Enabling Zimbra Proxy and memcached
Article Information |
---|
This article applies to the following ZCS versions.
ZCS VersionsThis document is applicable to ZCS 5.0.x only. In ZCS 6.0, the zmproxyinit command has been changed to zmproxyconfig. The steps outlined in this article are specific to the zmproxyinit command, and may not be applicable to zmproxyconfig. Multi-nodeSimple Command With DefaultsThe zmproxyinit command can be run with limited arguments if the command defaults are acceptable. Run zmproxyinit without arguments to view the defaults. Preparing Proxy HostsLog into each proxy server hosts and run as user zimbra
/opt/zimbra/libexec/./zmproxyinit -m -w -e -x both -H `zmhostname` or
/opt/zimbra/libexec/./zmproxyinit -m -e -H `zmhostname` or
/opt/zimbra/libexec/./zmproxyinit -w -e -x both -H `zmhostname` Note: the zmproxyinit command can be run more than once with the (-e) flag to enable proxy services. It is common, for example, to enable HTTP proxy after having used proxy for IMAP/POP3 services. Preparing Mailbox Server HostsLog into each mailbox server host and run as user zimbra /opt/zimbra/libexec/./zmproxyinit -m -w -e -H `zmhostname` ** STOP ** here if the simple commands are used. HTTPWhen using zmproxyinit to enable HTTP proxy, -w is used to indicate web proxy and -a is used to specify a colon separated list of web ports in format HTTP-STORE:HTTP-PROXY:HTTPS-STORE:HTTPS-PROXY. Note these port designations only specify listener ports for the server specified with -H, therefore, use a value of "0" (disabled) to avoid port conflict errors. Preparing Proxy HostsEnable the proxy host to listen on ports 80 and 443. Login to each host running zimbra-proxy and run /opt/zimbra/libexec/./zmproxyinit -w -e -a 0:80:0:443 -x both -H `zmhostname` HTTP-PROXY and HTTPS-PROXY ports are set to indicate listener ports for the HTTP proxy host. HTTP-STORE and HTTPS-STORE designations are 0 (disabled) since they apply only to mailbox server configurations and this is a proxy only host. Preparing Mailstore HostsLogin to each host running zimbra-mailbox and run /opt/zimbra/libexec/./zmproxyinit -w -e -a 8080:0:8443:0 -H `zmhostname` HTTP-STORE and HTTPS-STORE ports of 8080 and 8443 are set to indicate listener ports for the mailbox server host. HTTP-PROXY and HTTPS-PROXY designations are 0 (disabled) since they apply only to proxy server configurations and this is a mailbox only host. Alternatively, mailbox servers can listen on ports 80 and 443 without conflict to the proxy or other service. Just specify the desired listener ports with zmproxyinit's -a flag /opt/zimbra/libexec/./zmproxyinit -w -e -a 80:0:443:0 -H `zmhostname Protocol Requirements Including HTTPS RedirectHTTP proxy can support protocol modes for HTTP or HTTPS only, both HTTP and HTTPS, mixed HTTP and HTTPS or HTTPS redirect from HTTP. Redirect is a popular configuration. This configuration must be made to the proxy servers.
zmprov ms proxy.server.name zimbraReverseProxyMailMode redirect
zmprov ms proxy.server.name zimbraReverseProxyMailMode both
zmprov ms proxy.server.name zimbraReverseProxyMailMode https
zmprov ms proxy.server.name zimbraReverseProxyMailMode http
zmprov ms proxy.server.name zimbraReverseProxyMailMode mixed Documents & SharingIt is important to consider access to documents (Briefcase) and shares when setting up HTTP proxy. A publicly reachable address must be configured to be used for the REST and SOAP proxy interfaces otherwise components requiring access to these interfaces will fail. Calendar sharing is an example of one component. Set zimbraPublicServiceHostname, zimbraPublicServiceProtocol, and zimbraPublicServicePort when applicable. These values are usually not required without proxy since the REST and SOAP proxy interfaces take the value of the Zimbra mailbox service hostname by default. These attributes can be set globally to be inherited by all domains or per domain. Set zimbraPublicServiceHostname to the value of the host that will be used in the URL for access to the HTTP proxy.
zmprov mcf zimbraPublicServiceHostname mail.domain.com
zmprov md domaina.com zimbraPublicServiceHostname mail.domaina.com
zmprov md domaina.com zimbraPublicServiceProtocol https
zmprov md domaina.com zimbraPublicServicePort 443 IMAP/POP3Preparing Proxy Hosts
/opt/zimbra/libexec/./zmproxyinit -m -e -i 0:143:0:993 -H `zmhostname`
/opt/zimbra/libexec/./zmproxyinit -m -e -p 0:110:0:995 -H `zmhostname`
/opt/zimbra/libexec/./zmproxyinit -m -e -p 110:0:995:0 -i 143:0:993:0 -H `zmhostname` Preparing Mailstore Hosts
/opt/zimbra/libexec/./zmproxyinit -m -e -i 7143:143:7993:993 -H `zmhostname`
/opt/zimbra/libexec/./zmproxyinit -m -e -p 7110:110:7995:995 -H `zmhostname`
/opt/zimbra/libexec/./zmproxyinit -m -e -p 110:0:995:0 -i 143:0:993:0 -H `zmhostname` TroubleshootingProxy Login SlowA common nginx misconfiguration is to have incorrectly designated non-mailbox servers as routing handlers. Only mailbox servers can perform route handler functions. To view the route lookup handlers, review the zmroutehandlers parameter in /opt/zimbra/conf/nginx/includes/nginx.conf.web. grep zmroutehandlers /opt/zimbra/conf/nginx/includes/nginx.conf.web If a non-mailbox server is listed, set the zimbraReverseProxyLookupTarget server configuration attribute to FALSE for that server. zmprov ms `zmhostname` zimbraReverseProxyLookupTarget FALSE Additionally, zimbraReverseProxyLookupTarget is a server inherited attribute from the global configuration, so check if zimbraReverseProxyLookupTarget has been incorrectly designated in global config. zmprov gcf zimbraReverseProxyLookupTarget
|