NGINX Configuration Directive Reference: Difference between revisions

m (updated the related releases to 5.0.10)
 
(13 intermediate revisions by 3 users not shown)
Line 1: Line 1:
Almost all the configuration directives for Zimbra NGINX Proxy are controlled by LDAP attributes, and in some cases, by LocalConfig values. To simplify the Proxy Configuration, the NGINX Proxy Configuration Generator reads these LDAP/LocalConfig values, and generates the Proxy configuration files. To allow more flexibility to the process of config generation, the Config Generator reads in a set of template files, substitutes certain keywords with the actual values from LDAP/LocalConfig, and generates the configuration files for use with NGINX.
#REDIRECT [[Advance_Topics_For_Zimbra_Proxy_-_Configuration_And_Template_Files_And_Proxy_Related_Variables#Nginx_Configuration_Directive_Reference_Introduction]]
 
Both, the Proxy configuration files, and the Proxy configuration templates, are hierarchical in nature, which means that a main, top-level configuration file or template, includes other configuration files or templates respectively. Refer to the [[NGINX Configuration Structure]] for the Proxy Configuration Inclusion Hierarchy
 
= Configuration Keywords =
 
== core.cprefix ==
  NGINX Keyword:        core.cprefix
  Description:          Common config file prefix
  Controlling Attribute: (none)
  Default Value:        nginx.conf
  Config Text:          nginx.conf
  How to modify:        N/A
 
== core.includes ==
  NGINX Keyword:        core.includes
  Description:          Include directory (relative to ${core.workdir}/conf) containing sub-configuration files
  Controlling Attribute: (none)
  Default Value:        nginx/includes
  Config Text:          nginx/includes
  How to modify:        N/A
 
== core.tprefix ==
  NGINX Keyword:        core.tprefix
  Description:          Common template file prefix
  Controlling Attribute: (none)
  Default Value:        nginx.conf
  Config Text:          nginx.conf
  How to modify:        N/A
 
== core.workdir ==
  NGINX Keyword:        core.workdir
  Description:          Working Directory for NGINX worker processes
  Controlling Attribute: (none)
  Default Value:        /opt/zimbra
  Config Text:          /opt/zimbra
  How to modify:        N/A
 
== mail.:auth_http ==
  NGINX Keyword:        mail.:auth_http
  Description:          List of mail route lookup handlers (i.e. servers for which zimbraReverseProxyLookupTarget is true)
  Controlling Attribute: zimbraReverseProxyLookupTarget
  Default Value:        []
  Current Value:        [<server>:7072]
  Config Text:              auth_http  <server>:7072/service/extension/nginx-lookup;
  How to modify:        zmprov ms <server> zimbraReverseProxyLookupTarget TRUE      // to add a server to route-lookup list
                        zmprov ms <server> zimbraReverseProxyLookupTarget FALSE      // to remove a server from route-lookup list
 
== mail.authwait ==
  NGINX Keyword:        mail.authwait
  Description:          Time delay (ms) after which an incorrect POP/IMAP login attempt will be rejected
  Controlling Attribute: zimbraReverseProxyAuthWaitInterval
  Default Value:        10000
  Config Text:          10000ms
  How to modify:        zmprov mcf zimbraReverseProxyAuthWaitInterval 15s            // s=seconds, m=minutes, h=hours, d=days
 
== mail.defaultrealm ==
  NGINX Keyword:        mail.defaultrealm
  Description:          Default SASL realm used in case Kerberos principal does not contain realm information
  Controlling Attribute: zimbraReverseProxyDefaultRealm
  Default Value:       
  Config Text:         
  How to modify:        zmprov ms <server> zimbraReverseProxyDefaultRealm MYREALM.COM
 
== mail.dpasswd ==
  NGINX Keyword:        mail.dpasswd
  Description:          Password for master credentials used by NGINX to log in to upstream for GSSAPI authentication
  Controlling Attribute: ldap_nginx_password
  Default Value:        zmnginx
  Config Text:          zmnginx
  How to modify:        N/A
 
== mail.enabled ==
  NGINX Keyword:        mail.enabled
  Description:          Indicates whether Mail Proxy is enabled
  Controlling Attribute: zimbraReverseProxyMailEnabled
  Default Value:        true
  Config Text:         
  How to modify:        zmprov ms <server> zimbraReverseProxyMailEnabled FALSE
 
== mail.imap.authgssapi.enabled ==
  NGINX Keyword:        mail.imap.authgssapi.enabled
  Description:          Whether SASL GSSAPI is enabled for IMAP
  Controlling Attribute: zimbraReverseProxyImapSaslGssapiEnabled
  Default Value:        false
  Config Text:         
  How to modify:        zmprov ms <server> zimbraReverseProxyImapSaslGssapiEnabled TRUE
 
== mail.imap.authplain.enabled ==
  NGINX Keyword:        mail.imap.authplain.enabled
  Description:          Whether SASL PLAIN is enabled for IMAP
  Controlling Attribute: zimbraReverseProxyImapSaslPlainEnabled
  Default Value:        true
  Config Text:         
  How to modify:        zmprov ms <server> zimbraReverseProxyImapSaslPlainEnabled FALSE
 
== mail.imap.greeting ==
  NGINX Keyword:        mail.imap.greeting
  Description:          Proxy IMAP banner message (contains build version if zimbraReverseProxyImapExposeVersionOnBanner is true)
  Controlling Attribute: zimbraReverseProxyPop3ExposeVersionOnBanner
  Default Value:       
  Config Text:         
  How to modify:        zmprov ms zimbraReverseProxyPop3ExposeVersionOnBanner TRUE
 
== mail.imap.literalauth ==
  NGINX Keyword:        mail.imap.literalauth
  Description:          Whether NGINX uses literal strings for user name/password when logging in to upstream IMAP server - if false, NGINX uses quoted strings
  Controlling Attribute: (none)
  Default Value:        true
  Config Text:          on
  How to modify:        N/A
 
== mail.imap.port ==
  NGINX Keyword:        mail.imap.port
  Description:          Mail Proxy IMAP Port
  Controlling Attribute: zimbraImapProxyBindPort
  Default Value:        143
  Config Text:          143
  How to modify:        N/A
 
== mail.imap.tls ==
  NGINX Keyword:        mail.imap.tls
  Description:          TLS support for IMAP - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel
  Controlling Attribute: zimbraReverseProxyImapStartTlsMode
  Default Value:        only
  Config Text:          on
  How to modify:        N/A
 
== mail.imapcapa ==
  NGINX Keyword:        mail.imapcapa
  Description:          IMAP Capability List
  Controlling Attribute: zimbraReverseProxyImapEnabledCapability
  Default Value:        []
  Current Value:        [ACL, BINARY, CATENATE, CHILDREN, CONDSTORE, ENABLE, ESEARCH, ESORT, I18NLEVEL=1, ID, IDLE, IMAP4rev1, LIST-EXTENDED, LITERAL+, MULTIAPPEND, NAMESPACE, QRESYNC, QUOTA, RIGHTS=ektx, SASL-IR, SEARCHRES, SORT, THREAD=ORDEREDSUBJECT, UIDPLUS, UNSELECT, WITHIN]
  Config Text:            "ACL" "BINARY" "CATENATE" "CHILDREN" "CONDSTORE" "ENABLE" "ESEARCH" "ESORT" "I18NLEVEL=1" "ID" "IDLE" "IMAP4rev1" "LIST-EXTENDED" "LITERAL+" "MULTIAPPEND" "NAMESPACE" "QRESYNC" "QUOTA" "RIGHTS=ektx" "SASL-IR" "SEARCHRES" "SORT" "THREAD=ORDEREDSUBJECT" "UIDPLUS" "UNSELECT" "WITHIN"
  How to modify:        N/A
 
== mail.imapid ==
  NGINX Keyword:        mail.imapid
  Description:          NGINX response to IMAP ID command
  Controlling Attribute: (none)
  Default Value:        "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"
  Current Value:        "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"
  Config Text:          "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"
  How to modify:        N/A
 
== mail.imaps.port ==
  NGINX Keyword:        mail.imaps.port
  Description:          Mail Proxy IMAPS Port
  Controlling Attribute: zimbraImapSSLProxyBindPort
  Default Value:        993
  Config Text:          993
  How to modify:        N/A
 
== mail.ipmax ==
  NGINX Keyword:        mail.ipmax
  Description:          IP Login Limit (Throttle) - 0 means infinity
  Controlling Attribute: zimbraReverseProxyIPLoginLimit
  Default Value:        0
  Config Text:          0
  How to modify:        N/A
 
== mail.iprej ==
  NGINX Keyword:        mail.iprej
  Description:          Rejection message for IP throttle
  Controlling Attribute: zimbraReverseProxyIpThrottleMsg
  Default Value:        Login rejected from this IP
  Config Text:          Login rejected from this IP
  How to modify:        N/A
 
== mail.ipttl ==
  NGINX Keyword:        mail.ipttl
  Description:          Time interval (ms) after which IP Login Counter is reset
  Controlling Attribute: zimbraReverseProxyIPLoginLimitTime
  Default Value:        3600000
  Config Text:          3600000ms
  How to modify:        N/A
 
== mail.passerrors ==
  NGINX Keyword:        mail.passerrors
  Description:          Indicates whether mail proxy will pass any protocol specific errors from the upstream server back to the downstream client
  Controlling Attribute: zimbraReverseProxyPassErrors
  Default Value:        true
  Config Text:          on
  How to modify:        N/A
 
== mail.pop3.authgssapi.enabled ==
  NGINX Keyword:        mail.pop3.authgssapi.enabled
  Description:          Whether SASL GSSAPI is enabled for POP3
  Controlling Attribute: zimbraReverseProxyPop3SaslGssapiEnabled
  Default Value:        false
  Config Text:         
  How to modify:        N/A
 
== mail.pop3.authplain.enabled ==
  NGINX Keyword:        mail.pop3.authplain.enabled
  Description:          Whether SASL PLAIN is enabled for POP3
  Controlling Attribute: zimbraReverseProxyPop3SaslPlainEnabled
  Default Value:        true
  Config Text:         
  How to modify:        N/A
 
== mail.pop3.greeting ==
  NGINX Keyword:        mail.pop3.greeting
  Description:          Proxy POP3 banner message (contains build version if zimbraReverseProxyPop3ExposeVersionOnBanner is true)
  Controlling Attribute: zimbraReverseProxyPop3ExposeVersionOnBanner
  Default Value:       
  Config Text:         
  How to modify:        N/A
 
== mail.pop3.port ==
  NGINX Keyword:        mail.pop3.port
  Description:          Mail Proxy POP3 Port
  Controlling Attribute: zimbraPop3ProxyBindPort
  Default Value:        110
  Config Text:          110
  How to modify:        N/A
 
== mail.pop3.tls ==
  NGINX Keyword:        mail.pop3.tls
  Description:          TLS support for POP3 - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel
  Controlling Attribute: zimbraReverseProxyPop3StartTlsMode
  Default Value:        only
  Config Text:          on
  How to modify:        N/A
 
== mail.pop3capa ==
  NGINX Keyword:        mail.pop3capa
  Description:          POP3 Capability List
  Controlling Attribute: zimbraReverseProxyPop3EnabledCapability
  Default Value:        []
  Current Value:        [EXPIRE 31 USER, TOP, UIDL, USER, XOIP]
  Config Text:            "EXPIRE 31 USER" "TOP" "UIDL" "USER" "XOIP"
  How to modify:        N/A
 
== mail.pop3s.port ==
  NGINX Keyword:        mail.pop3s.port
  Description:          Mail Proxy POP3S Port
  Controlling Attribute: zimbraPop3SSLProxyBindPort
  Default Value:        995
  Config Text:          995
  How to modify:        N/A
 
== mail.sasl_host_from_ip ==
  NGINX Keyword:        mail.sasl_host_from_ip
  Description:          Whether to use incoming interface IP address to determine service principal name (if true, IP address is reverse mapped to DNS name, else host name of proxy is used)
  Controlling Attribute: krb5_service_principal_from_interface_address
  Default Value:        false
  Config Text:          off
  How to modify:        N/A
 
== mail.saslapp ==
  NGINX Keyword:        mail.saslapp
  Description:          Application name used by NGINX to initialize SASL authentication
  Controlling Attribute: (none)
  Default Value:        nginx
  Config Text:          nginx
  How to modify:        N/A
 
== mail.ssl.cert ==
  NGINX Keyword:        mail.ssl.cert
  Description:          Mail Proxy SSL certificate file
  Controlling Attribute: (none)
  Default Value:        /opt/zimbra/conf/nginx.crt
  Config Text:          /opt/zimbra/conf/nginx.crt
  How to modify:        N/A
 
== mail.ssl.ciphers ==
  NGINX Keyword:        mail.ssl.ciphers
  Description:          Permitted ciphers for mail proxy
  Controlling Attribute: zimbraReverseProxySSLCiphers
  Default Value:        !SSLv2:!MD5:HIGH
  Config Text:          !SSLv2:!MD5:HIGH
  How to modify:        N/A
 
== mail.ssl.key ==
  NGINX Keyword:        mail.ssl.key
  Description:          Mail Proxy SSL certificate key
  Controlling Attribute: (none)
  Default Value:        /opt/zimbra/conf/nginx.key
  Config Text:          /opt/zimbra/conf/nginx.key
  How to modify:        N/A
 
== mail.ssl.preferserverciphers ==
  NGINX Keyword:        mail.ssl.preferserverciphers
  Description:          Requires protocols SSLv3 and TLSv1 server ciphers be preferred over the client's ciphers
  Controlling Attribute: (none)
  Default Value:        true
  Config Text:          on
  How to modify:        N/A
 
== mail.timeout ==
  NGINX Keyword:        mail.timeout
  Description:          Time interval (ms) after which, if a POP/IMAP connection is inactive, it will be automatically disconnected
  Controlling Attribute: zimbraReverseProxyInactivityTimeout
  Default Value:        3600000
  Config Text:          3600000ms
  How to modify:        N/A
 
== mail.upstream.imapid ==
  NGINX Keyword:        mail.upstream.imapid
  Description:          Whether NGINX issues the IMAP ID command to the upstream server prior to logging in (audit purpose)
  Controlling Attribute: zimbraReverseProxySendImapId
  Default Value:        true
  Config Text:          on
  How to modify:        N/A
 
== mail.upstream.pop3xoip ==
  NGINX Keyword:        mail.upstream.pop3xoip
  Description:          Whether NGINX issues the POP3 XOIP command to the upstream server prior to logging in (audit purpose)
  Controlling Attribute: zimbraReverseProxySendPop3Xoip
  Default Value:        true
  Config Text:          on
  How to modify:        N/A
 
== mail.usermax ==
  NGINX Keyword:        mail.usermax
  Description:          User Login Limit (Throttle) - 0 means infinity
  Controlling Attribute: zimbraReverseProxyUserLoginLimit
  Default Value:        0
  Config Text:          0
  How to modify:        N/A
 
== mail.userrej ==
  NGINX Keyword:        mail.userrej
  Description:          Rejection message for User throttle
  Controlling Attribute: zimbraReverseProxyUserThrottleMsg
  Default Value:        Login rejected for this user
  Config Text:          Login rejected for this user
  How to modify:        N/A
 
== mail.userttl ==
  NGINX Keyword:        mail.userttl
  Description:          Time interval (ms) after which User Login Counter is reset
  Controlling Attribute: zimbraReverseProxyUserLoginLimitTime
  Default Value:        3600000
  Config Text:          3600000ms
  How to modify:        N/A
 
== main.connections ==
  NGINX Keyword:        main.connections
  Description:          Maximum number of simultaneous connections per worker process
  Controlling Attribute: zimbraReverseProxyWorkerConnections
  Default Value:        10240
  Config Text:          10240
  How to modify:        N/A
 
== main.group ==
  NGINX Keyword:        main.group
  Description:          The group as which the worker processes will run
  Controlling Attribute: (none)
  Default Value:        zimbra
  Config Text:          zimbra
  How to modify:        N/A
 
== main.krb5keytab ==
  NGINX Keyword:        main.krb5keytab
  Description:          Path to kerberos keytab file used for GSSAPI authentication
  Controlling Attribute: krb5_keytab
  Default Value:        /opt/zimbra/conf/krb5.keytab
  Config Text:          /opt/zimbra/conf/krb5.keytab
  How to modify:        N/A
 
== main.logfile ==
  NGINX Keyword:        main.logfile
  Description:          Log file path (relative to ${core.workdir})
  Controlling Attribute: (none)
  Default Value:        log/nginx.log
  Config Text:          log/nginx.log
  How to modify:        N/A
 
== main.loglevel ==
  NGINX Keyword:        main.loglevel
  Description:          Log level - can be debug|info|notice|warn|error|crit
  Controlling Attribute: zimbraReverseProxyLogLevel
  Default Value:        info
  Config Text:          info
  How to modify:        N/A
 
== main.pidfile ==
  NGINX Keyword:        main.pidfile
  Description:          PID file path (relative to ${core.workdir})
  Controlling Attribute: (none)
  Default Value:        log/nginx.pid
  Config Text:          log/nginx.pid
  How to modify:        N/A
 
== main.user ==
  NGINX Keyword:        main.user
  Description:          The user as which the worker processes will run
  Controlling Attribute: (none)
  Default Value:        zimbra
  Config Text:          zimbra
  How to modify:        N/A
 
== main.workers ==
  NGINX Keyword:        main.workers
  Description:          Number of worker processes
  Controlling Attribute: zimbraReverseProxyWorkerProcesses
  Default Value:        4
  Config Text:          4
  How to modify:        N/A
 
== memcache.:servers ==
  NGINX Keyword:        memcache.:servers
  Description:          List of known memcache servers (i.e. servers having imapproxy service enabled)
  Controlling Attribute: (none)
  Default Value:        []
  Current Value:        [<server>:11211]
  Config Text:            servers  <server>:11211;
  How to modify:        N/A
 
== memcache.reconnect ==
  NGINX Keyword:        memcache.reconnect
  Description:          Time (ms) after which NGINX will attempt to re-establish a broken connection to a memcache server
  Controlling Attribute: zimbraReverseProxyCacheReconnectInterval
  Default Value:        60000
  Config Text:          60000ms
  How to modify:        N/A
 
== memcache.timeout ==
  NGINX Keyword:        memcache.timeout
  Description:          Time (ms) given to a cache-fetch operation to complete
  Controlling Attribute: zimbraReverseProxyCacheFetchTimeout
  Default Value:        3000
  Config Text:          3000ms
  How to modify:        N/A
 
== memcache.ttl ==
  NGINX Keyword:        memcache.ttl
  Description:          Time interval (ms) for which cached entries remain in memcache
  Controlling Attribute: zimbraReverseProxyCacheEntryTTL
  Default Value:        3600000
  Config Text:          3600000ms
  How to modify:        N/A
 
== memcache.unqual ==
  NGINX Keyword:        memcache.unqual
  Description:          Deprecated - always set to false
  Controlling Attribute: (none)
  Default Value:        false
  Config Text:          off
  How to modify:        N/A
 
== web.:routehandlers ==
  NGINX Keyword:        web.:routehandlers
  Description:          List of web route lookup handlers (i.e. servers for which zimbraReverseProxyLookupTarget is true)
  Controlling Attribute: zimbraReverseProxyLookupTarget
  Default Value:        []
  Current Value:        [<server>:7072]
  Config Text:              zmroutehandlers  <server>:7072/service/extension/nginx-lookup;
  How to modify:        N/A
 
== web.enabled ==
  NGINX Keyword:        web.enabled
  Description:          Indicates whether HTTP proxying is enabled
  Controlling Attribute: zimbraReverseProxyHttpEnabled
  Default Value:        false
  Config Text:         
  How to modify:        N/A
 
== web.http.enabled ==
  NGINX Keyword:        web.http.enabled
  Description:          Indicates whether HTTP Proxy will accept connections on HTTP (true unless zimbraReverseProxyMailMode is 'https')
  Controlling Attribute: (none)
  Default Value:        true
  Config Text:         
  How to modify:        N/A
 
== web.http.maxbody ==
  NGINX Keyword:        web.http.maxbody
  Description:          Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413
  Controlling Attribute: zimbraFileUploadMaxSize
  Default Value:        10485760
  Config Text:          10485760
  How to modify:        N/A
 
== web.http.port ==
  NGINX Keyword:        web.http.port
  Description:          Web Proxy HTTP Port
  Controlling Attribute: zimbraMailProxyPort
  Default Value:        0
  Config Text:          80
  How to modify:        N/A
 
== web.http.uport ==
  NGINX Keyword:        web.http.uport
  Description:          Web upstream server port
  Controlling Attribute: zimbraMailPort
  Default Value:        80
  Config Text:          7070
  How to modify:        N/A
 
== web.https.enabled ==
  NGINX Keyword:        web.https.enabled
  Description:          Indicates whether HTTP Proxy will accept connections on HTTPS (true unless zimbraReverseProxyMailMode is 'http')
  Controlling Attribute: (none)
  Default Value:        true
  Config Text:         
  How to modify:        N/A
 
== web.https.maxbody ==
  NGINX Keyword:        web.https.maxbody
  Description:          Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413
  Controlling Attribute: zimbraFileUploadMaxSize
  Default Value:        10485760
  Config Text:          10485760
  How to modify:        N/A
 
== web.https.port ==
  NGINX Keyword:        web.https.port
  Description:          Web Proxy HTTPS Port
  Controlling Attribute: zimbraMailSSLProxyPort
  Default Value:        0
  Config Text:          443
  How to modify:        N/A
 
== web.mailmode ==
  NGINX Keyword:        web.mailmode
  Description:          Reverse Proxy Mail Mode - can be http|https|both|redirect|mixed
  Controlling Attribute: zimbraReverseProxyMailMode
  Default Value:        both
  Config Text:          mixed
  How to modify:        N/A
 
== web.routetimeout ==
  NGINX Keyword:        web.routetimeout
  Description:          Time interval (ms) given to web route lookup handler to respond to route lookup request (after this time elapses, Proxy fails over to next handler, or fails the request if there are no more lookup handlers)
  Controlling Attribute: (none)
  Default Value:        15000
  Config Text:          15000ms
  How to modify:        N/A
 
== web.ssl.cert ==
  NGINX Keyword:        web.ssl.cert
  Description:          Web Proxy SSL certificate path
  Controlling Attribute: (none)
  Default Value:        /opt/zimbra/conf/nginx.crt
  Config Text:          /opt/zimbra/conf/nginx.crt
 
== web.ssl.key ==
  NGINX Keyword:        web.ssl.key
  Description:          Web Proxy SSL certificate key
  Controlling Attribute: (none)
  Default Value:        /opt/zimbra/conf/nginx.key
  Config Text:          /opt/zimbra/conf/nginx.key
  How to modify:        N/A
 
== web.uploadmax ==
  NGINX Keyword:        web.uploadmax
  Description:          Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413
  Controlling Attribute: zimbraFileUploadMaxSize
  Default Value:        10485760
  Config Text:          10485760
  How to modify:        N/A
 
== web.upstream.:servers ==
  NGINX Keyword:        web.upstream.:servers
  Description:          List of upstream HTTP servers used by Web Proxy (i.e. servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both)
  Controlling Attribute: zimbraReverseProxyLookupTarget
  Default Value:        []
  Current Value:        [<server>:7070]
  Config Text:              server  <server>:7070;
  How to modify:        N/A
 
== web.upstream.name ==
  NGINX Keyword:        web.upstream.name
  Description:          Symbolic name for HTTP upstream cluster
  Controlling Attribute: (none)
  Default Value:        zimbra
  Config Text:          zimbra
  How to modify:        N/A
 
 
{{Article Footer|ZCS 5.0.10 and later|9/8/2008}}
 
[[Category:Proxy]]

Latest revision as of 18:10, 10 September 2014

Jump to: navigation, search