NGINX Configuration Directive Reference: Difference between revisions

Line 571: Line 571:
   Config Text:          zimbra
   Config Text:          zimbra
   How to modify:        N/A
   How to modify:        N/A
{{Article Footer|ZCS 5.0.x|9/8/2008}}

Revision as of 22:59, 19 September 2008

Almost all the configuration directives for Zimbra NGINX Proxy are controlled by LDAP attributes, and in some cases, by LocalConfig values. To simplify the Proxy Configuration, the NGINX Proxy Configuration Generator reads these LDAP/LocalConfig values, and generates the Proxy configuration files. To allow more flexibility to the process of config generation, the Config Generator reads in a set of template files, substitutes certain keywords with the actual values from LDAP/LocalConfig, and generates the configuration files for use with NGINX.

Both, the Proxy configuration files, and the Proxy configuration templates, are hierarchical in nature, which means that a main, top-level configuration file or template, includes other configuration files or templates respectively. Refer to the NGINX Configuration Structure for the Proxy Configuration Inclusion Hierarchy

Configuration Keywords


 NGINX Keyword:         core.cprefix
 Description:           Common config file prefix
 Controlling Attribute: (none)
 Default Value:         nginx.conf
 Config Text:           nginx.conf
 How to modify:         N/A


 NGINX Keyword:         core.includes
 Description:           Include directory (relative to ${core.workdir}/conf) containing sub-configuration files
 Controlling Attribute: (none)
 Default Value:         nginx/includes
 Config Text:           nginx/includes
 How to modify:         N/A


 NGINX Keyword:         core.tprefix
 Description:           Common template file prefix
 Controlling Attribute: (none)
 Default Value:         nginx.conf
 Config Text:           nginx.conf
 How to modify:         N/A


 NGINX Keyword:         core.workdir
 Description:           Working Directory for NGINX worker processes
 Controlling Attribute: (none)
 Default Value:         /opt/zimbra
 Config Text:           /opt/zimbra
 How to modify:         N/A


 NGINX Keyword:         mail.:auth_http
 Description:           List of mail route lookup handlers (i.e. servers for which zimbraReverseProxyLookupTarget is true)
 Controlling Attribute: zimbraReverseProxyLookupTarget
 Default Value:         []
 Current Value:         [<server>:7072]
 Config Text:               auth_http   <server>:7072/service/extension/nginx-lookup;
 How to modify:         zmprov ms <server> zimbraReverseProxyLookupTarget TRUE       // to add a server to route-lookup list
                        zmprov ms <server> zimbraReverseProxyLookupTarget FALSE      // to remove a server from route-lookup list


 NGINX Keyword:         mail.authwait
 Description:           Time delay (ms) after which an incorrect POP/IMAP login attempt will be rejected
 Controlling Attribute: zimbraReverseProxyAuthWaitInterval
 Default Value:         10000
 Config Text:           10000ms
 How to modify:         zmprov mcf zimbraReverseProxyAuthWaitInterval 15s            // s=seconds, m=minutes, h=hours, d=days


 NGINX Keyword:         mail.defaultrealm
 Description:           Default SASL realm used in case Kerberos principal does not contain realm information
 Controlling Attribute: zimbraReverseProxyDefaultRealm
 Default Value:         
 Config Text:           
 How to modify:         zmprov ms <server> zimbraReverseProxyDefaultRealm MYREALM.COM


 NGINX Keyword:         mail.dpasswd
 Description:           Password for master credentials used by NGINX to log in to upstream for GSSAPI authentication
 Controlling Attribute: ldap_nginx_password
 Default Value:         zmnginx
 Config Text:           zmnginx
 How to modify:         N/A


 NGINX Keyword:         mail.enabled
 Description:           Indicates whether Mail Proxy is enabled
 Controlling Attribute: zimbraReverseProxyMailEnabled
 Default Value:         true
 Config Text:           
 How to modify:         zmprov ms <server> zimbraReverseProxyMailEnabled FALSE


 NGINX Keyword:         mail.imap.authgssapi.enabled
 Description:           Whether SASL GSSAPI is enabled for IMAP
 Controlling Attribute: zimbraReverseProxyImapSaslGssapiEnabled
 Default Value:         false
 Config Text:           
 How to modify:         zmprov ms <server> zimbraReverseProxyImapSaslGssapiEnabled TRUE


 NGINX Keyword:         mail.imap.authplain.enabled
 Description:           Whether SASL PLAIN is enabled for IMAP
 Controlling Attribute: zimbraReverseProxyImapSaslPlainEnabled
 Default Value:         true
 Config Text:           
 How to modify:         zmprov ms <server> zimbraReverseProxyImapSaslPlainEnabled FALSE


 NGINX Keyword:         mail.imap.greeting
 Description:           Proxy IMAP banner message (contains build version if zimbraReverseProxyImapExposeVersionOnBanner is true)
 Controlling Attribute: zimbraReverseProxyPop3ExposeVersionOnBanner
 Default Value:         
 Config Text:           
 How to modify:         zmprov ms zimbraReverseProxyPop3ExposeVersionOnBanner TRUE


 NGINX Keyword:         mail.imap.literalauth
 Description:           Whether NGINX uses literal strings for user name/password when logging in to upstream IMAP server - if false, NGINX uses quoted strings
 Controlling Attribute: (none)
 Default Value:         true
 Config Text:           on
 How to modify:         N/A


 NGINX Keyword:         mail.imap.port
 Description:           Mail Proxy IMAP Port
 Controlling Attribute: zimbraImapProxyBindPort
 Default Value:         143
 Config Text:           143
 How to modify:         N/A


 NGINX Keyword:         mail.imap.tls
 Description:           TLS support for IMAP - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel
 Controlling Attribute: zimbraReverseProxyImapStartTlsMode
 Default Value:         only
 Config Text:           on
 How to modify:         N/A


 NGINX Keyword:         mail.imapcapa
 Description:           IMAP Capability List
 Controlling Attribute: zimbraReverseProxyImapEnabledCapability
 Default Value:         []
 How to modify:         N/A


 NGINX Keyword:         mail.imapid
 Description:           NGINX response to IMAP ID command
 Controlling Attribute: (none)
 Default Value:         "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"
 Current Value:         "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"
 Config Text:           "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"
 How to modify:         N/A


 NGINX Keyword:         mail.imaps.port
 Description:           Mail Proxy IMAPS Port
 Controlling Attribute: zimbraImapSSLProxyBindPort
 Default Value:         993
 Config Text:           993
 How to modify:         N/A


 NGINX Keyword:         mail.ipmax
 Description:           IP Login Limit (Throttle) - 0 means infinity
 Controlling Attribute: zimbraReverseProxyIPLoginLimit
 Default Value:         0
 Config Text:           0
 How to modify:         N/A


 NGINX Keyword:         mail.iprej
 Description:           Rejection message for IP throttle
 Controlling Attribute: zimbraReverseProxyIpThrottleMsg
 Default Value:         Login rejected from this IP
 Config Text:           Login rejected from this IP
 How to modify:         N/A


 NGINX Keyword:         mail.ipttl
 Description:           Time interval (ms) after which IP Login Counter is reset
 Controlling Attribute: zimbraReverseProxyIPLoginLimitTime
 Default Value:         3600000
 Config Text:           3600000ms
 How to modify:         N/A


 NGINX Keyword:         mail.passerrors
 Description:           Indicates whether mail proxy will pass any protocol specific errors from the upstream server back to the downstream client
 Controlling Attribute: zimbraReverseProxyPassErrors
 Default Value:         true
 Config Text:           on
 How to modify:         N/A


 NGINX Keyword:         mail.pop3.authgssapi.enabled
 Description:           Whether SASL GSSAPI is enabled for POP3
 Controlling Attribute: zimbraReverseProxyPop3SaslGssapiEnabled
 Default Value:         false
 Config Text:           
 How to modify:         N/A


 NGINX Keyword:         mail.pop3.authplain.enabled
 Description:           Whether SASL PLAIN is enabled for POP3
 Controlling Attribute: zimbraReverseProxyPop3SaslPlainEnabled
 Default Value:         true
 Config Text:           
 How to modify:         N/A


 NGINX Keyword:         mail.pop3.greeting
 Description:           Proxy POP3 banner message (contains build version if zimbraReverseProxyPop3ExposeVersionOnBanner is true)
 Controlling Attribute: zimbraReverseProxyPop3ExposeVersionOnBanner
 Default Value:         
 Config Text:           
 How to modify:         N/A


 NGINX Keyword:         mail.pop3.port
 Description:           Mail Proxy POP3 Port
 Controlling Attribute: zimbraPop3ProxyBindPort
 Default Value:         110
 Config Text:           110
 How to modify:         N/A


 NGINX Keyword:         mail.pop3.tls
 Description:           TLS support for POP3 - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel
 Controlling Attribute: zimbraReverseProxyPop3StartTlsMode
 Default Value:         only
 Config Text:           on
 How to modify:         N/A


 NGINX Keyword:         mail.pop3capa
 Description:           POP3 Capability List
 Controlling Attribute: zimbraReverseProxyPop3EnabledCapability
 Default Value:         []
 Current Value:         [EXPIRE 31 USER, TOP, UIDL, USER, XOIP]
 Config Text:            "EXPIRE 31 USER" "TOP" "UIDL" "USER" "XOIP"
 How to modify:         N/A


 NGINX Keyword:         mail.pop3s.port
 Description:           Mail Proxy POP3S Port
 Controlling Attribute: zimbraPop3SSLProxyBindPort
 Default Value:         995
 Config Text:           995
 How to modify:         N/A


 NGINX Keyword:         mail.sasl_host_from_ip
 Description:           Whether to use incoming interface IP address to determine service principal name (if true, IP address is reverse mapped to DNS name, else host name of proxy is used)
 Controlling Attribute: krb5_service_principal_from_interface_address
 Default Value:         false
 Config Text:           off
 How to modify:         N/A


 NGINX Keyword:         mail.saslapp
 Description:           Application name used by NGINX to initialize SASL authentication
 Controlling Attribute: (none)
 Default Value:         nginx
 Config Text:           nginx
 How to modify:         N/A


 NGINX Keyword:         mail.ssl.cert
 Description:           Mail Proxy SSL certificate file
 Controlling Attribute: (none)
 Default Value:         /opt/zimbra/conf/nginx.crt
 Config Text:           /opt/zimbra/conf/nginx.crt
 How to modify:         N/A


 NGINX Keyword:         mail.ssl.ciphers
 Description:           Permitted ciphers for mail proxy
 Controlling Attribute: zimbraReverseProxySSLCiphers
 Default Value:         !SSLv2:!MD5:HIGH
 Config Text:           !SSLv2:!MD5:HIGH
 How to modify:         N/A


 NGINX Keyword:         mail.ssl.key
 Description:           Mail Proxy SSL certificate key
 Controlling Attribute: (none)
 Default Value:         /opt/zimbra/conf/nginx.key
 Config Text:           /opt/zimbra/conf/nginx.key
 How to modify:         N/A


 NGINX Keyword:         mail.ssl.preferserverciphers
 Description:           Requires protocols SSLv3 and TLSv1 server ciphers be preferred over the client's ciphers
 Controlling Attribute: (none)
 Default Value:         true
 Config Text:           on
 How to modify:         N/A


 NGINX Keyword:         mail.timeout
 Description:           Time interval (ms) after which, if a POP/IMAP connection is inactive, it will be automatically disconnected
 Controlling Attribute: zimbraReverseProxyInactivityTimeout
 Default Value:         3600000
 Config Text:           3600000ms
 How to modify:         N/A


 NGINX Keyword:         mail.upstream.imapid
 Description:           Whether NGINX issues the IMAP ID command to the upstream server prior to logging in (audit purpose)
 Controlling Attribute: zimbraReverseProxySendImapId
 Default Value:         true
 Config Text:           on
 How to modify:         N/A


 NGINX Keyword:         mail.upstream.pop3xoip
 Description:           Whether NGINX issues the POP3 XOIP command to the upstream server prior to logging in (audit purpose)
 Controlling Attribute: zimbraReverseProxySendPop3Xoip
 Default Value:         true
 Config Text:           on
 How to modify:         N/A


 NGINX Keyword:         mail.usermax
 Description:           User Login Limit (Throttle) - 0 means infinity
 Controlling Attribute: zimbraReverseProxyUserLoginLimit
 Default Value:         0
 Config Text:           0
 How to modify:         N/A


 NGINX Keyword:         mail.userrej
 Description:           Rejection message for User throttle
 Controlling Attribute: zimbraReverseProxyUserThrottleMsg
 Default Value:         Login rejected for this user
 Config Text:           Login rejected for this user
 How to modify:         N/A


 NGINX Keyword:         mail.userttl
 Description:           Time interval (ms) after which User Login Counter is reset
 Controlling Attribute: zimbraReverseProxyUserLoginLimitTime
 Default Value:         3600000
 Config Text:           3600000ms
 How to modify:         N/A


 NGINX Keyword:         main.connections
 Description:           Maximum number of simultaneous connections per worker process
 Controlling Attribute: zimbraReverseProxyWorkerConnections
 Default Value:         10240
 Config Text:           10240
 How to modify:         N/A

 NGINX Keyword:
 Description:           The group as which the worker processes will run
 Controlling Attribute: (none)
 Default Value:         zimbra
 Config Text:           zimbra
 How to modify:         N/A


 NGINX Keyword:         main.krb5keytab
 Description:           Path to kerberos keytab file used for GSSAPI authentication
 Controlling Attribute: krb5_keytab
 Default Value:         /opt/zimbra/conf/krb5.keytab
 Config Text:           /opt/zimbra/conf/krb5.keytab
 How to modify:         N/A


 NGINX Keyword:         main.logfile
 Description:           Log file path (relative to ${core.workdir})
 Controlling Attribute: (none)
 Default Value:         log/nginx.log
 Config Text:           log/nginx.log
 How to modify:         N/A


 NGINX Keyword:         main.loglevel
 Description:           Log level - can be debug|info|notice|warn|error|crit
 Controlling Attribute: zimbraReverseProxyLogLevel
 Default Value:         info
 Config Text:           info
 How to modify:         N/A


 NGINX Keyword:         main.pidfile
 Description:           PID file path (relative to ${core.workdir})
 Controlling Attribute: (none)
 Default Value:         log/
 Config Text:           log/
 How to modify:         N/A


 NGINX Keyword:         main.user
 Description:           The user as which the worker processes will run
 Controlling Attribute: (none)
 Default Value:         zimbra
 Config Text:           zimbra
 How to modify:         N/A


 NGINX Keyword:         main.workers
 Description:           Number of worker processes
 Controlling Attribute: zimbraReverseProxyWorkerProcesses
 Default Value:         4
 Config Text:           4
 How to modify:         N/A


 NGINX Keyword:         memcache.:servers
 Description:           List of known memcache servers (i.e. servers having imapproxy service enabled)
 Controlling Attribute: (none)
 Default Value:         []
 Current Value:         [<server>:11211]
 Config Text:             servers   <server>:11211;
 How to modify:         N/A


 NGINX Keyword:         memcache.reconnect
 Description:           Time (ms) after which NGINX will attempt to re-establish a broken connection to a memcache server
 Controlling Attribute: zimbraReverseProxyCacheReconnectInterval
 Default Value:         60000
 Config Text:           60000ms
 How to modify:         N/A


 NGINX Keyword:         memcache.timeout
 Description:           Time (ms) given to a cache-fetch operation to complete
 Controlling Attribute: zimbraReverseProxyCacheFetchTimeout
 Default Value:         3000
 Config Text:           3000ms
 How to modify:         N/A


 NGINX Keyword:         memcache.ttl
 Description:           Time interval (ms) for which cached entries remain in memcache
 Controlling Attribute: zimbraReverseProxyCacheEntryTTL
 Default Value:         3600000
 Config Text:           3600000ms
 How to modify:         N/A


 NGINX Keyword:         memcache.unqual
 Description:           Deprecated - always set to false
 Controlling Attribute: (none)
 Default Value:         false
 Config Text:           off
 How to modify:         N/A


 NGINX Keyword:         web.:routehandlers
 Description:           List of web route lookup handlers (i.e. servers for which zimbraReverseProxyLookupTarget is true)
 Controlling Attribute: zimbraReverseProxyLookupTarget
 Default Value:         []
 Current Value:         [<server>:7072]
 Config Text:               zmroutehandlers   <server>:7072/service/extension/nginx-lookup;
 How to modify:         N/A


 NGINX Keyword:         web.enabled
 Description:           Indicates whether HTTP proxying is enabled
 Controlling Attribute: zimbraReverseProxyHttpEnabled
 Default Value:         false
 Config Text:           
 How to modify:         N/A


 NGINX Keyword:         web.http.enabled
 Description:           Indicates whether HTTP Proxy will accept connections on HTTP (true unless zimbraReverseProxyMailMode is 'https')
 Controlling Attribute: (none)
 Default Value:         true
 Config Text:           
 How to modify:         N/A


 NGINX Keyword:         web.http.maxbody
 Description:           Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413
 Controlling Attribute: zimbraFileUploadMaxSize
 Default Value:         10485760
 Config Text:           10485760
 How to modify:         N/A


 NGINX Keyword:         web.http.port
 Description:           Web Proxy HTTP Port
 Controlling Attribute: zimbraMailProxyPort
 Default Value:         0
 Config Text:           80
 How to modify:         N/A


 NGINX Keyword:         web.http.uport
 Description:           Web upstream server port
 Controlling Attribute: zimbraMailPort
 Default Value:         80
 Config Text:           7070
 How to modify:         N/A


 NGINX Keyword:         web.https.enabled
 Description:           Indicates whether HTTP Proxy will accept connections on HTTPS (true unless zimbraReverseProxyMailMode is 'http')
 Controlling Attribute: (none)
 Default Value:         true
 Config Text:           
 How to modify:         N/A


 NGINX Keyword:         web.https.maxbody
 Description:           Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413
 Controlling Attribute: zimbraFileUploadMaxSize
 Default Value:         10485760
 Config Text:           10485760
 How to modify:         N/A


 NGINX Keyword:         web.https.port
 Description:           Web Proxy HTTPS Port
 Controlling Attribute: zimbraMailSSLProxyPort
 Default Value:         0
 Config Text:           443
 How to modify:         N/A


 NGINX Keyword:         web.mailmode
 Description:           Reverse Proxy Mail Mode - can be http|https|both|redirect|mixed
 Controlling Attribute: zimbraReverseProxyMailMode
 Default Value:         both
 Config Text:           mixed
 How to modify:         N/A


 NGINX Keyword:         web.routetimeout
 Description:           Time interval (ms) given to web route lookup handler to respond to route lookup request (after this time elapses, Proxy fails over to next handler, or fails the request if there are no more lookup handlers)
 Controlling Attribute: (none)
 Default Value:         15000
 Config Text:           15000ms
 How to modify:         N/A


 NGINX Keyword:         web.ssl.cert
 Description:           Web Proxy SSL certificate path
 Controlling Attribute: (none)
 Default Value:         /opt/zimbra/conf/nginx.crt
 Config Text:           /opt/zimbra/conf/nginx.crt


 NGINX Keyword:         web.ssl.key
 Description:           Web Proxy SSL certificate key
 Controlling Attribute: (none)
 Default Value:         /opt/zimbra/conf/nginx.key
 Config Text:           /opt/zimbra/conf/nginx.key
 How to modify:         N/A


 NGINX Keyword:         web.uploadmax
 Description:           Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413
 Controlling Attribute: zimbraFileUploadMaxSize
 Default Value:         10485760
 Config Text:           10485760
 How to modify:         N/A


 NGINX Keyword:         web.upstream.:servers
 Description:           List of upstream HTTP servers used by Web Proxy (i.e. servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both)
 Controlling Attribute: zimbraReverseProxyLookupTarget
 Default Value:         []
 Current Value:         [<server>:7070]
 Config Text:               server   <server>:7070;
 How to modify:         N/A

 NGINX Keyword:
 Description:           Symbolic name for HTTP upstream cluster
 Controlling Attribute: (none)
 Default Value:         zimbra
 Config Text:           zimbra
 How to modify:         N/A

Verified Against: ZCS 5.0.x Date Created: 9/8/2008
Article ID: Date Modified: 2008-09-19

Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search