Difference between revisions of "NGINX Configuration Directive Reference"

Line 4: Line 4:
  
 
= Configuration Keywords =
 
= Configuration Keywords =
 +
 +
== core.cprefix ==
 +
  NGINX Keyword:        core.cprefix
 +
  Description:          Common config file prefix
 +
  Controlling Attribute: (none)
 +
  Default Value:        nginx.conf
 +
  Current Value:        nginx.conf
 +
  Config Text:          nginx.conf
 +
 +
== core.includes ==
 +
  NGINX Keyword:        core.includes
 +
  Description:          Include directory (relative to ${core.workdir}/conf)
 +
  Controlling Attribute: (none)
 +
  Default Value:        nginx/includes
 +
  Current Value:        nginx/includes
 +
  Config Text:          nginx/includes
 +
 +
== core.tprefix ==
 +
  NGINX Keyword:        core.tprefix
 +
  Description:          Common template file prefix
 +
  Controlling Attribute: (none)
 +
  Default Value:        nginx.conf
 +
  Current Value:        nginx.conf
 +
  Config Text:          nginx.conf
 +
 +
== core.workdir ==
 +
  NGINX Keyword:        core.workdir
 +
  Description:          Working Directory for NGINX worker processes
 +
  Controlling Attribute: (none)
 +
  Default Value:        /opt/zimbra
 +
  Current Value:        /opt/zimbra
 +
  Config Text:          /opt/zimbra
 +
 +
== mail.:auth_http ==
 +
  NGINX Keyword:        mail.:auth_http
 +
  Description:          List of mail route lookup handlers (i.e. servers for which zimbraReverseProxyLookupTarget is true)
 +
  Controlling Attribute: zimbraReverseProxyLookupTarget
 +
  Default Value:        []
 +
  Current Value:        [devel.peerbhoy.nat:7072]
 +
  Config Text:              auth_http  devel.peerbhoy.nat:7072/service/extension/nginx-lookup;
 +
 +
== mail.authwait ==
 +
  NGINX Keyword:        mail.authwait
 +
  Description:          Time delay (ms) after which an incorrect POP/IMAP login attempt will be rejected
 +
  Controlling Attribute: zimbraReverseProxyAuthWaitInterval
 +
  Default Value:        10000
 +
  Current Value:        10000
 +
  Config Text:          10000ms
 +
 +
== mail.defaultrealm ==
 +
  NGINX Keyword:        mail.defaultrealm
 +
  Description:          Default SASL realm used in case Kerberos principal does not contain realm information
 +
  Controlling Attribute: zimbraReverseProxyDefaultRealm
 +
  Default Value:       
 +
  Current Value:        EXAMPLE.COM
 +
  Config Text:          EXAMPLE.COM
 +
 +
== mail.dpasswd ==
 +
  NGINX Keyword:        mail.dpasswd
 +
  Description:          Password for master credentials used by NGINX to log in to upstream for GSSAPI authentication
 +
  Controlling Attribute: ldap_nginx_password
 +
  Default Value:        zmnginx
 +
  Current Value:        zmnginx
 +
  Config Text:          zmnginx
 +
 +
== mail.enabled ==
 +
  NGINX Keyword:        mail.enabled
 +
  Description:          Indicates whether Mail Proxy is enabled
 +
  Controlling Attribute: zimbraReverseProxyMailEnabled
 +
  Default Value:        true
 +
  Current Value:        true
 +
  Config Text:         
 +
 +
== mail.imap.authgssapi.enabled ==
 +
  NGINX Keyword:        mail.imap.authgssapi.enabled
 +
  Description:          Whether SASL GSSAPI is enabled for IMAP
 +
  Controlling Attribute: zimbraReverseProxyImapSaslGssapiEnabled
 +
  Default Value:        false
 +
  Current Value:        true
 +
  Config Text:         
 +
 +
== mail.imap.authplain.enabled ==
 +
  NGINX Keyword:        mail.imap.authplain.enabled
 +
  Description:          Whether SASL PLAIN is enabled for IMAP
 +
  Controlling Attribute: zimbraReverseProxyImapSaslPlainEnabled
 +
  Default Value:        true
 +
  Current Value:        true
 +
  Config Text:         
 +
 +
== mail.imap.greeting ==
 +
  NGINX Keyword:        mail.imap.greeting
 +
  Description:          Proxy IMAP banner message (contains build version if zimbraReverseProxyImapExposeVersionOnBanner is true)
 +
  Controlling Attribute: zimbraReverseProxyPop3ExposeVersionOnBanner
 +
  Default Value:       
 +
  Current Value:       
 +
  Config Text:         
 +
 +
== mail.imap.literalauth ==
 +
  NGINX Keyword:        mail.imap.literalauth
 +
  Description:          Whether NGINX uses literal strings for user name/password when logging in to upstream IMAP server - if false, NGINX uses quoted strings
 +
  Controlling Attribute: (none)
 +
  Default Value:        true
 +
  Current Value:        true
 +
  Config Text:          on
 +
 +
== mail.imap.port ==
 +
  NGINX Keyword:        mail.imap.port
 +
  Description:          Mail Proxy IMAP Port
 +
  Controlling Attribute: zimbraImapProxyBindPort
 +
  Default Value:        143
 +
  Current Value:        143
 +
  Config Text:          143
 +
 +
== mail.imap.tls ==
 +
  NGINX Keyword:        mail.imap.tls
 +
  Description:          TLS support for IMAP - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel
 +
  Controlling Attribute: zimbraReverseProxyImapStartTlsMode
 +
  Default Value:        only
 +
  Current Value:        on
 +
  Config Text:          on
 +
 +
== mail.imapcapa ==
 +
  NGINX Keyword:        mail.imapcapa
 +
  Description:          IMAP Capability List
 +
  Controlling Attribute: zimbraReverseProxyImapEnabledCapability
 +
  Default Value:        []
 +
  Current Value:        [ACL, BINARY, CATENATE, CHILDREN, CONDSTORE, ENABLE, ESEARCH, ESORT, I18NLEVEL=1, ID, IDLE, IMAP4rev1, LIST-EXTENDED, LITERAL+, MULTIAPPEND, NAMESPACE, QRESYNC, QUOTA, RIGHTS=ektx, SASL-IR, SEARCHRES, SORT, THREAD=ORDEREDSUBJECT, UIDPLUS, UNSELECT, WITHIN]
 +
  Config Text:            "ACL" "BINARY" "CATENATE" "CHILDREN" "CONDSTORE" "ENABLE" "ESEARCH" "ESORT" "I18NLEVEL=1" "ID" "IDLE" "IMAP4rev1" "LIST-EXTENDED" "LITERAL+" "MULTIAPPEND" "NAMESPACE" "QRESYNC" "QUOTA" "RIGHTS=ektx" "SASL-IR" "SEARCHRES" "SORT" "THREAD=ORDEREDSUBJECT" "UIDPLUS" "UNSELECT" "WITHIN"
 +
 +
== mail.imapid ==
 +
  NGINX Keyword:        mail.imapid
 +
  Description:          NGINX response to IMAP ID command
 +
  Controlling Attribute: (none)
 +
  Default Value:        "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"
 +
  Current Value:        "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"
 +
  Config Text:          "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"
 +
 +
== mail.imaps.port ==
 +
  NGINX Keyword:        mail.imaps.port
 +
  Description:          Mail Proxy IMAPS Port
 +
  Controlling Attribute: zimbraImapSSLProxyBindPort
 +
  Default Value:        993
 +
  Current Value:        993
 +
  Config Text:          993
 +
 +
== mail.ipmax ==
 +
  NGINX Keyword:        mail.ipmax
 +
  Description:          IP Login Limit (Throttle) - 0 means infinity
 +
  Controlling Attribute: zimbraReverseProxyIPLoginLimit
 +
  Default Value:        0
 +
  Current Value:        0
 +
  Config Text:          0
 +
 +
== mail.iprej ==
 +
  NGINX Keyword:        mail.iprej
 +
  Description:          Rejection message for IP throttle
 +
  Controlling Attribute: zimbraReverseProxyIpThrottleMsg
 +
  Default Value:        Login rejected from this IP
 +
  Current Value:        Login rejected from this IP
 +
  Config Text:          Login rejected from this IP
 +
 +
== mail.ipttl ==
 +
  NGINX Keyword:        mail.ipttl
 +
  Description:          Time interval (ms) after which IP Login Counter is reset
 +
  Controlling Attribute: zimbraReverseProxyIPLoginLimitTime
 +
  Default Value:        3600000
 +
  Current Value:        3600000
 +
  Config Text:          3600000ms
 +
 +
== mail.passerrors ==
 +
  NGINX Keyword:        mail.passerrors
 +
  Description:          Indicates whether mail proxy will pass any protocol specific errors from the upstream server back to the downstream client
 +
  Controlling Attribute: zimbraReverseProxyPassErrors
 +
  Default Value:        true
 +
  Current Value:        true
 +
  Config Text:          on
 +
 +
= mail.pop3.authgssapi.enabled =
 +
  NGINX Keyword:        mail.pop3.authgssapi.enabled
 +
  Description:          Whether SASL GSSAPI is enabled for POP3
 +
  Controlling Attribute: zimbraReverseProxyPop3SaslGssapiEnabled
 +
  Default Value:        false
 +
  Current Value:        true
 +
  Config Text:         
 +
 +
==  ==
 +
  NGINX Keyword:        mail.pop3.authplain.enabled
 +
  Description:          Whether SASL PLAIN is enabled for POP3
 +
  Controlling Attribute: zimbraReverseProxyPop3SaslPlainEnabled
 +
  Default Value:        true
 +
  Current Value:        true
 +
  Config Text:         
 +
 +
==  ==
 +
  NGINX Keyword:        mail.pop3.greeting
 +
  Description:          Proxy POP3 banner message (contains build version if zimbraReverseProxyPop3ExposeVersionOnBanner is true)
 +
  Controlling Attribute: zimbraReverseProxyPop3ExposeVersionOnBanner
 +
  Default Value:       
 +
  Current Value:       
 +
  Config Text:         
 +
 +
==  ==
 +
  NGINX Keyword:        mail.pop3.port
 +
  Description:          Mail Proxy POP3 Port
 +
  Controlling Attribute: zimbraPop3ProxyBindPort
 +
  Default Value:        110
 +
  Current Value:        110
 +
  Config Text:          110
 +
 +
==  ==
 +
  NGINX Keyword:        mail.pop3.tls
 +
  Description:          TLS support for POP3 - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel
 +
  Controlling Attribute: zimbraReverseProxyPop3StartTlsMode
 +
  Default Value:        only
 +
  Current Value:        on
 +
  Config Text:          on
 +
 +
==  ==
 +
  NGINX Keyword:        mail.pop3capa
 +
  Description:          POP3 Capability List
 +
  Controlling Attribute: zimbraReverseProxyPop3EnabledCapability
 +
  Default Value:        []
 +
  Current Value:        [EXPIRE 31 USER, TOP, UIDL, USER, XOIP]
 +
  Config Text:            "EXPIRE 31 USER" "TOP" "UIDL" "USER" "XOIP"
 +
 +
==  ==
 +
  NGINX Keyword:        mail.pop3s.port
 +
  Description:          Mail Proxy POP3S Port
 +
  Controlling Attribute: zimbraPop3SSLProxyBindPort
 +
  Default Value:        995
 +
  Current Value:        995
 +
  Config Text:          995
 +
 +
==  ==
 +
  NGINX Keyword:        mail.sasl_host_from_ip
 +
  Description:          Whether to use incoming interface IP address to determine service principal name (if true, IP address is reverse mapped to DNS name, else host name of proxy is used)
 +
  Controlling Attribute: krb5_service_principal_from_interface_address
 +
  Default Value:        false
 +
  Current Value:        false
 +
  Config Text:          off
 +
 +
==  ==
 +
  NGINX Keyword:        mail.saslapp
 +
  Description:          Application name used by NGINX to initialize SASL authentication
 +
  Controlling Attribute: (none)
 +
  Default Value:        nginx
 +
  Current Value:        nginx
 +
  Config Text:          nginx
 +
 +
==  ==
 +
  NGINX Keyword:        mail.ssl.cert
 +
  Description:          Mail Proxy SSL certificate file
 +
  Controlling Attribute: (none)
 +
  Default Value:        /opt/zimbra/conf/nginx.crt
 +
  Current Value:        /opt/zimbra/conf/nginx.crt
 +
  Config Text:          /opt/zimbra/conf/nginx.crt
 +
 +
==  ==
 +
  NGINX Keyword:        mail.ssl.ciphers
 +
  Description:          Permitted ciphers for mail proxy
 +
  Controlling Attribute: zimbraReverseProxySSLCiphers
 +
  Default Value:        !SSLv2:!MD5:HIGH
 +
  Current Value:        !SSLv2:!MD5:HIGH
 +
  Config Text:          !SSLv2:!MD5:HIGH
 +
 +
==  ==
 +
  NGINX Keyword:        mail.ssl.key
 +
  Description:          Mail Proxy SSL certificate key
 +
  Controlling Attribute: (none)
 +
  Default Value:        /opt/zimbra/conf/nginx.key
 +
  Current Value:        /opt/zimbra/conf/nginx.key
 +
  Config Text:          /opt/zimbra/conf/nginx.key
 +
 +
==  ==
 +
  NGINX Keyword:        mail.ssl.preferserverciphers
 +
  Description:          Requires protocols SSLv3 and TLSv1 server ciphers be preferred over the client's ciphers
 +
  Controlling Attribute: (none)
 +
  Default Value:        true
 +
  Current Value:        true
 +
  Config Text:          on
 +
 +
==  ==
 +
  NGINX Keyword:        mail.timeout
 +
  Description:          Time interval (ms) after which, if a POP/IMAP connection is inactive, it will be automatically disconnected
 +
  Controlling Attribute: zimbraReverseProxyInactivityTimeout
 +
  Default Value:        3600000
 +
  Current Value:        3600000
 +
  Config Text:          3600000ms
 +
 +
==  ==
 +
  NGINX Keyword:        mail.upstream.imapid
 +
  Description:          Whether NGINX issues the IMAP ID command to the upstream server prior to logging in (audit purpose)
 +
  Controlling Attribute: zimbraReverseProxySendImapId
 +
  Default Value:        true
 +
  Current Value:        true
 +
  Config Text:          on
 +
 +
==  ==
 +
  NGINX Keyword:        mail.upstream.pop3xoip
 +
  Description:          Whether NGINX issues the POP3 XOIP command to the upstream server prior to logging in (audit purpose)
 +
  Controlling Attribute: zimbraReverseProxySendPop3Xoip
 +
  Default Value:        true
 +
  Current Value:        true
 +
  Config Text:          on
 +
 +
==  ==
 +
  NGINX Keyword:        mail.usermax
 +
  Description:          User Login Limit (Throttle) - 0 means infinity
 +
  Controlling Attribute: zimbraReverseProxyUserLoginLimit
 +
  Default Value:        0
 +
  Current Value:        0
 +
  Config Text:          0
 +
 +
==  ==
 +
  NGINX Keyword:        mail.userrej
 +
  Description:          Rejection message for User throttle
 +
  Controlling Attribute: zimbraReverseProxyUserThrottleMsg
 +
  Default Value:        Login rejected for this user
 +
  Current Value:        Login rejected for this user
 +
  Config Text:          Login rejected for this user
 +
 +
==  ==
 +
  NGINX Keyword:        mail.userttl
 +
  Description:          Time interval (ms) after which User Login Counter is reset
 +
  Controlling Attribute: zimbraReverseProxyUserLoginLimitTime
 +
  Default Value:        3600000
 +
  Current Value:        3600000
 +
  Config Text:          3600000ms
 +
 +
==  ==
 +
  NGINX Keyword:        main.connections
 +
  Description:          Maximum number of simultaneous connections per worker process
 +
  Controlling Attribute: zimbraReverseProxyWorkerConnections
 +
  Default Value:        10240
 +
  Current Value:        10240
 +
  Config Text:          10240
 +
 +
==  ==
 +
  NGINX Keyword:        main.group
 +
  Description:          The group as which the worker processes will run
 +
  Controlling Attribute: (none)
 +
  Default Value:        zimbra
 +
  Current Value:        zimbra
 +
  Config Text:          zimbra
 +
 +
==  ==
 +
  NGINX Keyword:        main.krb5keytab
 +
  Description:          Path to kerberos keytab file used for GSSAPI authentication
 +
  Controlling Attribute: krb5_keytab
 +
  Default Value:        /opt/zimbra/conf/krb5.keytab
 +
  Current Value:        /opt/zimbra/conf/krb5.keytab
 +
  Config Text:          /opt/zimbra/conf/krb5.keytab
 +
 +
==  ==
 +
  NGINX Keyword:        main.logfile
 +
  Description:          Log file path (relative to ${core.workdir})
 +
  Controlling Attribute: (none)
 +
  Default Value:        log/nginx.log
 +
  Current Value:        log/nginx.log
 +
  Config Text:          log/nginx.log
 +
 +
==  ==
 +
  NGINX Keyword:        main.loglevel
 +
  Description:          Log level - can be debug|info|notice|warn|error|crit
 +
  Controlling Attribute: zimbraReverseProxyLogLevel
 +
  Default Value:        info
 +
  Current Value:        info
 +
  Config Text:          info
 +
 +
==  ==
 +
  NGINX Keyword:        main.pidfile
 +
  Description:          PID file path (relative to ${core.workdir})
 +
  Controlling Attribute: (none)
 +
  Default Value:        log/nginx.pid
 +
  Current Value:        log/nginx.pid
 +
  Config Text:          log/nginx.pid
 +
 +
==  ==
 +
  NGINX Keyword:        main.user
 +
  Description:          The user as which the worker processes will run
 +
  Controlling Attribute: (none)
 +
  Default Value:        zimbra
 +
  Current Value:        zimbra
 +
  Config Text:          zimbra
 +
 +
==  ==
 +
  NGINX Keyword:        main.workers
 +
  Description:          Number of worker processes
 +
  Controlling Attribute: zimbraReverseProxyWorkerProcesses
 +
  Default Value:        4
 +
  Current Value:        4
 +
  Config Text:          4
 +
 +
==  ==
 +
  NGINX Keyword:        memcache.:servers
 +
  Description:          List of known memcache servers (i.e. servers having imapproxy service enabled)
 +
  Controlling Attribute: (none)
 +
  Default Value:        []
 +
  Current Value:        [devel.peerbhoy.nat:11211]
 +
  Config Text:            servers  devel.peerbhoy.nat:11211;
 +
 +
==  ==
 +
  NGINX Keyword:        memcache.reconnect
 +
  Description:          Time (ms) after which NGINX will attempt to re-establish a broken connection to a memcache server
 +
  Controlling Attribute: zimbraReverseProxyCacheReconnectInterval
 +
  Default Value:        60000
 +
  Current Value:        60000
 +
  Config Text:          60000ms
 +
 +
==  ==
 +
  NGINX Keyword:        memcache.timeout
 +
  Description:          Time (ms) given to a cache-fetch operation to complete
 +
  Controlling Attribute: zimbraReverseProxyCacheFetchTimeout
 +
  Default Value:        3000
 +
  Current Value:        3000
 +
  Config Text:          3000ms
 +
 +
==  ==
 +
  NGINX Keyword:        memcache.ttl
 +
  Description:          Time interval (ms) for which cached entries remain in memcache
 +
  Controlling Attribute: zimbraReverseProxyCacheEntryTTL
 +
  Default Value:        3600000
 +
  Current Value:        3600000
 +
  Config Text:          3600000ms
 +
 +
==  ==
 +
  NGINX Keyword:        memcache.unqual
 +
  Description:          Deprecated - always set to false
 +
  Controlling Attribute: (none)
 +
  Default Value:        false
 +
  Current Value:        false
 +
  Config Text:          off
 +
 +
==  ==
 +
  NGINX Keyword:        web.:routehandlers
 +
  Description:          List of web route lookup handlers (i.e. servers for which zimbraReverseProxyLookupTarget is true)
 +
  Controlling Attribute: zimbraReverseProxyLookupTarget
 +
  Default Value:        []
 +
  Current Value:        [devel.peerbhoy.nat:7072]
 +
  Config Text:              zmroutehandlers  devel.peerbhoy.nat:7072/service/extension/nginx-lookup;
 +
 +
==  ==
 +
  NGINX Keyword:        web.enabled
 +
  Description:          Indicates whether HTTP proxying is enabled
 +
  Controlling Attribute: zimbraReverseProxyHttpEnabled
 +
  Default Value:        false
 +
  Current Value:        true
 +
  Config Text:         
 +
 +
==  ==
 +
  NGINX Keyword:        web.http.enabled
 +
  Description:          Indicates whether HTTP Proxy will accept connections on HTTP (true unless zimbraReverseProxyMailMode is 'https')
 +
  Controlling Attribute: (none)
 +
  Default Value:        true
 +
  Current Value:        true
 +
  Config Text:         
 +
 +
==  ==
 +
  NGINX Keyword:        web.http.maxbody
 +
  Description:          Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413
 +
  Controlling Attribute: zimbraFileUploadMaxSize
 +
  Default Value:        10485760
 +
  Current Value:        10485760
 +
  Config Text:          10485760
 +
 +
==  ==
 +
  NGINX Keyword:        web.http.port
 +
  Description:          Web Proxy HTTP Port
 +
  Controlling Attribute: zimbraMailProxyPort
 +
  Default Value:        0
 +
  Current Value:        80
 +
  Config Text:          80
 +
 +
==  ==
 +
  NGINX Keyword:        web.http.uport
 +
  Description:          Web upstream server port
 +
  Controlling Attribute: zimbraMailPort
 +
  Default Value:        80
 +
  Current Value:        7070
 +
  Config Text:          7070
 +
 +
==  ==
 +
  NGINX Keyword:        web.https.enabled
 +
  Description:          Indicates whether HTTP Proxy will accept connections on HTTPS (true unless zimbraReverseProxyMailMode is 'http')
 +
  Controlling Attribute: (none)
 +
  Default Value:        true
 +
  Current Value:        true
 +
  Config Text:         
 +
 +
==  ==
 +
  NGINX Keyword:        web.https.maxbody
 +
  Description:          Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413
 +
  Controlling Attribute: zimbraFileUploadMaxSize
 +
  Default Value:        10485760
 +
  Current Value:        10485760
 +
  Config Text:          10485760
 +
 +
==  ==
 +
  NGINX Keyword:        web.https.port
 +
  Description:          Web Proxy HTTPS Port
 +
  Controlling Attribute: zimbraMailSSLProxyPort
 +
  Default Value:        0
 +
  Current Value:        443
 +
  Config Text:          443
 +
 +
==  ==
 +
  NGINX Keyword:        web.mailmode
 +
  Description:          Reverse Proxy Mail Mode - can be http|https|both|redirect|mixed
 +
  Controlling Attribute: zimbraReverseProxyMailMode
 +
  Default Value:        both
 +
  Current Value:        mixed
 +
  Config Text:          mixed
 +
 +
==  ==
 +
  NGINX Keyword:        web.routetimeout
 +
  Description:          Time interval (ms) given to web route lookup handler to respond to route lookup request (after this time elapses, Proxy fails over to next handler, or fails the request if there are no more lookup handlers)
 +
  Controlling Attribute: (none)
 +
  Default Value:        15000
 +
  Current Value:        15000
 +
  Config Text:          15000ms
 +
 +
==  ==
 +
  NGINX Keyword:        web.ssl.cert
 +
  Description:          Web Proxy SSL certificate path
 +
  Controlling Attribute: (none)
 +
  Default Value:        /opt/zimbra/conf/nginx.crt
 +
  Current Value:        /opt/zimbra/conf/nginx.crt
 +
  Config Text:          /opt/zimbra/conf/nginx.crt
 +
 +
==  ==
 +
  NGINX Keyword:        web.ssl.key
 +
  Description:          Web Proxy SSL certificate key
 +
  Controlling Attribute: (none)
 +
  Default Value:        /opt/zimbra/conf/nginx.key
 +
  Current Value:        /opt/zimbra/conf/nginx.key
 +
  Config Text:          /opt/zimbra/conf/nginx.key
 +
 +
== web.uploadmax ==
 +
  NGINX Keyword:        web.uploadmax
 +
  Description:          Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413
 +
  Controlling Attribute: zimbraFileUploadMaxSize
 +
  Default Value:        10485760
 +
  Current Value:        10485760
 +
  Config Text:          10485760
 +
 +
== web.upstream.:servers ==
 +
  NGINX Keyword:        web.upstream.:servers
 +
  Description:          List of upstream HTTP servers used by Web Proxy (i.e. servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both)
 +
  Controlling Attribute: zimbraReverseProxyLookupTarget
 +
  Default Value:        []
 +
  Current Value:        [devel.peerbhoy.nat:7070]
 +
  Config Text:              server  devel.peerbhoy.nat:7070;
 +
 +
== web.upstream.name ==
 +
  NGINX Keyword:        web.upstream.name
 +
  Description:          Symbolic name for HTTP upstream cluster
 +
  Controlling Attribute: (none)
 +
  Default Value:        zimbra
 +
  Current Value:        zimbra
 +
  Config Text:          zimbra

Revision as of 13:14, 8 September 2008

Almost all the configuration directives for Zimbra NGINX Proxy are controlled by LDAP attributes, and in some cases, by LocalConfig values. To simplify the Proxy Configuration, the NGINX Proxy Configuration Generator reads these LDAP/LocalConfig values, and generates the Proxy configuration files. To allow more flexibility to the process of config generation, the Config Generator reads in a set of template files, substitutes certain keywords with the actual values from LDAP/LocalConfig, and generates the configuration files for use with NGINX.

Both, the Proxy configuration files, and the Proxy configuration templates, are hierarchical in nature, which means that a main, top-level configuration file or template, includes other configuration files or templates respectively. Refer to the NGINX Configuration Structure for the Proxy Configuration Inclusion Hierarchy

Configuration Keywords

core.cprefix

 NGINX Keyword:         core.cprefix
 Description:           Common config file prefix
 Controlling Attribute: (none)
 Default Value:         nginx.conf
 Current Value:         nginx.conf
 Config Text:           nginx.conf

core.includes

 NGINX Keyword:         core.includes
 Description:           Include directory (relative to ${core.workdir}/conf)
 Controlling Attribute: (none)
 Default Value:         nginx/includes
 Current Value:         nginx/includes
 Config Text:           nginx/includes

core.tprefix

 NGINX Keyword:         core.tprefix
 Description:           Common template file prefix
 Controlling Attribute: (none)
 Default Value:         nginx.conf
 Current Value:         nginx.conf
 Config Text:           nginx.conf

core.workdir

 NGINX Keyword:         core.workdir
 Description:           Working Directory for NGINX worker processes
 Controlling Attribute: (none)
 Default Value:         /opt/zimbra
 Current Value:         /opt/zimbra
 Config Text:           /opt/zimbra

mail.:auth_http

 NGINX Keyword:         mail.:auth_http
 Description:           List of mail route lookup handlers (i.e. servers for which zimbraReverseProxyLookupTarget is true)
 Controlling Attribute: zimbraReverseProxyLookupTarget
 Default Value:         []
 Current Value:         [devel.peerbhoy.nat:7072]
 Config Text:               auth_http   devel.peerbhoy.nat:7072/service/extension/nginx-lookup;

mail.authwait

 NGINX Keyword:         mail.authwait
 Description:           Time delay (ms) after which an incorrect POP/IMAP login attempt will be rejected
 Controlling Attribute: zimbraReverseProxyAuthWaitInterval
 Default Value:         10000
 Current Value:         10000
 Config Text:           10000ms

mail.defaultrealm

 NGINX Keyword:         mail.defaultrealm
 Description:           Default SASL realm used in case Kerberos principal does not contain realm information
 Controlling Attribute: zimbraReverseProxyDefaultRealm
 Default Value:         
 Current Value:         EXAMPLE.COM
 Config Text:           EXAMPLE.COM

mail.dpasswd

 NGINX Keyword:         mail.dpasswd
 Description:           Password for master credentials used by NGINX to log in to upstream for GSSAPI authentication
 Controlling Attribute: ldap_nginx_password
 Default Value:         zmnginx
 Current Value:         zmnginx
 Config Text:           zmnginx

mail.enabled

 NGINX Keyword:         mail.enabled
 Description:           Indicates whether Mail Proxy is enabled
 Controlling Attribute: zimbraReverseProxyMailEnabled
 Default Value:         true
 Current Value:         true
 Config Text:           

mail.imap.authgssapi.enabled

 NGINX Keyword:         mail.imap.authgssapi.enabled
 Description:           Whether SASL GSSAPI is enabled for IMAP
 Controlling Attribute: zimbraReverseProxyImapSaslGssapiEnabled
 Default Value:         false
 Current Value:         true
 Config Text:           

mail.imap.authplain.enabled

 NGINX Keyword:         mail.imap.authplain.enabled
 Description:           Whether SASL PLAIN is enabled for IMAP
 Controlling Attribute: zimbraReverseProxyImapSaslPlainEnabled
 Default Value:         true
 Current Value:         true
 Config Text:           

mail.imap.greeting

 NGINX Keyword:         mail.imap.greeting
 Description:           Proxy IMAP banner message (contains build version if zimbraReverseProxyImapExposeVersionOnBanner is true)
 Controlling Attribute: zimbraReverseProxyPop3ExposeVersionOnBanner
 Default Value:         
 Current Value:         
 Config Text:           

mail.imap.literalauth

 NGINX Keyword:         mail.imap.literalauth
 Description:           Whether NGINX uses literal strings for user name/password when logging in to upstream IMAP server - if false, NGINX uses quoted strings
 Controlling Attribute: (none)
 Default Value:         true
 Current Value:         true
 Config Text:           on

mail.imap.port

 NGINX Keyword:         mail.imap.port
 Description:           Mail Proxy IMAP Port
 Controlling Attribute: zimbraImapProxyBindPort
 Default Value:         143
 Current Value:         143
 Config Text:           143

mail.imap.tls

 NGINX Keyword:         mail.imap.tls
 Description:           TLS support for IMAP - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel
 Controlling Attribute: zimbraReverseProxyImapStartTlsMode
 Default Value:         only
 Current Value:         on
 Config Text:           on

mail.imapcapa

 NGINX Keyword:         mail.imapcapa
 Description:           IMAP Capability List
 Controlling Attribute: zimbraReverseProxyImapEnabledCapability
 Default Value:         []
 Current Value:         [ACL, BINARY, CATENATE, CHILDREN, CONDSTORE, ENABLE, ESEARCH, ESORT, I18NLEVEL=1, ID, IDLE, IMAP4rev1, LIST-EXTENDED, LITERAL+, MULTIAPPEND, NAMESPACE, QRESYNC, QUOTA, RIGHTS=ektx, SASL-IR, SEARCHRES, SORT, THREAD=ORDEREDSUBJECT, UIDPLUS, UNSELECT, WITHIN]
 Config Text:            "ACL" "BINARY" "CATENATE" "CHILDREN" "CONDSTORE" "ENABLE" "ESEARCH" "ESORT" "I18NLEVEL=1" "ID" "IDLE" "IMAP4rev1" "LIST-EXTENDED" "LITERAL+" "MULTIAPPEND" "NAMESPACE" "QRESYNC" "QUOTA" "RIGHTS=ektx" "SASL-IR" "SEARCHRES" "SORT" "THREAD=ORDEREDSUBJECT" "UIDPLUS" "UNSELECT" "WITHIN"

mail.imapid

 NGINX Keyword:         mail.imapid
 Description:           NGINX response to IMAP ID command
 Controlling Attribute: (none)
 Default Value:         "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"
 Current Value:         "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"
 Config Text:           "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"

mail.imaps.port

 NGINX Keyword:         mail.imaps.port
 Description:           Mail Proxy IMAPS Port
 Controlling Attribute: zimbraImapSSLProxyBindPort
 Default Value:         993
 Current Value:         993
 Config Text:           993

mail.ipmax

 NGINX Keyword:         mail.ipmax
 Description:           IP Login Limit (Throttle) - 0 means infinity
 Controlling Attribute: zimbraReverseProxyIPLoginLimit
 Default Value:         0
 Current Value:         0
 Config Text:           0

mail.iprej

 NGINX Keyword:         mail.iprej
 Description:           Rejection message for IP throttle
 Controlling Attribute: zimbraReverseProxyIpThrottleMsg
 Default Value:         Login rejected from this IP
 Current Value:         Login rejected from this IP
 Config Text:           Login rejected from this IP

mail.ipttl

 NGINX Keyword:         mail.ipttl
 Description:           Time interval (ms) after which IP Login Counter is reset
 Controlling Attribute: zimbraReverseProxyIPLoginLimitTime
 Default Value:         3600000
 Current Value:         3600000
 Config Text:           3600000ms

mail.passerrors

 NGINX Keyword:         mail.passerrors
 Description:           Indicates whether mail proxy will pass any protocol specific errors from the upstream server back to the downstream client
 Controlling Attribute: zimbraReverseProxyPassErrors
 Default Value:         true
 Current Value:         true
 Config Text:           on

mail.pop3.authgssapi.enabled

 NGINX Keyword:         mail.pop3.authgssapi.enabled
 Description:           Whether SASL GSSAPI is enabled for POP3
 Controlling Attribute: zimbraReverseProxyPop3SaslGssapiEnabled
 Default Value:         false
 Current Value:         true
 Config Text:           

 NGINX Keyword:         mail.pop3.authplain.enabled
 Description:           Whether SASL PLAIN is enabled for POP3
 Controlling Attribute: zimbraReverseProxyPop3SaslPlainEnabled
 Default Value:         true
 Current Value:         true
 Config Text:           

 NGINX Keyword:         mail.pop3.greeting
 Description:           Proxy POP3 banner message (contains build version if zimbraReverseProxyPop3ExposeVersionOnBanner is true)
 Controlling Attribute: zimbraReverseProxyPop3ExposeVersionOnBanner
 Default Value:         
 Current Value:         
 Config Text:           

 NGINX Keyword:         mail.pop3.port
 Description:           Mail Proxy POP3 Port
 Controlling Attribute: zimbraPop3ProxyBindPort
 Default Value:         110
 Current Value:         110
 Config Text:           110

 NGINX Keyword:         mail.pop3.tls
 Description:           TLS support for POP3 - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel
 Controlling Attribute: zimbraReverseProxyPop3StartTlsMode
 Default Value:         only
 Current Value:         on
 Config Text:           on

 NGINX Keyword:         mail.pop3capa
 Description:           POP3 Capability List
 Controlling Attribute: zimbraReverseProxyPop3EnabledCapability
 Default Value:         []
 Current Value:         [EXPIRE 31 USER, TOP, UIDL, USER, XOIP]
 Config Text:            "EXPIRE 31 USER" "TOP" "UIDL" "USER" "XOIP"

 NGINX Keyword:         mail.pop3s.port
 Description:           Mail Proxy POP3S Port
 Controlling Attribute: zimbraPop3SSLProxyBindPort
 Default Value:         995
 Current Value:         995
 Config Text:           995

 NGINX Keyword:         mail.sasl_host_from_ip
 Description:           Whether to use incoming interface IP address to determine service principal name (if true, IP address is reverse mapped to DNS name, else host name of proxy is used)
 Controlling Attribute: krb5_service_principal_from_interface_address
 Default Value:         false
 Current Value:         false
 Config Text:           off

 NGINX Keyword:         mail.saslapp
 Description:           Application name used by NGINX to initialize SASL authentication
 Controlling Attribute: (none)
 Default Value:         nginx
 Current Value:         nginx
 Config Text:           nginx

 NGINX Keyword:         mail.ssl.cert
 Description:           Mail Proxy SSL certificate file
 Controlling Attribute: (none)
 Default Value:         /opt/zimbra/conf/nginx.crt
 Current Value:         /opt/zimbra/conf/nginx.crt
 Config Text:           /opt/zimbra/conf/nginx.crt

 NGINX Keyword:         mail.ssl.ciphers
 Description:           Permitted ciphers for mail proxy
 Controlling Attribute: zimbraReverseProxySSLCiphers
 Default Value:         !SSLv2:!MD5:HIGH
 Current Value:         !SSLv2:!MD5:HIGH
 Config Text:           !SSLv2:!MD5:HIGH

 NGINX Keyword:         mail.ssl.key
 Description:           Mail Proxy SSL certificate key
 Controlling Attribute: (none)
 Default Value:         /opt/zimbra/conf/nginx.key
 Current Value:         /opt/zimbra/conf/nginx.key
 Config Text:           /opt/zimbra/conf/nginx.key

 NGINX Keyword:         mail.ssl.preferserverciphers
 Description:           Requires protocols SSLv3 and TLSv1 server ciphers be preferred over the client's ciphers
 Controlling Attribute: (none)
 Default Value:         true
 Current Value:         true
 Config Text:           on

 NGINX Keyword:         mail.timeout
 Description:           Time interval (ms) after which, if a POP/IMAP connection is inactive, it will be automatically disconnected
 Controlling Attribute: zimbraReverseProxyInactivityTimeout
 Default Value:         3600000
 Current Value:         3600000
 Config Text:           3600000ms

 NGINX Keyword:         mail.upstream.imapid
 Description:           Whether NGINX issues the IMAP ID command to the upstream server prior to logging in (audit purpose)
 Controlling Attribute: zimbraReverseProxySendImapId
 Default Value:         true
 Current Value:         true
 Config Text:           on

 NGINX Keyword:         mail.upstream.pop3xoip
 Description:           Whether NGINX issues the POP3 XOIP command to the upstream server prior to logging in (audit purpose)
 Controlling Attribute: zimbraReverseProxySendPop3Xoip
 Default Value:         true
 Current Value:         true
 Config Text:           on

 NGINX Keyword:         mail.usermax
 Description:           User Login Limit (Throttle) - 0 means infinity
 Controlling Attribute: zimbraReverseProxyUserLoginLimit
 Default Value:         0
 Current Value:         0
 Config Text:           0

 NGINX Keyword:         mail.userrej
 Description:           Rejection message for User throttle
 Controlling Attribute: zimbraReverseProxyUserThrottleMsg
 Default Value:         Login rejected for this user
 Current Value:         Login rejected for this user
 Config Text:           Login rejected for this user

 NGINX Keyword:         mail.userttl
 Description:           Time interval (ms) after which User Login Counter is reset
 Controlling Attribute: zimbraReverseProxyUserLoginLimitTime
 Default Value:         3600000
 Current Value:         3600000
 Config Text:           3600000ms

 NGINX Keyword:         main.connections
 Description:           Maximum number of simultaneous connections per worker process
 Controlling Attribute: zimbraReverseProxyWorkerConnections
 Default Value:         10240
 Current Value:         10240
 Config Text:           10240

 NGINX Keyword:         main.group
 Description:           The group as which the worker processes will run
 Controlling Attribute: (none)
 Default Value:         zimbra
 Current Value:         zimbra
 Config Text:           zimbra

 NGINX Keyword:         main.krb5keytab
 Description:           Path to kerberos keytab file used for GSSAPI authentication
 Controlling Attribute: krb5_keytab
 Default Value:         /opt/zimbra/conf/krb5.keytab
 Current Value:         /opt/zimbra/conf/krb5.keytab
 Config Text:           /opt/zimbra/conf/krb5.keytab

 NGINX Keyword:         main.logfile
 Description:           Log file path (relative to ${core.workdir})
 Controlling Attribute: (none)
 Default Value:         log/nginx.log
 Current Value:         log/nginx.log
 Config Text:           log/nginx.log

 NGINX Keyword:         main.loglevel
 Description:           Log level - can be debug|info|notice|warn|error|crit
 Controlling Attribute: zimbraReverseProxyLogLevel
 Default Value:         info
 Current Value:         info
 Config Text:           info

 NGINX Keyword:         main.pidfile
 Description:           PID file path (relative to ${core.workdir})
 Controlling Attribute: (none)
 Default Value:         log/nginx.pid
 Current Value:         log/nginx.pid
 Config Text:           log/nginx.pid

 NGINX Keyword:         main.user
 Description:           The user as which the worker processes will run
 Controlling Attribute: (none)
 Default Value:         zimbra
 Current Value:         zimbra
 Config Text:           zimbra

 NGINX Keyword:         main.workers
 Description:           Number of worker processes
 Controlling Attribute: zimbraReverseProxyWorkerProcesses
 Default Value:         4
 Current Value:         4
 Config Text:           4

 NGINX Keyword:         memcache.:servers
 Description:           List of known memcache servers (i.e. servers having imapproxy service enabled)
 Controlling Attribute: (none)
 Default Value:         []
 Current Value:         [devel.peerbhoy.nat:11211]
 Config Text:             servers   devel.peerbhoy.nat:11211;

 NGINX Keyword:         memcache.reconnect
 Description:           Time (ms) after which NGINX will attempt to re-establish a broken connection to a memcache server
 Controlling Attribute: zimbraReverseProxyCacheReconnectInterval
 Default Value:         60000
 Current Value:         60000
 Config Text:           60000ms

 NGINX Keyword:         memcache.timeout
 Description:           Time (ms) given to a cache-fetch operation to complete
 Controlling Attribute: zimbraReverseProxyCacheFetchTimeout
 Default Value:         3000
 Current Value:         3000
 Config Text:           3000ms

 NGINX Keyword:         memcache.ttl
 Description:           Time interval (ms) for which cached entries remain in memcache
 Controlling Attribute: zimbraReverseProxyCacheEntryTTL
 Default Value:         3600000
 Current Value:         3600000
 Config Text:           3600000ms

 NGINX Keyword:         memcache.unqual
 Description:           Deprecated - always set to false
 Controlling Attribute: (none)
 Default Value:         false
 Current Value:         false
 Config Text:           off

 NGINX Keyword:         web.:routehandlers
 Description:           List of web route lookup handlers (i.e. servers for which zimbraReverseProxyLookupTarget is true)
 Controlling Attribute: zimbraReverseProxyLookupTarget
 Default Value:         []
 Current Value:         [devel.peerbhoy.nat:7072]
 Config Text:               zmroutehandlers   devel.peerbhoy.nat:7072/service/extension/nginx-lookup;

 NGINX Keyword:         web.enabled
 Description:           Indicates whether HTTP proxying is enabled
 Controlling Attribute: zimbraReverseProxyHttpEnabled
 Default Value:         false
 Current Value:         true
 Config Text:           

 NGINX Keyword:         web.http.enabled
 Description:           Indicates whether HTTP Proxy will accept connections on HTTP (true unless zimbraReverseProxyMailMode is 'https')
 Controlling Attribute: (none)
 Default Value:         true
 Current Value:         true
 Config Text:           

 NGINX Keyword:         web.http.maxbody
 Description:           Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413
 Controlling Attribute: zimbraFileUploadMaxSize
 Default Value:         10485760
 Current Value:         10485760
 Config Text:           10485760

 NGINX Keyword:         web.http.port
 Description:           Web Proxy HTTP Port
 Controlling Attribute: zimbraMailProxyPort
 Default Value:         0
 Current Value:         80
 Config Text:           80

 NGINX Keyword:         web.http.uport
 Description:           Web upstream server port
 Controlling Attribute: zimbraMailPort
 Default Value:         80
 Current Value:         7070
 Config Text:           7070

 NGINX Keyword:         web.https.enabled
 Description:           Indicates whether HTTP Proxy will accept connections on HTTPS (true unless zimbraReverseProxyMailMode is 'http')
 Controlling Attribute: (none)
 Default Value:         true
 Current Value:         true
 Config Text:           

 NGINX Keyword:         web.https.maxbody
 Description:           Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413
 Controlling Attribute: zimbraFileUploadMaxSize
 Default Value:         10485760
 Current Value:         10485760
 Config Text:           10485760

 NGINX Keyword:         web.https.port
 Description:           Web Proxy HTTPS Port
 Controlling Attribute: zimbraMailSSLProxyPort
 Default Value:         0
 Current Value:         443
 Config Text:           443

 NGINX Keyword:         web.mailmode
 Description:           Reverse Proxy Mail Mode - can be http|https|both|redirect|mixed
 Controlling Attribute: zimbraReverseProxyMailMode
 Default Value:         both
 Current Value:         mixed
 Config Text:           mixed

 NGINX Keyword:         web.routetimeout
 Description:           Time interval (ms) given to web route lookup handler to respond to route lookup request (after this time elapses, Proxy fails over to next handler, or fails the request if there are no more lookup handlers)
 Controlling Attribute: (none)
 Default Value:         15000
 Current Value:         15000
 Config Text:           15000ms

 NGINX Keyword:         web.ssl.cert
 Description:           Web Proxy SSL certificate path
 Controlling Attribute: (none)
 Default Value:         /opt/zimbra/conf/nginx.crt
 Current Value:         /opt/zimbra/conf/nginx.crt
 Config Text:           /opt/zimbra/conf/nginx.crt

 NGINX Keyword:         web.ssl.key
 Description:           Web Proxy SSL certificate key
 Controlling Attribute: (none)
 Default Value:         /opt/zimbra/conf/nginx.key
 Current Value:         /opt/zimbra/conf/nginx.key
 Config Text:           /opt/zimbra/conf/nginx.key

web.uploadmax

 NGINX Keyword:         web.uploadmax
 Description:           Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413
 Controlling Attribute: zimbraFileUploadMaxSize
 Default Value:         10485760
 Current Value:         10485760
 Config Text:           10485760

web.upstream.:servers

 NGINX Keyword:         web.upstream.:servers
 Description:           List of upstream HTTP servers used by Web Proxy (i.e. servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both)
 Controlling Attribute: zimbraReverseProxyLookupTarget
 Default Value:         []
 Current Value:         [devel.peerbhoy.nat:7070]
 Config Text:               server   devel.peerbhoy.nat:7070;

web.upstream.name

 NGINX Keyword:         web.upstream.name
 Description:           Symbolic name for HTTP upstream cluster
 Controlling Attribute: (none)
 Default Value:         zimbra
 Current Value:         zimbra
 Config Text:           zimbra
Jump to: navigation, search