|
|
(One intermediate revision by the same user not shown) |
Line 1: |
Line 1: |
| {{ZC}}
| | #REDIRECT [[Advance_Topics_For_Zimbra_Proxy_-_Configuration_And_Template_Files_And_Proxy_Related_Variables#Nginx_Configuration_Directive_Reference_Introduction]] |
| {{Article Infobox|{{admin}}||{{ZCS 8.5}}||{{ZCS 8.0}}|}}
| |
| | |
| == Nginx Configuration Directive Reference Introduction ==
| |
| | |
| Almost all the configuration directives for Zimbra NGINX Proxy are controlled by LDAP attributes, and in some cases, by LocalConfig values. To simplify the Proxy Configuration, the NGINX Proxy Configuration Generator reads these LDAP/LocalConfig values, and generates the Proxy configuration files. To allow more flexibility to the process of config generation, the Config Generator reads in a set of template files, substitutes certain keywords with the actual values from LDAP/LocalConfig, and generates the configuration files for use with NGINX.
| |
| | |
| Both, the Proxy configuration files, and the Proxy configuration templates, are hierarchical in nature, which means that a main, top-level configuration file or template, includes other configuration files or templates respectively. Refer to the [[NGINX Configuration Structure]] for the Proxy Configuration Inclusion Hierarchy
| |
| | |
| === Configuration Keywords ===
| |
| | |
| | |
| ==== core.workdir ====
| |
| | |
| ----
| |
| NGINX Keyword: core.workdir
| |
| Description: Working Directory for NGINX worker processes
| |
| Controlling Attribute: (none)
| |
| Default Value: /opt/zimbra
| |
| Config Text: /opt/zimbra
| |
| How to modify: N/A
| |
| | |
| ==== core.includes ====
| |
| | |
| ----
| |
| NGINX Keyword: core.includes
| |
| Description: Include directory (relative to ${core.workdir}/conf) containing sub-configuration files
| |
| Controlling Attribute: (none)
| |
| Default Value: nginx/includes
| |
| Config Text: nginx/includes
| |
| How to modify: N/A
| |
| | |
| ==== core.cprefix ====
| |
| | |
| ----
| |
| NGINX Keyword: core.cprefix
| |
| Description: Common config file prefix
| |
| Controlling Attribute: (none)
| |
| Default Value: nginx.conf
| |
| Config Text: nginx.conf
| |
| How to modify: N/A
| |
| | |
| ==== core.tprefix ====
| |
| | |
| ----
| |
| NGINX Keyword: core.tprefix
| |
| Description: Common template file prefix
| |
| Controlling Attribute: (none)
| |
| Default Value: nginx.conf
| |
| Config Text: nginx.conf
| |
| How to modify: N/A
| |
| | |
| ==== core.ipv4only.enabled ====
| |
| | |
| ----
| |
| NGINX Keyword: core.ipv4only.enabled
| |
| Description: Whether ipv4 is enabled for the proxy or not (based on zimbraIPMode)
| |
| Controlling Attribute: (none)
| |
| Default Value: false
| |
| Config Text: N/A
| |
| How to modify: N/A
| |
| | |
| ==== core.ipv6only.enabled ====
| |
| | |
| ----
| |
| NGINX Keyword: core.ipv6only.enabled
| |
| Description: Whether ipv6 is enabled for the proxy or not (based on zimbraIPMode)
| |
| Controlling Attribute: (none)
| |
| Default Value: false
| |
| Config Text: N/A
| |
| How to modify: N/A
| |
| | |
| ==== core.ipboth.enabled ====
| |
| | |
| ----
| |
| NGINX Keyword: core.ipboth.enabled
| |
| Description: Whether ipv4 & ipv6 both are enabled for the proxy or not (based on zimbraIPMode)
| |
| Controlling Attribute: (none)
| |
| Default Value: true
| |
| Config Text: N/A
| |
| How to modify: N/A
| |
| | |
| ==== mail.:auth_http ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.:auth_http
| |
| Description: List of mail route lookup handlers (i.e. servers for which zimbraReverseProxyLookupTarget is true)
| |
| Controlling Attribute: zimbraReverseProxyLookupTarget
| |
| Default Value: []
| |
| Current Value: [<server>:7072]
| |
| Config Text: auth_http <server>:7072/service/extension/nginx-lookup;
| |
| How to modify: zmprov ms <server> zimbraReverseProxyLookupTarget TRUE // to add a server to route-lookup list
| |
| zmprov ms <server> zimbraReverseProxyLookupTarget FALSE // to remove a server from route-lookup list
| |
| | |
| ==== mail.authwait ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.authwait
| |
| Description: Time delay (ms) after which an incorrect POP/IMAP login attempt will be rejected
| |
| Controlling Attribute: zimbraReverseProxyAuthWaitInterval
| |
| Default Value: 10000
| |
| Config Text: 10000ms
| |
| How to modify: zmprov mcf zimbraReverseProxyAuthWaitInterval 15s // s=seconds, m=minutes, h=hours, d=days
| |
| | |
| ==== mail.defaultrealm ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.defaultrealm
| |
| Description: Default SASL realm used in case Kerberos principal does not contain realm information
| |
| Controlling Attribute: zimbraReverseProxyDefaultRealm
| |
| Default Value:
| |
| Config Text:
| |
| How to modify: zmprov ms <server> zimbraReverseProxyDefaultRealm MYREALM.COM
| |
| | |
| ==== mail.dpasswd ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.dpasswd
| |
| Description: Password for master credentials used by NGINX to log in to upstream for GSSAPI authentication
| |
| Controlling Attribute: ldap_nginx_password
| |
| Default Value: zmnginx
| |
| Config Text: zmnginx
| |
| How to modify: N/A
| |
| | |
| ==== mail.enabled ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.enabled
| |
| Description: Indicates whether Mail Proxy is enabled
| |
| Controlling Attribute: zimbraReverseProxyMailEnabled
| |
| Default Value: true
| |
| Config Text:
| |
| How to modify: zmprov ms <server> zimbraReverseProxyMailEnabled FALSE
| |
| | |
| ==== mail.imap.authgssapi.enabled ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.imap.authgssapi.enabled
| |
| Description: Whether SASL GSSAPI is enabled for IMAP
| |
| Controlling Attribute: zimbraReverseProxyImapSaslGssapiEnabled
| |
| Default Value: false
| |
| Config Text:
| |
| How to modify: zmprov ms <server> zimbraReverseProxyImapSaslGssapiEnabled TRUE
| |
| | |
| ==== mail.imap.authplain.enabled ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.imap.authplain.enabled
| |
| Description: Whether SASL PLAIN is enabled for IMAP
| |
| Controlling Attribute: zimbraReverseProxyImapSaslPlainEnabled
| |
| Default Value: true
| |
| Config Text:
| |
| How to modify: zmprov ms <server> zimbraReverseProxyImapSaslPlainEnabled FALSE
| |
| | |
| ==== mail.imap.greeting ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.imap.greeting
| |
| Description: Proxy IMAP banner message (contains build version if zimbraReverseProxyImapExposeVersionOnBanner is true)
| |
| Controlling Attribute: zimbraReverseProxyPop3ExposeVersionOnBanner
| |
| Default Value:
| |
| Config Text:
| |
| How to modify: zmprov ms zimbraReverseProxyPop3ExposeVersionOnBanner TRUE
| |
| | |
| ==== mail.imap.literalauth ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.imap.literalauth
| |
| Description: Whether NGINX uses literal strings for user name/password when logging in to upstream IMAP server - if false, NGINX uses quoted strings
| |
| Controlling Attribute: (none)
| |
| Default Value: true
| |
| Config Text: on
| |
| How to modify: N/A
| |
| | |
| ==== mail.imap.port ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.imap.port
| |
| Description: Mail Proxy IMAP Port
| |
| Controlling Attribute: zimbraImapProxyBindPort
| |
| Default Value: 143
| |
| Config Text: 143
| |
| How to modify: N/A
| |
| | |
| ==== mail.imap.tls ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.imap.tls
| |
| Description: TLS support for IMAP - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel
| |
| Controlling Attribute: zimbraReverseProxyImapStartTlsMode
| |
| Default Value: only
| |
| Config Text: on
| |
| How to modify: N/A
| |
| | |
| ==== mail.imapcapa ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.imapcapa
| |
| Description: IMAP Capability List
| |
| Controlling Attribute: zimbraReverseProxyImapEnabledCapability
| |
| Default Value: []
| |
| Current Value: [ACL, BINARY, CATENATE, CHILDREN, CONDSTORE, ENABLE, ESEARCH, ESORT, I18NLEVEL=1, ID, IDLE, IMAP4rev1, LIST-EXTENDED, LITERAL+, MULTIAPPEND, NAMESPACE, QRESYNC, QUOTA, RIGHTS=ektx, SASL-IR, SEARCHRES, SORT, THREAD=ORDEREDSUBJECT, UIDPLUS, UNSELECT, WITHIN]
| |
| Config Text: "ACL" "BINARY" "CATENATE" "CHILDREN" "CONDSTORE" "ENABLE" "ESEARCH" "ESORT" "I18NLEVEL=1" "ID" "IDLE" "IMAP4rev1" "LIST-EXTENDED" "LITERAL+" "MULTIAPPEND" "NAMESPACE" "QRESYNC" "QUOTA" "RIGHTS=ektx" "SASL-IR" "SEARCHRES" "SORT" "THREAD=ORDEREDSUBJECT" "UIDPLUS" "UNSELECT" "WITHIN"
| |
| How to modify: N/A
| |
| | |
| ==== mail.imapid ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.imapid
| |
| Description: NGINX response to IMAP ID command
| |
| Controlling Attribute: (none)
| |
| Default Value: "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"
| |
| Current Value: "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"
| |
| Config Text: "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"
| |
| How to modify: N/A
| |
| | |
| ==== mail.imaps.port ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.imaps.port
| |
| Description: Mail Proxy IMAPS Port
| |
| Controlling Attribute: zimbraImapSSLProxyBindPort
| |
| Default Value: 993
| |
| Config Text: 993
| |
| How to modify: N/A
| |
| | |
| ==== mail.ipmax ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.ipmax
| |
| Description: IP Login Limit (Throttle) - 0 means infinity
| |
| Controlling Attribute: zimbraReverseProxyIPLoginLimit
| |
| Default Value: 0
| |
| Config Text: 0
| |
| How to modify: N/A
| |
| | |
| ==== mail.iprej ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.iprej
| |
| Description: Rejection message for IP throttle
| |
| Controlling Attribute: zimbraReverseProxyIpThrottleMsg
| |
| Default Value: Login rejected from this IP
| |
| Config Text: Login rejected from this IP
| |
| How to modify: N/A
| |
| | |
| ==== mail.ipttl ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.ipttl
| |
| Description: Time interval (ms) after which IP Login Counter is reset
| |
| Controlling Attribute: zimbraReverseProxyIPLoginLimitTime
| |
| Default Value: 3600000
| |
| Config Text: 3600000ms
| |
| How to modify: N/A
| |
| | |
| ==== mail.passerrors ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.passerrors
| |
| Description: Indicates whether mail proxy will pass any protocol specific errors from the upstream server back to the downstream client
| |
| Controlling Attribute: zimbraReverseProxyPassErrors
| |
| Default Value: true
| |
| Config Text: on
| |
| How to modify: N/A
| |
| | |
| ==== mail.pop3.authgssapi.enabled ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.pop3.authgssapi.enabled
| |
| Description: Whether SASL GSSAPI is enabled for POP3
| |
| Controlling Attribute: zimbraReverseProxyPop3SaslGssapiEnabled
| |
| Default Value: false
| |
| Config Text:
| |
| How to modify: N/A
| |
| | |
| ==== mail.pop3.authplain.enabled ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.pop3.authplain.enabled
| |
| Description: Whether SASL PLAIN is enabled for POP3
| |
| Controlling Attribute: zimbraReverseProxyPop3SaslPlainEnabled
| |
| Default Value: true
| |
| Config Text:
| |
| How to modify: N/A
| |
| | |
| ==== mail.pop3.greeting ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.pop3.greeting
| |
| Description: Proxy POP3 banner message (contains build version if zimbraReverseProxyPop3ExposeVersionOnBanner is true)
| |
| Controlling Attribute: zimbraReverseProxyPop3ExposeVersionOnBanner
| |
| Default Value:
| |
| Config Text:
| |
| How to modify: N/A
| |
| | |
| ==== mail.pop3.port ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.pop3.port
| |
| Description: Mail Proxy POP3 Port
| |
| Controlling Attribute: zimbraPop3ProxyBindPort
| |
| Default Value: 110
| |
| Config Text: 110
| |
| How to modify: N/A
| |
| | |
| ==== mail.pop3.tls ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.pop3.tls
| |
| Description: TLS support for POP3 - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel
| |
| Controlling Attribute: zimbraReverseProxyPop3StartTlsMode
| |
| Default Value: only
| |
| Config Text: on
| |
| How to modify: N/A
| |
| | |
| ==== mail.pop3capa ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.pop3capa
| |
| Description: POP3 Capability List
| |
| Controlling Attribute: zimbraReverseProxyPop3EnabledCapability
| |
| Default Value: []
| |
| Current Value: [EXPIRE 31 USER, TOP, UIDL, USER, XOIP]
| |
| Config Text: "EXPIRE 31 USER" "TOP" "UIDL" "USER" "XOIP"
| |
| How to modify: N/A
| |
| | |
| ==== mail.pop3s.port ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.pop3s.port
| |
| Description: Mail Proxy POP3S Port
| |
| Controlling Attribute: zimbraPop3SSLProxyBindPort
| |
| Default Value: 995
| |
| Config Text: 995
| |
| How to modify: N/A
| |
| | |
| ==== mail.sasl_host_from_ip ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.sasl_host_from_ip
| |
| Description: Whether to use incoming interface IP address to determine service principal name (if true, IP address is reverse mapped to DNS name, else host name of proxy is used)
| |
| Controlling Attribute: krb5_service_principal_from_interface_address
| |
| Default Value: false
| |
| Config Text: off
| |
| How to modify: N/A
| |
| | |
| ==== mail.saslapp ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.saslapp
| |
| Description: Application name used by NGINX to initialize SASL authentication
| |
| Controlling Attribute: (none)
| |
| Default Value: nginx
| |
| Config Text: nginx
| |
| How to modify: N/A
| |
| | |
| ==== mail.ssl.cert ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.ssl.cert
| |
| Description: Mail Proxy SSL certificate file
| |
| Controlling Attribute: (none)
| |
| Default Value: /opt/zimbra/conf/nginx.crt
| |
| Config Text: /opt/zimbra/conf/nginx.crt
| |
| How to modify: N/A
| |
| | |
| ==== mail.ssl.ciphers ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.ssl.ciphers
| |
| Description: Permitted ciphers for mail proxy
| |
| Controlling Attribute: zimbraReverseProxySSLCiphers
| |
| Default Value: !SSLv2:!MD5:HIGH
| |
| Config Text: !SSLv2:!MD5:HIGH
| |
| How to modify: N/A
| |
| | |
| ==== mail.ssl.key ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.ssl.key
| |
| Description: Mail Proxy SSL certificate key
| |
| Controlling Attribute: (none)
| |
| Default Value: /opt/zimbra/conf/nginx.key
| |
| Config Text: /opt/zimbra/conf/nginx.key
| |
| How to modify: N/A
| |
| | |
| ==== mail.ssl.preferserverciphers ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.ssl.preferserverciphers
| |
| Description: Requires protocols SSLv3 and TLSv1 server ciphers be preferred over the client's ciphers
| |
| Controlling Attribute: (none)
| |
| Default Value: true
| |
| Config Text: on
| |
| How to modify: N/A
| |
| | |
| ==== mail.timeout ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.timeout
| |
| Description: Time interval (ms) after which, if a POP/IMAP connection is inactive, it will be automatically disconnected
| |
| Controlling Attribute: zimbraReverseProxyInactivityTimeout
| |
| Default Value: 3600000
| |
| Config Text: 3600000ms
| |
| How to modify: N/A
| |
| | |
| ==== mail.upstream.imapid ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.upstream.imapid
| |
| Description: Whether NGINX issues the IMAP ID command to the upstream server prior to logging in (audit purpose)
| |
| Controlling Attribute: zimbraReverseProxySendImapId
| |
| Default Value: true
| |
| Config Text: on
| |
| How to modify: N/A
| |
| | |
| ==== mail.upstream.pop3xoip ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.upstream.pop3xoip
| |
| Description: Whether NGINX issues the POP3 XOIP command to the upstream server prior to logging in (audit purpose)
| |
| Controlling Attribute: zimbraReverseProxySendPop3Xoip
| |
| Default Value: true
| |
| Config Text: on
| |
| How to modify: N/A
| |
| | |
| ==== mail.usermax ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.usermax
| |
| Description: User Login Limit (Throttle) - 0 means infinity
| |
| Controlling Attribute: zimbraReverseProxyUserLoginLimit
| |
| Default Value: 0
| |
| Config Text: 0
| |
| How to modify: N/A
| |
| | |
| ==== mail.userrej ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.userrej
| |
| Description: Rejection message for User throttle
| |
| Controlling Attribute: zimbraReverseProxyUserThrottleMsg
| |
| Default Value: Login rejected for this user
| |
| Config Text: Login rejected for this user
| |
| How to modify: N/A
| |
| | |
| ==== mail.userttl ====
| |
| | |
| ----
| |
| NGINX Keyword: mail.userttl
| |
| Description: Time interval (ms) after which User Login Counter is reset
| |
| Controlling Attribute: zimbraReverseProxyUserLoginLimitTime
| |
| Default Value: 3600000
| |
| Config Text: 3600000ms
| |
| How to modify: N/A
| |
| | |
| ==== main.connections ====
| |
| | |
| ----
| |
| NGINX Keyword: main.connections
| |
| Description: Maximum number of simultaneous connections per worker process
| |
| Controlling Attribute: zimbraReverseProxyWorkerConnections
| |
| Default Value: 10240
| |
| Config Text: 10240
| |
| How to modify: N/A
| |
| | |
| ==== main.group ====
| |
| | |
| ----
| |
| NGINX Keyword: main.group
| |
| Description: The group as which the worker processes will run
| |
| Controlling Attribute: (none)
| |
| Default Value: zimbra
| |
| Config Text: zimbra
| |
| How to modify: N/A
| |
| | |
| ==== main.krb5keytab ====
| |
| | |
| ----
| |
| NGINX Keyword: main.krb5keytab
| |
| Description: Path to kerberos keytab file used for GSSAPI authentication
| |
| Controlling Attribute: krb5_keytab
| |
| Default Value: /opt/zimbra/conf/krb5.keytab
| |
| Config Text: /opt/zimbra/conf/krb5.keytab
| |
| How to modify: N/A
| |
| | |
| ==== main.logfile ====
| |
| | |
| ----
| |
| NGINX Keyword: main.logfile
| |
| Description: Log file path (relative to ${core.workdir})
| |
| Controlling Attribute: (none)
| |
| Default Value: log/nginx.log
| |
| Config Text: log/nginx.log
| |
| How to modify: N/A
| |
| | |
| ==== main.loglevel ====
| |
| | |
| ----
| |
| NGINX Keyword: main.loglevel
| |
| Description: Log level - can be debug|info|notice|warn|error|crit
| |
| Controlling Attribute: zimbraReverseProxyLogLevel
| |
| Default Value: info
| |
| Config Text: info
| |
| How to modify: N/A
| |
| | |
| ==== main.pidfile ====
| |
| | |
| ----
| |
| NGINX Keyword: main.pidfile
| |
| Description: PID file path (relative to ${core.workdir})
| |
| Controlling Attribute: (none)
| |
| Default Value: log/nginx.pid
| |
| Config Text: log/nginx.pid
| |
| How to modify: N/A
| |
| | |
| ==== main.user ====
| |
| | |
| ----
| |
| NGINX Keyword: main.user
| |
| Description: The user as which the worker processes will run
| |
| Controlling Attribute: (none)
| |
| Default Value: zimbra
| |
| Config Text: zimbra
| |
| How to modify: N/A
| |
| | |
| ==== main.workers ====
| |
| | |
| ----
| |
| NGINX Keyword: main.workers
| |
| Description: Number of worker processes
| |
| Controlling Attribute: zimbraReverseProxyWorkerProcesses
| |
| Default Value: 4
| |
| Config Text: 4
| |
| How to modify: N/A
| |
| | |
| ==== memcache.:servers ====
| |
| | |
| ----
| |
| NGINX Keyword: memcache.:servers
| |
| Description: List of known memcache servers (i.e. servers having imapproxy service enabled)
| |
| Controlling Attribute: (none)
| |
| Default Value: []
| |
| Current Value: [<server>:11211]
| |
| Config Text: servers <server>:11211;
| |
| How to modify: N/A
| |
| | |
| ==== memcache.reconnect ====
| |
| | |
| ----
| |
| NGINX Keyword: memcache.reconnect
| |
| Description: Time (ms) after which NGINX will attempt to re-establish a broken connection to a memcache server
| |
| Controlling Attribute: zimbraReverseProxyCacheReconnectInterval
| |
| Default Value: 60000
| |
| Config Text: 60000ms
| |
| How to modify: N/A
| |
| | |
| ==== memcache.timeout ====
| |
| | |
| ----
| |
| NGINX Keyword: memcache.timeout
| |
| Description: Time (ms) given to a cache-fetch operation to complete
| |
| Controlling Attribute: zimbraReverseProxyCacheFetchTimeout
| |
| Default Value: 3000
| |
| Config Text: 3000ms
| |
| How to modify: N/A
| |
| | |
| ==== memcache.ttl ====
| |
| | |
| ----
| |
| NGINX Keyword: memcache.ttl
| |
| Description: Time interval (ms) for which cached entries remain in memcache
| |
| Controlling Attribute: zimbraReverseProxyCacheEntryTTL
| |
| Default Value: 3600000
| |
| Config Text: 3600000ms
| |
| How to modify: N/A
| |
| | |
| ==== memcache.unqual ====
| |
| | |
| ----
| |
| NGINX Keyword: memcache.unqual
| |
| Description: Deprecated - always set to false
| |
| Controlling Attribute: (none)
| |
| Default Value: false
| |
| Config Text: off
| |
| How to modify: N/A
| |
| | |
| ==== web.:routehandlers ====
| |
| | |
| ----
| |
| NGINX Keyword: web.:routehandlers
| |
| Description: List of web route lookup handlers (i.e. servers for which zimbraReverseProxyLookupTarget is true)
| |
| Controlling Attribute: zimbraReverseProxyLookupTarget
| |
| Default Value: []
| |
| Current Value: [<server>:7072]
| |
| Config Text: zmroutehandlers <server>:7072/service/extension/nginx-lookup;
| |
| How to modify: N/A
| |
| | |
| ==== web.enabled ====
| |
| | |
| ----
| |
| NGINX Keyword: web.enabled
| |
| Description: Indicates whether HTTP proxying is enabled
| |
| Controlling Attribute: zimbraReverseProxyHttpEnabled
| |
| Default Value: false
| |
| Config Text:
| |
| How to modify: N/A
| |
| | |
| ==== web.http.enabled ====
| |
| | |
| ----
| |
| NGINX Keyword: web.http.enabled
| |
| Description: Indicates whether HTTP Proxy will accept connections on HTTP (true unless zimbraReverseProxyMailMode is 'https')
| |
| Controlling Attribute: (none)
| |
| Default Value: true
| |
| Config Text:
| |
| How to modify: N/A
| |
| | |
| ==== web.http.maxbody ====
| |
| | |
| ----
| |
| NGINX Keyword: web.http.maxbody
| |
| Description: Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413
| |
| Controlling Attribute: zimbraFileUploadMaxSize
| |
| Default Value: 10485760
| |
| Config Text: 10485760
| |
| How to modify: N/A
| |
| | |
| ==== web.http.port ====
| |
| | |
| ----
| |
| NGINX Keyword: web.http.port
| |
| Description: Web Proxy HTTP Port
| |
| Controlling Attribute: zimbraMailProxyPort
| |
| Default Value: 0
| |
| Config Text: 80
| |
| How to modify: N/A
| |
| | |
| ==== web.http.uport ====
| |
| | |
| ----
| |
| NGINX Keyword: web.http.uport
| |
| Description: Web upstream server port
| |
| Controlling Attribute: zimbraMailPort
| |
| Default Value: 80
| |
| Config Text: 7070
| |
| How to modify: N/A
| |
| | |
| ==== web.https.enabled ====
| |
| | |
| ----
| |
| NGINX Keyword: web.https.enabled
| |
| Description: Indicates whether HTTP Proxy will accept connections on HTTPS (true unless zimbraReverseProxyMailMode is 'http')
| |
| Controlling Attribute: (none)
| |
| Default Value: true
| |
| Config Text:
| |
| How to modify: N/A
| |
| | |
| ==== web.https.maxbody ====
| |
| | |
| ----
| |
| NGINX Keyword: web.https.maxbody
| |
| Description: Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413
| |
| Controlling Attribute: zimbraFileUploadMaxSize
| |
| Default Value: 10485760
| |
| Config Text: 10485760
| |
| How to modify: N/A
| |
| | |
| ==== web.https.port ====
| |
| | |
| ----
| |
| NGINX Keyword: web.https.port
| |
| Description: Web Proxy HTTPS Port
| |
| Controlling Attribute: zimbraMailSSLProxyPort
| |
| Default Value: 0
| |
| Config Text: 443
| |
| How to modify: N/A
| |
| | |
| ==== web.mailmode ====
| |
| | |
| ----
| |
| NGINX Keyword: web.mailmode
| |
| Description: Reverse Proxy Mail Mode - can be http|https|both|redirect|mixed
| |
| Controlling Attribute: zimbraReverseProxyMailMode
| |
| Default Value: both
| |
| Config Text: mixed
| |
| How to modify: N/A
| |
| | |
| ==== web.routetimeout ====
| |
| | |
| ----
| |
| NGINX Keyword: web.routetimeout
| |
| Description: Time interval (ms) given to web route lookup handler to respond to route lookup request (after this time elapses, Proxy fails over to next handler, or fails the request if there are no more lookup handlers)
| |
| Controlling Attribute: (none)
| |
| Default Value: 15000
| |
| Config Text: 15000ms
| |
| How to modify: N/A
| |
| | |
| ==== web.ssl.cert ====
| |
| | |
| ----
| |
| NGINX Keyword: web.ssl.cert
| |
| Description: Web Proxy SSL certificate path
| |
| Controlling Attribute: (none)
| |
| Default Value: /opt/zimbra/conf/nginx.crt
| |
| Config Text: /opt/zimbra/conf/nginx.crt
| |
| | |
| ==== web.ssl.key ====
| |
| | |
| ----
| |
| NGINX Keyword: web.ssl.key
| |
| Description: Web Proxy SSL certificate key
| |
| Controlling Attribute: (none)
| |
| Default Value: /opt/zimbra/conf/nginx.key
| |
| Config Text: /opt/zimbra/conf/nginx.key
| |
| How to modify: N/A
| |
| | |
| ==== web.uploadmax ====
| |
| | |
| ----
| |
| NGINX Keyword: web.uploadmax
| |
| Description: Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413
| |
| Controlling Attribute: zimbraFileUploadMaxSize
| |
| Default Value: 10485760
| |
| Config Text: 10485760
| |
| How to modify: N/A
| |
| | |
| ==== web.upstream.webclient:servers ====
| |
| | |
| ----
| |
| NGINX Keyword: web.upstream.webclient:servers
| |
| Description: List of upstream HTTP webclient servers used by Web Proxy (i.e. webclient servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both)
| |
| Controlling Attribute: zimbraReverseProxyLookupTarget
| |
| Default Value: []
| |
| Current Value: [<server>:7070]
| |
| Config Text: server <server>:7070;
| |
| How to modify: N/A
| |
| | |
| ==== web.upstream.webclient.name ====
| |
| | |
| ----
| |
| NGINX Keyword: web.upstream.webclient.name
| |
| Description: Symbolic name for HTTP webclient upstream cluster
| |
| Controlling Attribute: (none)
| |
| Default Value: zimbra_webclient
| |
| Config Text: zimbra_webclient
| |
| How to modify: N/A
| |
| | |
| ==== web.upstream.:servers ====
| |
| | |
| ----
| |
| NGINX Keyword: web.upstream.:servers
| |
| Description: List of upstream HTTP servers used by Web Proxy (i.e. mailclient servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both)
| |
| Controlling Attribute: zimbraReverseProxyLookupTarget
| |
| Default Value: []
| |
| Current Value: [<server>:7070]
| |
| Config Text: server <server>:7070;
| |
| How to modify: N/A
| |
| | |
| ==== web.upstream.name ====
| |
| | |
| ----
| |
| NGINX Keyword: web.upstream.name
| |
| Description: Symbolic name for HTTP mailclient upstream cluster
| |
| Controlling Attribute: (none)
| |
| Default Value: zimbra
| |
| Config Text: zimbra
| |
| How to modify: N/A
| |
| | |
| ==== web.ssl.upstream.webclient:servers ====
| |
| | |
| ----
| |
| NGINX Keyword: web.ssl.upstream.webclient:servers
| |
| Description: List of upstream HTTPS webclient servers used by Web Proxy (i.e. webclient servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both)
| |
| Controlling Attribute: zimbraReverseProxyLookupTarget
| |
| Default Value: []
| |
| Current Value: [<server>:7070]
| |
| Config Text: server <server>:7070;
| |
| How to modify: N/A
| |
| | |
| ==== web.ssl.upstream.webclient.name ====
| |
| | |
| ----
| |
| NGINX Keyword: web.ssl.upstream.webclient.name
| |
| Description: Symbolic name for HTTPS webclient upstream cluster
| |
| Controlling Attribute: (none)
| |
| Default Value: zimbra_ssl_webclient
| |
| Config Text: zimbra_ssl_webclient
| |
| How to modify: N/A
| |
| | |
| ==== web.ssl.upstream.:servers ====
| |
| | |
| ----
| |
| NGINX Keyword: web.ssl.upstream.:servers
| |
| Description: List of upstream HTTPS mailclient servers used by Web Proxy (i.e. mailclient servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both)
| |
| Controlling Attribute: zimbraReverseProxyLookupTarget
| |
| Default Value: []
| |
| Current Value: [<server>:7070]
| |
| Config Text: server <server>:7070;
| |
| How to modify: N/A
| |
| | |
| ==== web.ssl.upstream.name ====
| |
| | |
| ----
| |
| NGINX Keyword: web.ssl.upstream.name
| |
| Description: Symbolic name for HTTP mailclient upstream cluster
| |
| Controlling Attribute: (none)
| |
| Default Value: zimbra_ssl
| |
| Config Text: zimbra_ssl
| |
| How to modify: N/A
| |
| | |
| ==== web.admin.upstream.adminclient.:servers ====
| |
| | |
| ----
| |
| NGINX Keyword: web.admin.upstream.adminclient:servers
| |
| Description: List of upstream admin client servers used by Web Proxy (i.e. adminclient servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both)
| |
| Controlling Attribute: zimbraReverseProxyLookupTarget
| |
| Default Value: []
| |
| Current Value: [<server>:7071]
| |
| Config Text: server <server>:7071;
| |
| How to modify: N/A
| |
| | |
| ==== web.admin.upstream.adminclient.name ====
| |
| | |
| ----
| |
| NGINX Keyword: web.admin.upstream.adminclient.name
| |
| Description: Symbolic name for admin client upstream cluster
| |
| Controlling Attribute: (none)
| |
| Default Value: zimbra_adminclient
| |
| Config Text: zimbra_adminclient
| |
| How to modify: N/A
| |
| | |
| ==== web.admin.upstream.:servers ====
| |
| | |
| ----
| |
| NGINX Keyword: web.admin.upstream.:servers
| |
| Description: List of upstream admin servers used by Web Proxy (i.e. admin servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both)
| |
| Controlling Attribute: zimbraReverseProxyLookupTarget
| |
| Default Value: []
| |
| Current Value: [<server>:7071]
| |
| Config Text: server <server>:7071;
| |
| How to modify: N/A
| |
| | |
| ==== web.admin.upstream.name ====
| |
| | |
| ----
| |
| NGINX Keyword: web.admin.upstream.name
| |
| Description: Symbolic name for admin upstream cluster
| |
| Controlling Attribute: (none)
| |
| Default Value: zimbra_admin
| |
| Config Text: zimbra_admin
| |
| How to modify: N/A
| |
| | |
| ==== web.upstream.ewsserver:servers ====
| |
| | |
| ----
| |
| NGINX Keyword: web.upstream.ewsserver:servers
| |
| Description: List of upstream HTTP EWS servers used by Web Proxy (i.e. servers to which we will proxy EWS requests)
| |
| Controlling Attribute: zimbraReverseProxyUpstreamEwsServers
| |
| Default Value: []
| |
| Current Value: [<server>:7070]
| |
| Config Text: server <server>:7070;
| |
| How to modify: N/A
| |
| | |
| ==== web.ews.upstream.name ====
| |
| | |
| ----
| |
| NGINX Keyword: web.upstream.name
| |
| Description: Symbolic name for HTTP EWS upstream cluster
| |
| Controlling Attribute: (none)
| |
| Default Value: zimbra
| |
| Config Text: zimbra
| |
| How to modify: N/A
| |
| | |
| ==== web.ssl.upstream.ewsserver:servers ====
| |
| | |
| ----
| |
| NGINX Keyword: web.ssl.upstream.ewsserver:servers
| |
| Description: List of upstream HTTPS EWS servers used by Web Proxy (i.e. servers to which we will proxy EWS requests)
| |
| Controlling Attribute: zimbraReverseProxyUpstreamEwsServers
| |
| Default Value: []
| |
| Current Value: [<server>:7070]
| |
| Config Text: server <server>:7070;
| |
| How to modify: N/A
| |
| | |
| ==== web.ssl.ews.upstream.name ====
| |
| | |
| ----
| |
| NGINX Keyword: web.ssl.upstream.name
| |
| Description: Symbolic name for HTTPS EWS upstream cluster
| |
| Controlling Attribute: (none)
| |
| Default Value: zimbra_ssl_ews
| |
| Config Text: zimbra_ssl_ews
| |
| How to modify: N/A
| |
| | |
| ==== web.upstream.loginserver.:servers ====
| |
| | |
| ----
| |
| NGINX Keyword: web.upstream.loginserver:servers
| |
| Description: List of upstream HTTP Login servers used by Web Proxy (i.e. servers to which we will proxy login page requests)
| |
| Controlling Attribute: zimbraReverseProxyUpstreamLoginServers
| |
| Default Value: []
| |
| Current Value: [<server>:7070]
| |
| Config Text: server <server>:7070;
| |
| How to modify: N/A
| |
| | |
| ==== web.login.upstream.name ====
| |
| ----
| |
| NGINX Keyword: web.login.upstream.name
| |
| Description: Symbolic name for HTTP Login upstream cluster
| |
| Controlling Attribute: (none)
| |
| Default Value: zimbra_login
| |
| Config Text: zimbra_login
| |
| How to modify: N/A
| |
| | |
| ==== web.ssl.upstream.loginserver.:servers ====
| |
| | |
| ----
| |
| NGINX Keyword: web.ssl.upstream.loginserver:servers
| |
| Description: List of upstream HTTP Login servers used by Web Proxy (i.e. servers to which we will proxy login page requests)
| |
| Controlling Attribute: zimbraReverseProxyUpstreamLoginServers
| |
| Default Value: []
| |
| Current Value: [<server>:7070]
| |
| Config Text: server <server>:7070;
| |
| How to modify: N/A
| |
| | |
| ==== web.ssl.login.upstream.name ====
| |
| | |
| ----
| |
| | |
| NGINX Keyword: web.ssl.login.upstream.name
| |
| Description: Symbolic name for HTTPS Login upstream cluster
| |
| Controlling Attribute: (none)
| |
| Default Value: zimbra_ssl_login
| |
| Config Text: zimbra_ssl_login
| |
| How to modify: N/A
| |
| | |
| ==== max_fails ====
| |
| | |
| ----
| |
| | |
| NGINX Keyword: max_fails
| |
| Description: The max number of unsuccessful attempts to connect to the current server (as an upstream).
| |
| If this number is reached, proxy will refuse to connect to the current server, wait for
| |
| zimbraMailProxyReconnectTimeout and then try to reconnect. Default value is 1. Setting
| |
| this to 0 means turning this check off.
| |
| Controlling Attribute: zimbraMailProxyMaxFails
| |
| Default Value: 1
| |
| Config Text: server <server hostname>:<port> max_fails=<value>
| |
| How to modify: zmprov mcf zimbraMailProxyMaxFails <value>
| |
| | |
| ==== fail_timeout ====
| |
| | |
| ----
| |
| | |
| NGINX Keyword: fail_timeout
| |
| Description: The time in sec that proxy will reconnect the current server (as an upstream) after
| |
| connection errors happened before
| |
| Controlling Attribute: zimbraMailProxyReconnectTimeout
| |
| Default Value: 60
| |
| Config Text: server <server hostname>:<port> fail_timeout=<value>
| |
| How to modify: zmprov mcf zimbraMailProxyReconnectTimeout <value>
| |
| | |
| ==== version ====
| |
| | |
| ----
| |
| | |
| NGINX Keyword: version
| |
| Description: Current version of ZCS installed on this server
| |
| Controlling Attribute: zimbraServerVersion
| |
| Default Value: None
| |
| Config Text: server <server hostname>:<port> version=<value>
| |
| How to modify: Should not be modified. Set by the installer
| |
| | |
| {{Article Footer|ZCS 8.0 and later|7/23/2014}}
| |
| | |
| [[Category:Proxy]]
| |
| [[Category:ZCS 8.0]]
| |