NGINX Configuration Directive Reference: Difference between revisions
No edit summary |
No edit summary |
||
| Line 4: | Line 4: | ||
= Configuration Keywords = | = Configuration Keywords = | ||
== core.cprefix == | |||
NGINX Keyword: core.cprefix | |||
Description: Common config file prefix | |||
Controlling Attribute: (none) | |||
Default Value: nginx.conf | |||
Current Value: nginx.conf | |||
Config Text: nginx.conf | |||
== core.includes == | |||
NGINX Keyword: core.includes | |||
Description: Include directory (relative to ${core.workdir}/conf) | |||
Controlling Attribute: (none) | |||
Default Value: nginx/includes | |||
Current Value: nginx/includes | |||
Config Text: nginx/includes | |||
== core.tprefix == | |||
NGINX Keyword: core.tprefix | |||
Description: Common template file prefix | |||
Controlling Attribute: (none) | |||
Default Value: nginx.conf | |||
Current Value: nginx.conf | |||
Config Text: nginx.conf | |||
== core.workdir == | |||
NGINX Keyword: core.workdir | |||
Description: Working Directory for NGINX worker processes | |||
Controlling Attribute: (none) | |||
Default Value: /opt/zimbra | |||
Current Value: /opt/zimbra | |||
Config Text: /opt/zimbra | |||
== mail.:auth_http == | |||
NGINX Keyword: mail.:auth_http | |||
Description: List of mail route lookup handlers (i.e. servers for which zimbraReverseProxyLookupTarget is true) | |||
Controlling Attribute: zimbraReverseProxyLookupTarget | |||
Default Value: [] | |||
Current Value: [devel.peerbhoy.nat:7072] | |||
Config Text: auth_http devel.peerbhoy.nat:7072/service/extension/nginx-lookup; | |||
== mail.authwait == | |||
NGINX Keyword: mail.authwait | |||
Description: Time delay (ms) after which an incorrect POP/IMAP login attempt will be rejected | |||
Controlling Attribute: zimbraReverseProxyAuthWaitInterval | |||
Default Value: 10000 | |||
Current Value: 10000 | |||
Config Text: 10000ms | |||
== mail.defaultrealm == | |||
NGINX Keyword: mail.defaultrealm | |||
Description: Default SASL realm used in case Kerberos principal does not contain realm information | |||
Controlling Attribute: zimbraReverseProxyDefaultRealm | |||
Default Value: | |||
Current Value: EXAMPLE.COM | |||
Config Text: EXAMPLE.COM | |||
== mail.dpasswd == | |||
NGINX Keyword: mail.dpasswd | |||
Description: Password for master credentials used by NGINX to log in to upstream for GSSAPI authentication | |||
Controlling Attribute: ldap_nginx_password | |||
Default Value: zmnginx | |||
Current Value: zmnginx | |||
Config Text: zmnginx | |||
== mail.enabled == | |||
NGINX Keyword: mail.enabled | |||
Description: Indicates whether Mail Proxy is enabled | |||
Controlling Attribute: zimbraReverseProxyMailEnabled | |||
Default Value: true | |||
Current Value: true | |||
Config Text: | |||
== mail.imap.authgssapi.enabled == | |||
NGINX Keyword: mail.imap.authgssapi.enabled | |||
Description: Whether SASL GSSAPI is enabled for IMAP | |||
Controlling Attribute: zimbraReverseProxyImapSaslGssapiEnabled | |||
Default Value: false | |||
Current Value: true | |||
Config Text: | |||
== mail.imap.authplain.enabled == | |||
NGINX Keyword: mail.imap.authplain.enabled | |||
Description: Whether SASL PLAIN is enabled for IMAP | |||
Controlling Attribute: zimbraReverseProxyImapSaslPlainEnabled | |||
Default Value: true | |||
Current Value: true | |||
Config Text: | |||
== mail.imap.greeting == | |||
NGINX Keyword: mail.imap.greeting | |||
Description: Proxy IMAP banner message (contains build version if zimbraReverseProxyImapExposeVersionOnBanner is true) | |||
Controlling Attribute: zimbraReverseProxyPop3ExposeVersionOnBanner | |||
Default Value: | |||
Current Value: | |||
Config Text: | |||
== mail.imap.literalauth == | |||
NGINX Keyword: mail.imap.literalauth | |||
Description: Whether NGINX uses literal strings for user name/password when logging in to upstream IMAP server - if false, NGINX uses quoted strings | |||
Controlling Attribute: (none) | |||
Default Value: true | |||
Current Value: true | |||
Config Text: on | |||
== mail.imap.port == | |||
NGINX Keyword: mail.imap.port | |||
Description: Mail Proxy IMAP Port | |||
Controlling Attribute: zimbraImapProxyBindPort | |||
Default Value: 143 | |||
Current Value: 143 | |||
Config Text: 143 | |||
== mail.imap.tls == | |||
NGINX Keyword: mail.imap.tls | |||
Description: TLS support for IMAP - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel | |||
Controlling Attribute: zimbraReverseProxyImapStartTlsMode | |||
Default Value: only | |||
Current Value: on | |||
Config Text: on | |||
== mail.imapcapa == | |||
NGINX Keyword: mail.imapcapa | |||
Description: IMAP Capability List | |||
Controlling Attribute: zimbraReverseProxyImapEnabledCapability | |||
Default Value: [] | |||
Current Value: [ACL, BINARY, CATENATE, CHILDREN, CONDSTORE, ENABLE, ESEARCH, ESORT, I18NLEVEL=1, ID, IDLE, IMAP4rev1, LIST-EXTENDED, LITERAL+, MULTIAPPEND, NAMESPACE, QRESYNC, QUOTA, RIGHTS=ektx, SASL-IR, SEARCHRES, SORT, THREAD=ORDEREDSUBJECT, UIDPLUS, UNSELECT, WITHIN] | |||
Config Text: "ACL" "BINARY" "CATENATE" "CHILDREN" "CONDSTORE" "ENABLE" "ESEARCH" "ESORT" "I18NLEVEL=1" "ID" "IDLE" "IMAP4rev1" "LIST-EXTENDED" "LITERAL+" "MULTIAPPEND" "NAMESPACE" "QRESYNC" "QUOTA" "RIGHTS=ektx" "SASL-IR" "SEARCHRES" "SORT" "THREAD=ORDEREDSUBJECT" "UIDPLUS" "UNSELECT" "WITHIN" | |||
== mail.imapid == | |||
NGINX Keyword: mail.imapid | |||
Description: NGINX response to IMAP ID command | |||
Controlling Attribute: (none) | |||
Default Value: "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra" | |||
Current Value: "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra" | |||
Config Text: "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra" | |||
== mail.imaps.port == | |||
NGINX Keyword: mail.imaps.port | |||
Description: Mail Proxy IMAPS Port | |||
Controlling Attribute: zimbraImapSSLProxyBindPort | |||
Default Value: 993 | |||
Current Value: 993 | |||
Config Text: 993 | |||
== mail.ipmax == | |||
NGINX Keyword: mail.ipmax | |||
Description: IP Login Limit (Throttle) - 0 means infinity | |||
Controlling Attribute: zimbraReverseProxyIPLoginLimit | |||
Default Value: 0 | |||
Current Value: 0 | |||
Config Text: 0 | |||
== mail.iprej == | |||
NGINX Keyword: mail.iprej | |||
Description: Rejection message for IP throttle | |||
Controlling Attribute: zimbraReverseProxyIpThrottleMsg | |||
Default Value: Login rejected from this IP | |||
Current Value: Login rejected from this IP | |||
Config Text: Login rejected from this IP | |||
== mail.ipttl == | |||
NGINX Keyword: mail.ipttl | |||
Description: Time interval (ms) after which IP Login Counter is reset | |||
Controlling Attribute: zimbraReverseProxyIPLoginLimitTime | |||
Default Value: 3600000 | |||
Current Value: 3600000 | |||
Config Text: 3600000ms | |||
== mail.passerrors == | |||
NGINX Keyword: mail.passerrors | |||
Description: Indicates whether mail proxy will pass any protocol specific errors from the upstream server back to the downstream client | |||
Controlling Attribute: zimbraReverseProxyPassErrors | |||
Default Value: true | |||
Current Value: true | |||
Config Text: on | |||
= mail.pop3.authgssapi.enabled = | |||
NGINX Keyword: mail.pop3.authgssapi.enabled | |||
Description: Whether SASL GSSAPI is enabled for POP3 | |||
Controlling Attribute: zimbraReverseProxyPop3SaslGssapiEnabled | |||
Default Value: false | |||
Current Value: true | |||
Config Text: | |||
== == | |||
NGINX Keyword: mail.pop3.authplain.enabled | |||
Description: Whether SASL PLAIN is enabled for POP3 | |||
Controlling Attribute: zimbraReverseProxyPop3SaslPlainEnabled | |||
Default Value: true | |||
Current Value: true | |||
Config Text: | |||
== == | |||
NGINX Keyword: mail.pop3.greeting | |||
Description: Proxy POP3 banner message (contains build version if zimbraReverseProxyPop3ExposeVersionOnBanner is true) | |||
Controlling Attribute: zimbraReverseProxyPop3ExposeVersionOnBanner | |||
Default Value: | |||
Current Value: | |||
Config Text: | |||
== == | |||
NGINX Keyword: mail.pop3.port | |||
Description: Mail Proxy POP3 Port | |||
Controlling Attribute: zimbraPop3ProxyBindPort | |||
Default Value: 110 | |||
Current Value: 110 | |||
Config Text: 110 | |||
== == | |||
NGINX Keyword: mail.pop3.tls | |||
Description: TLS support for POP3 - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel | |||
Controlling Attribute: zimbraReverseProxyPop3StartTlsMode | |||
Default Value: only | |||
Current Value: on | |||
Config Text: on | |||
== == | |||
NGINX Keyword: mail.pop3capa | |||
Description: POP3 Capability List | |||
Controlling Attribute: zimbraReverseProxyPop3EnabledCapability | |||
Default Value: [] | |||
Current Value: [EXPIRE 31 USER, TOP, UIDL, USER, XOIP] | |||
Config Text: "EXPIRE 31 USER" "TOP" "UIDL" "USER" "XOIP" | |||
== == | |||
NGINX Keyword: mail.pop3s.port | |||
Description: Mail Proxy POP3S Port | |||
Controlling Attribute: zimbraPop3SSLProxyBindPort | |||
Default Value: 995 | |||
Current Value: 995 | |||
Config Text: 995 | |||
== == | |||
NGINX Keyword: mail.sasl_host_from_ip | |||
Description: Whether to use incoming interface IP address to determine service principal name (if true, IP address is reverse mapped to DNS name, else host name of proxy is used) | |||
Controlling Attribute: krb5_service_principal_from_interface_address | |||
Default Value: false | |||
Current Value: false | |||
Config Text: off | |||
== == | |||
NGINX Keyword: mail.saslapp | |||
Description: Application name used by NGINX to initialize SASL authentication | |||
Controlling Attribute: (none) | |||
Default Value: nginx | |||
Current Value: nginx | |||
Config Text: nginx | |||
== == | |||
NGINX Keyword: mail.ssl.cert | |||
Description: Mail Proxy SSL certificate file | |||
Controlling Attribute: (none) | |||
Default Value: /opt/zimbra/conf/nginx.crt | |||
Current Value: /opt/zimbra/conf/nginx.crt | |||
Config Text: /opt/zimbra/conf/nginx.crt | |||
== == | |||
NGINX Keyword: mail.ssl.ciphers | |||
Description: Permitted ciphers for mail proxy | |||
Controlling Attribute: zimbraReverseProxySSLCiphers | |||
Default Value: !SSLv2:!MD5:HIGH | |||
Current Value: !SSLv2:!MD5:HIGH | |||
Config Text: !SSLv2:!MD5:HIGH | |||
== == | |||
NGINX Keyword: mail.ssl.key | |||
Description: Mail Proxy SSL certificate key | |||
Controlling Attribute: (none) | |||
Default Value: /opt/zimbra/conf/nginx.key | |||
Current Value: /opt/zimbra/conf/nginx.key | |||
Config Text: /opt/zimbra/conf/nginx.key | |||
== == | |||
NGINX Keyword: mail.ssl.preferserverciphers | |||
Description: Requires protocols SSLv3 and TLSv1 server ciphers be preferred over the client's ciphers | |||
Controlling Attribute: (none) | |||
Default Value: true | |||
Current Value: true | |||
Config Text: on | |||
== == | |||
NGINX Keyword: mail.timeout | |||
Description: Time interval (ms) after which, if a POP/IMAP connection is inactive, it will be automatically disconnected | |||
Controlling Attribute: zimbraReverseProxyInactivityTimeout | |||
Default Value: 3600000 | |||
Current Value: 3600000 | |||
Config Text: 3600000ms | |||
== == | |||
NGINX Keyword: mail.upstream.imapid | |||
Description: Whether NGINX issues the IMAP ID command to the upstream server prior to logging in (audit purpose) | |||
Controlling Attribute: zimbraReverseProxySendImapId | |||
Default Value: true | |||
Current Value: true | |||
Config Text: on | |||
== == | |||
NGINX Keyword: mail.upstream.pop3xoip | |||
Description: Whether NGINX issues the POP3 XOIP command to the upstream server prior to logging in (audit purpose) | |||
Controlling Attribute: zimbraReverseProxySendPop3Xoip | |||
Default Value: true | |||
Current Value: true | |||
Config Text: on | |||
== == | |||
NGINX Keyword: mail.usermax | |||
Description: User Login Limit (Throttle) - 0 means infinity | |||
Controlling Attribute: zimbraReverseProxyUserLoginLimit | |||
Default Value: 0 | |||
Current Value: 0 | |||
Config Text: 0 | |||
== == | |||
NGINX Keyword: mail.userrej | |||
Description: Rejection message for User throttle | |||
Controlling Attribute: zimbraReverseProxyUserThrottleMsg | |||
Default Value: Login rejected for this user | |||
Current Value: Login rejected for this user | |||
Config Text: Login rejected for this user | |||
== == | |||
NGINX Keyword: mail.userttl | |||
Description: Time interval (ms) after which User Login Counter is reset | |||
Controlling Attribute: zimbraReverseProxyUserLoginLimitTime | |||
Default Value: 3600000 | |||
Current Value: 3600000 | |||
Config Text: 3600000ms | |||
== == | |||
NGINX Keyword: main.connections | |||
Description: Maximum number of simultaneous connections per worker process | |||
Controlling Attribute: zimbraReverseProxyWorkerConnections | |||
Default Value: 10240 | |||
Current Value: 10240 | |||
Config Text: 10240 | |||
== == | |||
NGINX Keyword: main.group | |||
Description: The group as which the worker processes will run | |||
Controlling Attribute: (none) | |||
Default Value: zimbra | |||
Current Value: zimbra | |||
Config Text: zimbra | |||
== == | |||
NGINX Keyword: main.krb5keytab | |||
Description: Path to kerberos keytab file used for GSSAPI authentication | |||
Controlling Attribute: krb5_keytab | |||
Default Value: /opt/zimbra/conf/krb5.keytab | |||
Current Value: /opt/zimbra/conf/krb5.keytab | |||
Config Text: /opt/zimbra/conf/krb5.keytab | |||
== == | |||
NGINX Keyword: main.logfile | |||
Description: Log file path (relative to ${core.workdir}) | |||
Controlling Attribute: (none) | |||
Default Value: log/nginx.log | |||
Current Value: log/nginx.log | |||
Config Text: log/nginx.log | |||
== == | |||
NGINX Keyword: main.loglevel | |||
Description: Log level - can be debug|info|notice|warn|error|crit | |||
Controlling Attribute: zimbraReverseProxyLogLevel | |||
Default Value: info | |||
Current Value: info | |||
Config Text: info | |||
== == | |||
NGINX Keyword: main.pidfile | |||
Description: PID file path (relative to ${core.workdir}) | |||
Controlling Attribute: (none) | |||
Default Value: log/nginx.pid | |||
Current Value: log/nginx.pid | |||
Config Text: log/nginx.pid | |||
== == | |||
NGINX Keyword: main.user | |||
Description: The user as which the worker processes will run | |||
Controlling Attribute: (none) | |||
Default Value: zimbra | |||
Current Value: zimbra | |||
Config Text: zimbra | |||
== == | |||
NGINX Keyword: main.workers | |||
Description: Number of worker processes | |||
Controlling Attribute: zimbraReverseProxyWorkerProcesses | |||
Default Value: 4 | |||
Current Value: 4 | |||
Config Text: 4 | |||
== == | |||
NGINX Keyword: memcache.:servers | |||
Description: List of known memcache servers (i.e. servers having imapproxy service enabled) | |||
Controlling Attribute: (none) | |||
Default Value: [] | |||
Current Value: [devel.peerbhoy.nat:11211] | |||
Config Text: servers devel.peerbhoy.nat:11211; | |||
== == | |||
NGINX Keyword: memcache.reconnect | |||
Description: Time (ms) after which NGINX will attempt to re-establish a broken connection to a memcache server | |||
Controlling Attribute: zimbraReverseProxyCacheReconnectInterval | |||
Default Value: 60000 | |||
Current Value: 60000 | |||
Config Text: 60000ms | |||
== == | |||
NGINX Keyword: memcache.timeout | |||
Description: Time (ms) given to a cache-fetch operation to complete | |||
Controlling Attribute: zimbraReverseProxyCacheFetchTimeout | |||
Default Value: 3000 | |||
Current Value: 3000 | |||
Config Text: 3000ms | |||
== == | |||
NGINX Keyword: memcache.ttl | |||
Description: Time interval (ms) for which cached entries remain in memcache | |||
Controlling Attribute: zimbraReverseProxyCacheEntryTTL | |||
Default Value: 3600000 | |||
Current Value: 3600000 | |||
Config Text: 3600000ms | |||
== == | |||
NGINX Keyword: memcache.unqual | |||
Description: Deprecated - always set to false | |||
Controlling Attribute: (none) | |||
Default Value: false | |||
Current Value: false | |||
Config Text: off | |||
== == | |||
NGINX Keyword: web.:routehandlers | |||
Description: List of web route lookup handlers (i.e. servers for which zimbraReverseProxyLookupTarget is true) | |||
Controlling Attribute: zimbraReverseProxyLookupTarget | |||
Default Value: [] | |||
Current Value: [devel.peerbhoy.nat:7072] | |||
Config Text: zmroutehandlers devel.peerbhoy.nat:7072/service/extension/nginx-lookup; | |||
== == | |||
NGINX Keyword: web.enabled | |||
Description: Indicates whether HTTP proxying is enabled | |||
Controlling Attribute: zimbraReverseProxyHttpEnabled | |||
Default Value: false | |||
Current Value: true | |||
Config Text: | |||
== == | |||
NGINX Keyword: web.http.enabled | |||
Description: Indicates whether HTTP Proxy will accept connections on HTTP (true unless zimbraReverseProxyMailMode is 'https') | |||
Controlling Attribute: (none) | |||
Default Value: true | |||
Current Value: true | |||
Config Text: | |||
== == | |||
NGINX Keyword: web.http.maxbody | |||
Description: Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413 | |||
Controlling Attribute: zimbraFileUploadMaxSize | |||
Default Value: 10485760 | |||
Current Value: 10485760 | |||
Config Text: 10485760 | |||
== == | |||
NGINX Keyword: web.http.port | |||
Description: Web Proxy HTTP Port | |||
Controlling Attribute: zimbraMailProxyPort | |||
Default Value: 0 | |||
Current Value: 80 | |||
Config Text: 80 | |||
== == | |||
NGINX Keyword: web.http.uport | |||
Description: Web upstream server port | |||
Controlling Attribute: zimbraMailPort | |||
Default Value: 80 | |||
Current Value: 7070 | |||
Config Text: 7070 | |||
== == | |||
NGINX Keyword: web.https.enabled | |||
Description: Indicates whether HTTP Proxy will accept connections on HTTPS (true unless zimbraReverseProxyMailMode is 'http') | |||
Controlling Attribute: (none) | |||
Default Value: true | |||
Current Value: true | |||
Config Text: | |||
== == | |||
NGINX Keyword: web.https.maxbody | |||
Description: Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413 | |||
Controlling Attribute: zimbraFileUploadMaxSize | |||
Default Value: 10485760 | |||
Current Value: 10485760 | |||
Config Text: 10485760 | |||
== == | |||
NGINX Keyword: web.https.port | |||
Description: Web Proxy HTTPS Port | |||
Controlling Attribute: zimbraMailSSLProxyPort | |||
Default Value: 0 | |||
Current Value: 443 | |||
Config Text: 443 | |||
== == | |||
NGINX Keyword: web.mailmode | |||
Description: Reverse Proxy Mail Mode - can be http|https|both|redirect|mixed | |||
Controlling Attribute: zimbraReverseProxyMailMode | |||
Default Value: both | |||
Current Value: mixed | |||
Config Text: mixed | |||
== == | |||
NGINX Keyword: web.routetimeout | |||
Description: Time interval (ms) given to web route lookup handler to respond to route lookup request (after this time elapses, Proxy fails over to next handler, or fails the request if there are no more lookup handlers) | |||
Controlling Attribute: (none) | |||
Default Value: 15000 | |||
Current Value: 15000 | |||
Config Text: 15000ms | |||
== == | |||
NGINX Keyword: web.ssl.cert | |||
Description: Web Proxy SSL certificate path | |||
Controlling Attribute: (none) | |||
Default Value: /opt/zimbra/conf/nginx.crt | |||
Current Value: /opt/zimbra/conf/nginx.crt | |||
Config Text: /opt/zimbra/conf/nginx.crt | |||
== == | |||
NGINX Keyword: web.ssl.key | |||
Description: Web Proxy SSL certificate key | |||
Controlling Attribute: (none) | |||
Default Value: /opt/zimbra/conf/nginx.key | |||
Current Value: /opt/zimbra/conf/nginx.key | |||
Config Text: /opt/zimbra/conf/nginx.key | |||
== web.uploadmax == | |||
NGINX Keyword: web.uploadmax | |||
Description: Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413 | |||
Controlling Attribute: zimbraFileUploadMaxSize | |||
Default Value: 10485760 | |||
Current Value: 10485760 | |||
Config Text: 10485760 | |||
== web.upstream.:servers == | |||
NGINX Keyword: web.upstream.:servers | |||
Description: List of upstream HTTP servers used by Web Proxy (i.e. servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both) | |||
Controlling Attribute: zimbraReverseProxyLookupTarget | |||
Default Value: [] | |||
Current Value: [devel.peerbhoy.nat:7070] | |||
Config Text: server devel.peerbhoy.nat:7070; | |||
== web.upstream.name == | |||
NGINX Keyword: web.upstream.name | |||
Description: Symbolic name for HTTP upstream cluster | |||
Controlling Attribute: (none) | |||
Default Value: zimbra | |||
Current Value: zimbra | |||
Config Text: zimbra | |||
Revision as of 13:14, 8 September 2008
Almost all the configuration directives for Zimbra NGINX Proxy are controlled by LDAP attributes, and in some cases, by LocalConfig values. To simplify the Proxy Configuration, the NGINX Proxy Configuration Generator reads these LDAP/LocalConfig values, and generates the Proxy configuration files. To allow more flexibility to the process of config generation, the Config Generator reads in a set of template files, substitutes certain keywords with the actual values from LDAP/LocalConfig, and generates the configuration files for use with NGINX.
Both, the Proxy configuration files, and the Proxy configuration templates, are hierarchical in nature, which means that a main, top-level configuration file or template, includes other configuration files or templates respectively. Refer to the NGINX Configuration Structure for the Proxy Configuration Inclusion Hierarchy
Configuration Keywords
core.cprefix
NGINX Keyword: core.cprefix Description: Common config file prefix Controlling Attribute: (none) Default Value: nginx.conf Current Value: nginx.conf Config Text: nginx.conf
core.includes
NGINX Keyword: core.includes
Description: Include directory (relative to ${core.workdir}/conf)
Controlling Attribute: (none)
Default Value: nginx/includes
Current Value: nginx/includes
Config Text: nginx/includes
core.tprefix
NGINX Keyword: core.tprefix Description: Common template file prefix Controlling Attribute: (none) Default Value: nginx.conf Current Value: nginx.conf Config Text: nginx.conf
core.workdir
NGINX Keyword: core.workdir Description: Working Directory for NGINX worker processes Controlling Attribute: (none) Default Value: /opt/zimbra Current Value: /opt/zimbra Config Text: /opt/zimbra
mail.:auth_http
NGINX Keyword: mail.:auth_http Description: List of mail route lookup handlers (i.e. servers for which zimbraReverseProxyLookupTarget is true) Controlling Attribute: zimbraReverseProxyLookupTarget Default Value: [] Current Value: [devel.peerbhoy.nat:7072] Config Text: auth_http devel.peerbhoy.nat:7072/service/extension/nginx-lookup;
mail.authwait
NGINX Keyword: mail.authwait Description: Time delay (ms) after which an incorrect POP/IMAP login attempt will be rejected Controlling Attribute: zimbraReverseProxyAuthWaitInterval Default Value: 10000 Current Value: 10000 Config Text: 10000ms
mail.defaultrealm
NGINX Keyword: mail.defaultrealm Description: Default SASL realm used in case Kerberos principal does not contain realm information Controlling Attribute: zimbraReverseProxyDefaultRealm Default Value: Current Value: EXAMPLE.COM Config Text: EXAMPLE.COM
mail.dpasswd
NGINX Keyword: mail.dpasswd Description: Password for master credentials used by NGINX to log in to upstream for GSSAPI authentication Controlling Attribute: ldap_nginx_password Default Value: zmnginx Current Value: zmnginx Config Text: zmnginx
mail.enabled
NGINX Keyword: mail.enabled Description: Indicates whether Mail Proxy is enabled Controlling Attribute: zimbraReverseProxyMailEnabled Default Value: true Current Value: true Config Text:
mail.imap.authgssapi.enabled
NGINX Keyword: mail.imap.authgssapi.enabled Description: Whether SASL GSSAPI is enabled for IMAP Controlling Attribute: zimbraReverseProxyImapSaslGssapiEnabled Default Value: false Current Value: true Config Text:
mail.imap.authplain.enabled
NGINX Keyword: mail.imap.authplain.enabled Description: Whether SASL PLAIN is enabled for IMAP Controlling Attribute: zimbraReverseProxyImapSaslPlainEnabled Default Value: true Current Value: true Config Text:
mail.imap.greeting
NGINX Keyword: mail.imap.greeting Description: Proxy IMAP banner message (contains build version if zimbraReverseProxyImapExposeVersionOnBanner is true) Controlling Attribute: zimbraReverseProxyPop3ExposeVersionOnBanner Default Value: Current Value: Config Text:
mail.imap.literalauth
NGINX Keyword: mail.imap.literalauth Description: Whether NGINX uses literal strings for user name/password when logging in to upstream IMAP server - if false, NGINX uses quoted strings Controlling Attribute: (none) Default Value: true Current Value: true Config Text: on
mail.imap.port
NGINX Keyword: mail.imap.port Description: Mail Proxy IMAP Port Controlling Attribute: zimbraImapProxyBindPort Default Value: 143 Current Value: 143 Config Text: 143
mail.imap.tls
NGINX Keyword: mail.imap.tls Description: TLS support for IMAP - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel Controlling Attribute: zimbraReverseProxyImapStartTlsMode Default Value: only Current Value: on Config Text: on
mail.imapcapa
NGINX Keyword: mail.imapcapa Description: IMAP Capability List Controlling Attribute: zimbraReverseProxyImapEnabledCapability Default Value: [] Current Value: [ACL, BINARY, CATENATE, CHILDREN, CONDSTORE, ENABLE, ESEARCH, ESORT, I18NLEVEL=1, ID, IDLE, IMAP4rev1, LIST-EXTENDED, LITERAL+, MULTIAPPEND, NAMESPACE, QRESYNC, QUOTA, RIGHTS=ektx, SASL-IR, SEARCHRES, SORT, THREAD=ORDEREDSUBJECT, UIDPLUS, UNSELECT, WITHIN] Config Text: "ACL" "BINARY" "CATENATE" "CHILDREN" "CONDSTORE" "ENABLE" "ESEARCH" "ESORT" "I18NLEVEL=1" "ID" "IDLE" "IMAP4rev1" "LIST-EXTENDED" "LITERAL+" "MULTIAPPEND" "NAMESPACE" "QRESYNC" "QUOTA" "RIGHTS=ektx" "SASL-IR" "SEARCHRES" "SORT" "THREAD=ORDEREDSUBJECT" "UIDPLUS" "UNSELECT" "WITHIN"
mail.imapid
NGINX Keyword: mail.imapid Description: NGINX response to IMAP ID command Controlling Attribute: (none) Default Value: "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra" Current Value: "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra" Config Text: "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"
mail.imaps.port
NGINX Keyword: mail.imaps.port Description: Mail Proxy IMAPS Port Controlling Attribute: zimbraImapSSLProxyBindPort Default Value: 993 Current Value: 993 Config Text: 993
mail.ipmax
NGINX Keyword: mail.ipmax Description: IP Login Limit (Throttle) - 0 means infinity Controlling Attribute: zimbraReverseProxyIPLoginLimit Default Value: 0 Current Value: 0 Config Text: 0
mail.iprej
NGINX Keyword: mail.iprej Description: Rejection message for IP throttle Controlling Attribute: zimbraReverseProxyIpThrottleMsg Default Value: Login rejected from this IP Current Value: Login rejected from this IP Config Text: Login rejected from this IP
mail.ipttl
NGINX Keyword: mail.ipttl Description: Time interval (ms) after which IP Login Counter is reset Controlling Attribute: zimbraReverseProxyIPLoginLimitTime Default Value: 3600000 Current Value: 3600000 Config Text: 3600000ms
mail.passerrors
NGINX Keyword: mail.passerrors Description: Indicates whether mail proxy will pass any protocol specific errors from the upstream server back to the downstream client Controlling Attribute: zimbraReverseProxyPassErrors Default Value: true Current Value: true Config Text: on
mail.pop3.authgssapi.enabled
NGINX Keyword: mail.pop3.authgssapi.enabled Description: Whether SASL GSSAPI is enabled for POP3 Controlling Attribute: zimbraReverseProxyPop3SaslGssapiEnabled Default Value: false Current Value: true Config Text:
NGINX Keyword: mail.pop3.authplain.enabled Description: Whether SASL PLAIN is enabled for POP3 Controlling Attribute: zimbraReverseProxyPop3SaslPlainEnabled Default Value: true Current Value: true Config Text:
NGINX Keyword: mail.pop3.greeting Description: Proxy POP3 banner message (contains build version if zimbraReverseProxyPop3ExposeVersionOnBanner is true) Controlling Attribute: zimbraReverseProxyPop3ExposeVersionOnBanner Default Value: Current Value: Config Text:
NGINX Keyword: mail.pop3.port Description: Mail Proxy POP3 Port Controlling Attribute: zimbraPop3ProxyBindPort Default Value: 110 Current Value: 110 Config Text: 110
NGINX Keyword: mail.pop3.tls Description: TLS support for POP3 - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel Controlling Attribute: zimbraReverseProxyPop3StartTlsMode Default Value: only Current Value: on Config Text: on
NGINX Keyword: mail.pop3capa Description: POP3 Capability List Controlling Attribute: zimbraReverseProxyPop3EnabledCapability Default Value: [] Current Value: [EXPIRE 31 USER, TOP, UIDL, USER, XOIP] Config Text: "EXPIRE 31 USER" "TOP" "UIDL" "USER" "XOIP"
NGINX Keyword: mail.pop3s.port Description: Mail Proxy POP3S Port Controlling Attribute: zimbraPop3SSLProxyBindPort Default Value: 995 Current Value: 995 Config Text: 995
NGINX Keyword: mail.sasl_host_from_ip Description: Whether to use incoming interface IP address to determine service principal name (if true, IP address is reverse mapped to DNS name, else host name of proxy is used) Controlling Attribute: krb5_service_principal_from_interface_address Default Value: false Current Value: false Config Text: off
NGINX Keyword: mail.saslapp Description: Application name used by NGINX to initialize SASL authentication Controlling Attribute: (none) Default Value: nginx Current Value: nginx Config Text: nginx
NGINX Keyword: mail.ssl.cert Description: Mail Proxy SSL certificate file Controlling Attribute: (none) Default Value: /opt/zimbra/conf/nginx.crt Current Value: /opt/zimbra/conf/nginx.crt Config Text: /opt/zimbra/conf/nginx.crt
NGINX Keyword: mail.ssl.ciphers Description: Permitted ciphers for mail proxy Controlling Attribute: zimbraReverseProxySSLCiphers Default Value: !SSLv2:!MD5:HIGH Current Value: !SSLv2:!MD5:HIGH Config Text: !SSLv2:!MD5:HIGH
NGINX Keyword: mail.ssl.key Description: Mail Proxy SSL certificate key Controlling Attribute: (none) Default Value: /opt/zimbra/conf/nginx.key Current Value: /opt/zimbra/conf/nginx.key Config Text: /opt/zimbra/conf/nginx.key
NGINX Keyword: mail.ssl.preferserverciphers Description: Requires protocols SSLv3 and TLSv1 server ciphers be preferred over the client's ciphers Controlling Attribute: (none) Default Value: true Current Value: true Config Text: on
NGINX Keyword: mail.timeout Description: Time interval (ms) after which, if a POP/IMAP connection is inactive, it will be automatically disconnected Controlling Attribute: zimbraReverseProxyInactivityTimeout Default Value: 3600000 Current Value: 3600000 Config Text: 3600000ms
NGINX Keyword: mail.upstream.imapid Description: Whether NGINX issues the IMAP ID command to the upstream server prior to logging in (audit purpose) Controlling Attribute: zimbraReverseProxySendImapId Default Value: true Current Value: true Config Text: on
NGINX Keyword: mail.upstream.pop3xoip Description: Whether NGINX issues the POP3 XOIP command to the upstream server prior to logging in (audit purpose) Controlling Attribute: zimbraReverseProxySendPop3Xoip Default Value: true Current Value: true Config Text: on
NGINX Keyword: mail.usermax Description: User Login Limit (Throttle) - 0 means infinity Controlling Attribute: zimbraReverseProxyUserLoginLimit Default Value: 0 Current Value: 0 Config Text: 0
NGINX Keyword: mail.userrej Description: Rejection message for User throttle Controlling Attribute: zimbraReverseProxyUserThrottleMsg Default Value: Login rejected for this user Current Value: Login rejected for this user Config Text: Login rejected for this user
NGINX Keyword: mail.userttl Description: Time interval (ms) after which User Login Counter is reset Controlling Attribute: zimbraReverseProxyUserLoginLimitTime Default Value: 3600000 Current Value: 3600000 Config Text: 3600000ms
NGINX Keyword: main.connections Description: Maximum number of simultaneous connections per worker process Controlling Attribute: zimbraReverseProxyWorkerConnections Default Value: 10240 Current Value: 10240 Config Text: 10240
NGINX Keyword: main.group Description: The group as which the worker processes will run Controlling Attribute: (none) Default Value: zimbra Current Value: zimbra Config Text: zimbra
NGINX Keyword: main.krb5keytab Description: Path to kerberos keytab file used for GSSAPI authentication Controlling Attribute: krb5_keytab Default Value: /opt/zimbra/conf/krb5.keytab Current Value: /opt/zimbra/conf/krb5.keytab Config Text: /opt/zimbra/conf/krb5.keytab
NGINX Keyword: main.logfile
Description: Log file path (relative to ${core.workdir})
Controlling Attribute: (none)
Default Value: log/nginx.log
Current Value: log/nginx.log
Config Text: log/nginx.log
NGINX Keyword: main.loglevel Description: Log level - can be debug|info|notice|warn|error|crit Controlling Attribute: zimbraReverseProxyLogLevel Default Value: info Current Value: info Config Text: info
NGINX Keyword: main.pidfile
Description: PID file path (relative to ${core.workdir})
Controlling Attribute: (none)
Default Value: log/nginx.pid
Current Value: log/nginx.pid
Config Text: log/nginx.pid
NGINX Keyword: main.user Description: The user as which the worker processes will run Controlling Attribute: (none) Default Value: zimbra Current Value: zimbra Config Text: zimbra
NGINX Keyword: main.workers Description: Number of worker processes Controlling Attribute: zimbraReverseProxyWorkerProcesses Default Value: 4 Current Value: 4 Config Text: 4
NGINX Keyword: memcache.:servers Description: List of known memcache servers (i.e. servers having imapproxy service enabled) Controlling Attribute: (none) Default Value: [] Current Value: [devel.peerbhoy.nat:11211] Config Text: servers devel.peerbhoy.nat:11211;
NGINX Keyword: memcache.reconnect Description: Time (ms) after which NGINX will attempt to re-establish a broken connection to a memcache server Controlling Attribute: zimbraReverseProxyCacheReconnectInterval Default Value: 60000 Current Value: 60000 Config Text: 60000ms
NGINX Keyword: memcache.timeout Description: Time (ms) given to a cache-fetch operation to complete Controlling Attribute: zimbraReverseProxyCacheFetchTimeout Default Value: 3000 Current Value: 3000 Config Text: 3000ms
NGINX Keyword: memcache.ttl Description: Time interval (ms) for which cached entries remain in memcache Controlling Attribute: zimbraReverseProxyCacheEntryTTL Default Value: 3600000 Current Value: 3600000 Config Text: 3600000ms
NGINX Keyword: memcache.unqual Description: Deprecated - always set to false Controlling Attribute: (none) Default Value: false Current Value: false Config Text: off
NGINX Keyword: web.:routehandlers Description: List of web route lookup handlers (i.e. servers for which zimbraReverseProxyLookupTarget is true) Controlling Attribute: zimbraReverseProxyLookupTarget Default Value: [] Current Value: [devel.peerbhoy.nat:7072] Config Text: zmroutehandlers devel.peerbhoy.nat:7072/service/extension/nginx-lookup;
NGINX Keyword: web.enabled Description: Indicates whether HTTP proxying is enabled Controlling Attribute: zimbraReverseProxyHttpEnabled Default Value: false Current Value: true Config Text:
NGINX Keyword: web.http.enabled Description: Indicates whether HTTP Proxy will accept connections on HTTP (true unless zimbraReverseProxyMailMode is 'https') Controlling Attribute: (none) Default Value: true Current Value: true Config Text:
NGINX Keyword: web.http.maxbody Description: Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413 Controlling Attribute: zimbraFileUploadMaxSize Default Value: 10485760 Current Value: 10485760 Config Text: 10485760
NGINX Keyword: web.http.port Description: Web Proxy HTTP Port Controlling Attribute: zimbraMailProxyPort Default Value: 0 Current Value: 80 Config Text: 80
NGINX Keyword: web.http.uport Description: Web upstream server port Controlling Attribute: zimbraMailPort Default Value: 80 Current Value: 7070 Config Text: 7070
NGINX Keyword: web.https.enabled Description: Indicates whether HTTP Proxy will accept connections on HTTPS (true unless zimbraReverseProxyMailMode is 'http') Controlling Attribute: (none) Default Value: true Current Value: true Config Text:
NGINX Keyword: web.https.maxbody Description: Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413 Controlling Attribute: zimbraFileUploadMaxSize Default Value: 10485760 Current Value: 10485760 Config Text: 10485760
NGINX Keyword: web.https.port Description: Web Proxy HTTPS Port Controlling Attribute: zimbraMailSSLProxyPort Default Value: 0 Current Value: 443 Config Text: 443
NGINX Keyword: web.mailmode Description: Reverse Proxy Mail Mode - can be http|https|both|redirect|mixed Controlling Attribute: zimbraReverseProxyMailMode Default Value: both Current Value: mixed Config Text: mixed
NGINX Keyword: web.routetimeout Description: Time interval (ms) given to web route lookup handler to respond to route lookup request (after this time elapses, Proxy fails over to next handler, or fails the request if there are no more lookup handlers) Controlling Attribute: (none) Default Value: 15000 Current Value: 15000 Config Text: 15000ms
NGINX Keyword: web.ssl.cert Description: Web Proxy SSL certificate path Controlling Attribute: (none) Default Value: /opt/zimbra/conf/nginx.crt Current Value: /opt/zimbra/conf/nginx.crt Config Text: /opt/zimbra/conf/nginx.crt
NGINX Keyword: web.ssl.key Description: Web Proxy SSL certificate key Controlling Attribute: (none) Default Value: /opt/zimbra/conf/nginx.key Current Value: /opt/zimbra/conf/nginx.key Config Text: /opt/zimbra/conf/nginx.key
web.uploadmax
NGINX Keyword: web.uploadmax Description: Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413 Controlling Attribute: zimbraFileUploadMaxSize Default Value: 10485760 Current Value: 10485760 Config Text: 10485760
web.upstream.:servers
NGINX Keyword: web.upstream.:servers Description: List of upstream HTTP servers used by Web Proxy (i.e. servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both) Controlling Attribute: zimbraReverseProxyLookupTarget Default Value: [] Current Value: [devel.peerbhoy.nat:7070] Config Text: server devel.peerbhoy.nat:7070;
web.upstream.name
NGINX Keyword: web.upstream.name Description: Symbolic name for HTTP upstream cluster Controlling Attribute: (none) Default Value: zimbra Current Value: zimbra Config Text: zimbra
