-PROXY and HTTPS-PROXY ports are set to indicate listener ports for the HTTP proxy host. HTTP-STORE and HTTPS-STORE designations are 0 (disabled) since they apply only to mailbox server configurations and this is a proxy only host. | ||
Line 50: | Line 50: | ||
Alternatively, mailbox servers can listen on ports 80 and 443 without conflict to the proxy or other service. Just specify the desired listener ports with zmproxyinit's -a flag | Alternatively, mailbox servers can listen on ports 80 and 443 without conflict to the proxy or other service. Just specify the desired listener ports with zmproxyinit's -a flag | ||
/opt/zimbra/libexec/ | /opt/zimbra/libexec/zmproxyconfig -w -e -a 80:0:443:0 -H `zmhostname` | ||
==== Protocol Requirements Including HTTPS Redirect ==== | ==== Protocol Requirements Including HTTPS Redirect ==== | ||
Line 110: | Line 110: | ||
== Troubleshooting == | == Troubleshooting == | ||
=== Proxy Login Slow === | === Proxy Login Slow === | ||
A common nginx misconfiguration is to have incorrectly designated non-mailbox servers as routing handlers. Only mailbox servers can perform route handler functions. To view the | A common nginx misconfiguration is to have incorrectly designated non-mailbox servers as routing/zmlookup handlers. Only mailbox servers can perform route handler functions. To view the zmlookup lookup handlers, review the zm_lookup_handlers parameter in /opt/zimbra/conf/nginx/includes/nginx.conf.zmlookup | ||
<pre> | <pre> | ||
grep | grep zm_lookup_handlers /opt/zimbra/conf/nginx/includes/nginx.conf.zmlookup | ||
</pre> | </pre> | ||
Line 125: | Line 125: | ||
</pre> | </pre> | ||
{{Article Footer|| | {{Article Footer||6/05/2014}} | ||
[[Category:Proxy]] | [[Category:Proxy]] | ||
[[Category:ZCS | [[Category:ZCS 8.0]] |
Revision as of 18:10, 5 June 2014
Article Information |
---|
This article applies to the following ZCS versions. |
ZCS Versions
This document is applicable to ZCS 8.0+.
Multi-node
Simple Command With Defaults
The zmproxyconfig command can be run with limited arguments if the command defaults are acceptable. Run /opt/zimbra/libexec/zmproxyconfig to view all the argument options and the usage
Preparing Proxy Hosts
Log into each proxy server hosts and run as user zimbra
- Enable (-e) IMAP/POP3 mail (-m) and HTTP (-w) in both HTTP and HTTPS (-x) mode for host (-H) returned by the zmhostname command
/opt/zimbra/libexec/zmproxyconfig -m -w -e -x both -H `zmhostname`
or
- Enable IMAP/POP3 proxy only without HTTP
/opt/zimbra/libexec/zmproxyconfig -m -e -H `zmhostname`
or
- Enable HTTP proxy only without IMAP/POP3 in both mode
/opt/zimbra/libexec/zmproxyconfig -w -e -x both -H `zmhostname`
Note: the zmproxyconfig command can be run more than once with the (-e) flag to enable proxy services. It is common, for example, to enable HTTP proxy after having used proxy for IMAP/POP3 services.
Preparing Mailbox Server Hosts
Log into each mailbox server host and run as user zimbra
/opt/zimbra/libexec/zmproxyconfig -m -w -e -H `zmhostname`
** STOP ** here if the simple commands are used.
HTTP
When using zmproxyconfig to enable HTTP proxy, -w is used to indicate web proxy and -a is used to specify a colon separated list of web ports in format HTTP-STORE:HTTP-PROXY:HTTPS-STORE:HTTPS-PROXY. Note these port designations only specify listener ports for the server specified with -H, therefore, use a value of "0" (disabled) to avoid port conflict errors.
Preparing Proxy Hosts
Enable the proxy host to listen on ports 80 and 443. Login to each host running zimbra-proxy and run
/opt/zimbra/libexec/zmproxyconfig -w -e -a 0:80:0:443 -x both -H `zmhostname`
HTTP-PROXY and HTTPS-PROXY ports are set to indicate listener ports for the HTTP proxy host. HTTP-STORE and HTTPS-STORE designations are 0 (disabled) since they apply only to mailbox server configurations and this is a proxy only host.
Preparing Mailstore Hosts
Login to each host running zimbra-mailbox and run
/opt/zimbra/libexec/./zmproxyinit -w -e -a 8080:0:8443:0 -H `zmhostname`
HTTP-STORE and HTTPS-STORE ports of 8080 and 8443 are set to indicate listener ports for the mailbox server host. HTTP-PROXY and HTTPS-PROXY designations are 0 (disabled) since they apply only to proxy server configurations and this is a mailbox only host.
Alternatively, mailbox servers can listen on ports 80 and 443 without conflict to the proxy or other service. Just specify the desired listener ports with zmproxyinit's -a flag
/opt/zimbra/libexec/zmproxyconfig -w -e -a 80:0:443:0 -H `zmhostname`
Protocol Requirements Including HTTPS Redirect
HTTP proxy can support protocol modes for HTTP or HTTPS only, both HTTP and HTTPS, mixed HTTP and HTTPS or HTTPS redirect from HTTP. Redirect is a popular configuration. This configuration must be made to the proxy servers.
- HTTPS redirect from HTTP
zmprov ms proxy.server.name zimbraReverseProxyMailMode redirect
- HTTP and HTTPS (support both)
zmprov ms proxy.server.name zimbraReverseProxyMailMode both
- HTTPS only
zmprov ms proxy.server.name zimbraReverseProxyMailMode https
- HTTP only
zmprov ms proxy.server.name zimbraReverseProxyMailMode http
- "mixed" will cause only authentication to be sent over HTTPS
zmprov ms proxy.server.name zimbraReverseProxyMailMode mixed
Documents & Sharing
It is important to consider access to documents (Briefcase) and shares when setting up HTTP proxy. A publicly reachable address must be configured to be used for the REST and SOAP proxy interfaces otherwise components requiring access to these interfaces will fail. Calendar sharing is an example of one component. Set zimbraPublicServiceHostname, zimbraPublicServiceProtocol, and zimbraPublicServicePort when applicable. These values are usually not required without proxy since the REST and SOAP proxy interfaces take the value of the Zimbra mailbox service hostname by default. These attributes can be set globally to be inherited by all domains or per domain.
Set zimbraPublicServiceHostname to the value of the host that will be used in the URL for access to the HTTP proxy.
- This command sets mail.domain.com as the public hostname to be used for access to all domains in the Zimbra directory:
zmprov mcf zimbraPublicServiceHostname mail.domain.com
- This command sets mail.domaina.com as the public hostname to be used for access to domaina.com domain:
zmprov md domaina.com zimbraPublicServiceHostname mail.domaina.com
- Set zimbraPublicServiceProtocol to http or https depending on the protocol requirements for HTTP proxy:
zmprov md domaina.com zimbraPublicServiceProtocol https
- Set zimbraPublicServicePort to the value that corresponds to the HTTP proxy port used in the URL (optional if standard ports 80 or 443 are used for proxy listeners):
zmprov md domaina.com zimbraPublicServicePort 443
IMAP/POP3
Preparing Proxy Hosts
- IMAP
/opt/zimbra/libexec/./zmproxyinit -m -e -i 0:143:0:993 -H `zmhostname`
- POP3
/opt/zimbra/libexec/./zmproxyinit -m -e -p 0:110:0:995 -H `zmhostname`
- POP3 and IMAP in a single command
/opt/zimbra/libexec/./zmproxyinit -m -e -p 110:0:995:0 -i 143:0:993:0 -H `zmhostname`
Preparing Mailstore Hosts
- IMAP
/opt/zimbra/libexec/./zmproxyinit -m -e -i 7143:143:7993:993 -H `zmhostname`
- POP3
/opt/zimbra/libexec/./zmproxyinit -m -e -p 7110:110:7995:995 -H `zmhostname`
- POP3 and IMAP in a single command
/opt/zimbra/libexec/./zmproxyinit -m -e -p 110:0:995:0 -i 143:0:993:0 -H `zmhostname`
Troubleshooting
Proxy Login Slow
A common nginx misconfiguration is to have incorrectly designated non-mailbox servers as routing/zmlookup handlers. Only mailbox servers can perform route handler functions. To view the zmlookup lookup handlers, review the zm_lookup_handlers parameter in /opt/zimbra/conf/nginx/includes/nginx.conf.zmlookup
grep zm_lookup_handlers /opt/zimbra/conf/nginx/includes/nginx.conf.zmlookup
If a non-mailbox server is listed, set the zimbraReverseProxyLookupTarget server configuration attribute to FALSE for that server.
zmprov ms `zmhostname` zimbraReverseProxyLookupTarget FALSE
Additionally, zimbraReverseProxyLookupTarget is a server inherited attribute from the global configuration, so check if zimbraReverseProxyLookupTarget has been incorrectly designated in global config.
zmprov gcf zimbraReverseProxyLookupTarget