ZimbraApache: Difference between revisions
No edit summary |
No edit summary |
||
(20 intermediate revisions by 8 users not shown) | |||
Line 1: | Line 1: | ||
{{Archive}}=Running apache and zimbra webmail on the same host= | |||
'' | {{Unsupported}} | ||
==Apache over http (port 80) and Zimbra over https (port 443)== | |||
If you don't need to have non-SSL (http/port 80) access to zimbra webmail and you don't need to have SSL (https/port 443) access to apache, [[Zmtlsctl|configure zimbra to only listen on https]] port 443. | |||
su - zimbra | |||
zmtlsctl https | |||
tomcat restart | |||
That's it! Now apache will serve websites (presumably over port 80), and zimbra will serve webmail over port 443. | |||
==Sharing http (port 80) and/or https (port 443) between Zimbra and Apache== | |||
If you ''do'' need to have access to both zimbra ''and'' apache over the same port, use this guide. | |||
'''Q: How to run Apache + Zimbra on the same host without having to use a weird port to access any of them ?''' | |||
'''A: Use mod_proxy ;)''' | |||
This wiki page is based on this zimbra forums thread: http://www.zimbra.com/forums/showthread.php?t=2476 (I am using a Debian Sarge). | |||
You must have several hostnames for your server (for example zimbra.domain.com and www.domain.com). | |||
First of all, change zimbraMailPort, and recreate zimbraMtaAuthHost and restart zimbra so our apache can listen on 80, do it like this : | |||
zmprov ms zimbra.mydom.com zimbraMailPort 81 | |||
zmprov ms zimbra.mydom.com zimbraMtaAuthHost zimbra.mydom.com | |||
/etc/init.d/zimbra restart | |||
Then, install your prefered apache version (1.3 / 2) and add the proxy module : | Then, install your prefered apache version (1.3 / 2) and add the proxy module : | ||
'''for apache 1.3 :''' | |||
echo "LoadModule proxy_module /usr/lib/apache/1.3/libproxy.so" >> /etc/apache/modules.conf | |||
apachectl restart | |||
'''for apache 2 :''' | |||
ln -s /etc/apache2/mods-available/proxy.load /etc/apache2/mods-enabled/proxy.load | |||
ln -s /etc/apache2/mods-available/proxy.conf /etc/apache2/mods-enabled/proxy.conf | |||
/etc/init.d/apache2 restart | |||
Now we can add our virtualhosts. | |||
'''for apache 1.3, go into /etc/apache/conf.d/ and create/edit vhosts.conf :''' | |||
'''for apache 2 | '''[for apache 2 go into /etc/apache2/conf.d/]''' | ||
NameVirtualHost *:80 | |||
<VirtualHost *:80> | |||
ServerAdmin dz@mydom.com | |||
DocumentRoot /var/www/myweb | |||
ServerName www.mydom.com | |||
ErrorLog /var/log/apache/www-error.log | |||
CustomLog /var/log/apache/www-access.log common | |||
</VirtualHost> | |||
/ | <VirtualHost *:80> | ||
ServerName zimbra.mydom.com | |||
ServerAdmin dz@mydom.com | |||
ProxyPass / <nowiki>http://zimbra.mydom.com:81/</nowiki> | |||
ProxyPassReverse / <nowiki>http://zimbra.mydom.com:81/</nowiki> | |||
ErrorLog /var/log/apache/zimbra-error.log | |||
CustomLog /var/log/apache/zimbra-access.log common | |||
</VirtualHost> | |||
To do mod_proxy on the admin side do something along the following lines in httpd.conf | |||
<VirtualHost *:80> | |||
ServerName zimbras.domain.tld | |||
ServerAdmin admin@domain.tld | |||
SSLProxyEngine On | |||
ProxyPass <nowiki>/ https://zimbra.domain.tld:7071/</nowiki> (the hostname of the real zimbra server) | |||
ProxyPassReverse <nowiki>/ https://zimbra.domain.tld:7071/</nowiki> (the hostname of the real zimbra server) | |||
ErrorLog /var/log/zimbras.domain-error.log | |||
CustomLog /var/log/zimbras.domain-access.log combined | |||
CustomLog /var/log/all-access.log combined (something i have on all my hosts) | |||
</VirtualHost> | |||
Almost done. | |||
Restart everything. | |||
Test your new hosts. | |||
Enjoy Zimbra ;) | |||
==Sharing both HTTP and HTTPS between both Zimbra and Apache using Different Domain Names== | |||
I found that the above wouldn't work when I tried to preserve http and https access for both Zimbra and Apache. Here is what I did to fix it. Instead of using ProxyPass, I used Redirect, as follows. | |||
===Change the ports that the Zimbra webmail client listens on=== | |||
zmprov ms mail.yourdomain.com zimbraMailPort 60081 | |||
zmprov ms mail.yourdomain.com zimbraMailSSLPort 60443 | |||
zmprov ms mail.yourdomain.com zimbraMtaAuthHost mail.yourdomain.com | |||
zmcontrol stop | |||
zmcontrol start | |||
===Set up your redirects in Apache=== | |||
====Set up the http redirects==== | |||
Under Apache2 on CentOS, I just create a file called /etc/httpd/conf.d/vhosts.conf with the following content: | |||
NameVirtualHost *:80 | |||
<VirtualHost *:80> | |||
ServerAdmin admin@yourdomain.com | |||
DocumentRoot /var/www/html | |||
ServerName www.yourdomain.com | |||
ErrorLog /var/log/httpd-error.log | |||
CustomLog /var/log/httpd-access.log common | |||
</VirtualHost> | |||
<VirtualHost *:80> | |||
ServerName mail.yourdomain.com | |||
ServerAdmin admin@yourdomain.com | |||
Redirect <nowiki>/ https://mail.yourdomain.com:60443/</nowiki> | |||
ErrorLog /var/log/zimbra-error.log | |||
CustomLog /var/log/zimbra-access.log common | |||
</VirtualHost> | |||
====Set up your https redirects==== | |||
Under Apache2 on CentOS, I just edit the file called /etc/httpd/conf.d/ssl.conf. Look for the line that says: | |||
<VirtualHost _default_:443> | |||
Comment it out, and add the following just below it: | |||
NameVirtualHost *:443 | |||
<VirtualHost *:443> | |||
Below that, look for the commented-out line that starts with ServerName, uncomment it, and add your server name that you want to use for Apache: | |||
ServerName www.yourdomain.com | |||
Next, go to the bottom of the file and setup your Zimbra virtual host | |||
<VirtualHost *:443> | |||
ServerName mail.yourdomain.com | |||
ServerAdmin admin@yourdomain.com | |||
ErrorLog /var/log/zimbra-ssl-error.log | |||
CustomLog /var/log/zimbra-ssl-access.log common | |||
SSLEngine on | |||
SSLProtocol all -SSLv2 | |||
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW | |||
SSLCertificateFile /etc/pki/tls/certs/zimbra.crt | |||
SSLCertificateKeyFile /etc/pki/tls/private/zimbra.key | |||
SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt | |||
Redirect <nowiki>/ https://mail.yourdomain.com:60443/</nowiki> | |||
</VirtualHost> | |||
Why do we bother specifying the SSL certificate if we are only going to redirect from Apache to Zimbra? Because if you don't, your user will get an "invalid certificate" error from their browser before the redirect happens. | |||
===Restart Apache=== | |||
/etc/init.d/httpd restart | |||
==Sharing both HTTP and HTTPS between both Zimbra and Apache using Different IP Addresses== | |||
Instead of using different domain names, as in the above example, I find that it is much easier and cleaner to simply use different IP addresses. On my box, I only have one network interface card, but I have six public IP addresses that all point to it. Therefore, in my DNS I simply assign the www.yourdomain.com subdomain to XXX.XXX.XXX.100 and the mail.yourdomain.com subdomain to XXX.XXX.XXX.101. This gives you the added flexibility of adding many different sub domain aliases in your DNS and simply pointing them all to the same IP address. For example, you could add aliases like webmail.yourdomain.com and zimbra.yourdomain.com to the DNS, and you wouldn't have to change any of the configuration files below for it to work properly. | |||
===Change the ports that the Zimbra webmail client listens on=== | |||
zmprov ms mail.yourdomain.com zimbraMailPort 60081 | |||
zmprov ms mail.yourdomain.com zimbraMailSSLPort 60443 | |||
zmprov ms mail.yourdomain.com zimbraMtaAuthHost mail.yourdomain.com | |||
zmcontrol stop | |||
zmcontrol start | |||
===Set up your redirects in Apache=== | |||
====Make sure Apache is listening on all IP addresses==== | |||
Check your Apache configuration to make sure that it is listening on all IP addresses. For most installations, this will be the default, so if you haven't changed it yourself it should be working. Just to be sure, open your httpd.conf file (in CentOS it is /etc/httpd/conf/httpd.conf) and look for a line that starts with "Listen". It should just say: | |||
Listen 80 | |||
Or, it might say: | |||
Listen *:80 | |||
If it has a specific IP address in it, such as: | |||
Listen XXX.XXX.XXX.XXX:80 | |||
You will either need to delete the IP address reference or simply add multiple Listen lines for each of your IP addresses. | |||
====Set up the http redirects==== | |||
Under Apache2 on CentOS, I just create a file called /etc/httpd/conf.d/vhosts.conf with the following content: | |||
NameVirtualHost XXX.XXX.XXX.100:80 | |||
NameVirtualHost XXX.XXX.XXX.101:80 | |||
<VirtualHost XXX.XXX.XXX.100:80> | |||
ServerAdmin admin@yourdomain.com | |||
DocumentRoot /var/www/html | |||
ErrorLog /var/log/httpd-error.log | |||
CustomLog /var/log/httpd-access.log common | |||
</VirtualHost> | |||
<VirtualHost XXX.XXX.XXX.101:80> | |||
ServerAdmin admin@yourdomain.com | |||
Redirect <nowiki>/ https://mail.yourdomain.com:60443/</nowiki> | |||
ErrorLog /var/log/zimbra-error.log | |||
CustomLog /var/log/zimbra-access.log common | |||
</VirtualHost> | |||
====Set up your https redirects==== | |||
Under Apache2 on CentOS, I just edit the file called /etc/httpd/conf.d/ssl.conf. Look for the line that says: | |||
<VirtualHost _default_:443> | |||
Comment it out, and add the following just below it: | |||
NameVirtualHost XXX.XXX.XXX.100:443 | |||
NameVirtualHost XXX.XXX.XXX.101:443 | |||
<VirtualHost XXX.XXX.XXX.100:443> | |||
Next, go to the bottom of the file and setup your Zimbra virtual host | |||
<VirtualHost XXX.XXX.XXX.101:443> | |||
ServerName mail.yourdomain.com | |||
ServerAdmin admin@yourdomain.com | |||
ErrorLog /var/log/zimbra-ssl-error.log | |||
CustomLog /var/log/zimbra-ssl-access.log common | |||
SSLEngine on | |||
SSLProtocol all -SSLv2 | |||
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW | |||
SSLCertificateFile /etc/pki/tls/certs/zimbra.crt | |||
SSLCertificateKeyFile /etc/pki/tls/private/zimbra.key | |||
SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt | |||
Redirect <nowiki>/ https://mail.yourdomain.com:60443/</nowiki> | |||
</VirtualHost> | |||
Why do we bother specifying the SSL certificate if we are only going to redirect from Apache to Zimbra? Because if you don't, your user will get an "invalid certificate" error from their browser before the redirect happens. | |||
===Restart Apache=== | |||
/etc/init.d/httpd restart | |||
=Other Links= | |||
[[Provide_HTTP%28s%29_Integration_with_Apache]] | |||
[[Zimbra_with_Apache_using_mod_jk_-_mod_proxy_-_mod_proxy_ajp]] | |||
[[Using_Tomcat_with_Apache_(mod_jk)]] | |||
{{Article Footer|Unknown|5/5/2006}} | |||
[[Category:Customizing ZCS]] |
Latest revision as of 12:56, 24 March 2015
Running apache and zimbra webmail on the same host
Apache over http (port 80) and Zimbra over https (port 443)
If you don't need to have non-SSL (http/port 80) access to zimbra webmail and you don't need to have SSL (https/port 443) access to apache, configure zimbra to only listen on https port 443.
su - zimbra zmtlsctl https tomcat restart
That's it! Now apache will serve websites (presumably over port 80), and zimbra will serve webmail over port 443.
Sharing http (port 80) and/or https (port 443) between Zimbra and Apache
If you do need to have access to both zimbra and apache over the same port, use this guide.
Q: How to run Apache + Zimbra on the same host without having to use a weird port to access any of them ?
A: Use mod_proxy ;)
This wiki page is based on this zimbra forums thread: http://www.zimbra.com/forums/showthread.php?t=2476 (I am using a Debian Sarge).
You must have several hostnames for your server (for example zimbra.domain.com and www.domain.com).
First of all, change zimbraMailPort, and recreate zimbraMtaAuthHost and restart zimbra so our apache can listen on 80, do it like this :
zmprov ms zimbra.mydom.com zimbraMailPort 81 zmprov ms zimbra.mydom.com zimbraMtaAuthHost zimbra.mydom.com /etc/init.d/zimbra restart
Then, install your prefered apache version (1.3 / 2) and add the proxy module :
for apache 1.3 :
echo "LoadModule proxy_module /usr/lib/apache/1.3/libproxy.so" >> /etc/apache/modules.conf apachectl restart
for apache 2 :
ln -s /etc/apache2/mods-available/proxy.load /etc/apache2/mods-enabled/proxy.load ln -s /etc/apache2/mods-available/proxy.conf /etc/apache2/mods-enabled/proxy.conf /etc/init.d/apache2 restart
Now we can add our virtualhosts.
for apache 1.3, go into /etc/apache/conf.d/ and create/edit vhosts.conf :
[for apache 2 go into /etc/apache2/conf.d/]
NameVirtualHost *:80 <VirtualHost *:80> ServerAdmin dz@mydom.com DocumentRoot /var/www/myweb ServerName www.mydom.com ErrorLog /var/log/apache/www-error.log CustomLog /var/log/apache/www-access.log common </VirtualHost> <VirtualHost *:80> ServerName zimbra.mydom.com ServerAdmin dz@mydom.com ProxyPass / http://zimbra.mydom.com:81/ ProxyPassReverse / http://zimbra.mydom.com:81/ ErrorLog /var/log/apache/zimbra-error.log CustomLog /var/log/apache/zimbra-access.log common </VirtualHost>
To do mod_proxy on the admin side do something along the following lines in httpd.conf
<VirtualHost *:80> ServerName zimbras.domain.tld ServerAdmin admin@domain.tld SSLProxyEngine On ProxyPass / https://zimbra.domain.tld:7071/ (the hostname of the real zimbra server) ProxyPassReverse / https://zimbra.domain.tld:7071/ (the hostname of the real zimbra server) ErrorLog /var/log/zimbras.domain-error.log CustomLog /var/log/zimbras.domain-access.log combined CustomLog /var/log/all-access.log combined (something i have on all my hosts) </VirtualHost>
Almost done. Restart everything. Test your new hosts.
Enjoy Zimbra ;)
Sharing both HTTP and HTTPS between both Zimbra and Apache using Different Domain Names
I found that the above wouldn't work when I tried to preserve http and https access for both Zimbra and Apache. Here is what I did to fix it. Instead of using ProxyPass, I used Redirect, as follows.
Change the ports that the Zimbra webmail client listens on
zmprov ms mail.yourdomain.com zimbraMailPort 60081 zmprov ms mail.yourdomain.com zimbraMailSSLPort 60443 zmprov ms mail.yourdomain.com zimbraMtaAuthHost mail.yourdomain.com zmcontrol stop zmcontrol start
Set up your redirects in Apache
Set up the http redirects
Under Apache2 on CentOS, I just create a file called /etc/httpd/conf.d/vhosts.conf with the following content:
NameVirtualHost *:80 <VirtualHost *:80> ServerAdmin admin@yourdomain.com DocumentRoot /var/www/html ServerName www.yourdomain.com ErrorLog /var/log/httpd-error.log CustomLog /var/log/httpd-access.log common </VirtualHost> <VirtualHost *:80> ServerName mail.yourdomain.com ServerAdmin admin@yourdomain.com Redirect / https://mail.yourdomain.com:60443/ ErrorLog /var/log/zimbra-error.log CustomLog /var/log/zimbra-access.log common </VirtualHost>
Set up your https redirects
Under Apache2 on CentOS, I just edit the file called /etc/httpd/conf.d/ssl.conf. Look for the line that says:
<VirtualHost _default_:443>
Comment it out, and add the following just below it:
NameVirtualHost *:443 <VirtualHost *:443>
Below that, look for the commented-out line that starts with ServerName, uncomment it, and add your server name that you want to use for Apache:
ServerName www.yourdomain.com
Next, go to the bottom of the file and setup your Zimbra virtual host
<VirtualHost *:443> ServerName mail.yourdomain.com ServerAdmin admin@yourdomain.com ErrorLog /var/log/zimbra-ssl-error.log CustomLog /var/log/zimbra-ssl-access.log common SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/pki/tls/certs/zimbra.crt SSLCertificateKeyFile /etc/pki/tls/private/zimbra.key SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt Redirect / https://mail.yourdomain.com:60443/ </VirtualHost>
Why do we bother specifying the SSL certificate if we are only going to redirect from Apache to Zimbra? Because if you don't, your user will get an "invalid certificate" error from their browser before the redirect happens.
Restart Apache
/etc/init.d/httpd restart
Sharing both HTTP and HTTPS between both Zimbra and Apache using Different IP Addresses
Instead of using different domain names, as in the above example, I find that it is much easier and cleaner to simply use different IP addresses. On my box, I only have one network interface card, but I have six public IP addresses that all point to it. Therefore, in my DNS I simply assign the www.yourdomain.com subdomain to XXX.XXX.XXX.100 and the mail.yourdomain.com subdomain to XXX.XXX.XXX.101. This gives you the added flexibility of adding many different sub domain aliases in your DNS and simply pointing them all to the same IP address. For example, you could add aliases like webmail.yourdomain.com and zimbra.yourdomain.com to the DNS, and you wouldn't have to change any of the configuration files below for it to work properly.
Change the ports that the Zimbra webmail client listens on
zmprov ms mail.yourdomain.com zimbraMailPort 60081 zmprov ms mail.yourdomain.com zimbraMailSSLPort 60443 zmprov ms mail.yourdomain.com zimbraMtaAuthHost mail.yourdomain.com zmcontrol stop zmcontrol start
Set up your redirects in Apache
Make sure Apache is listening on all IP addresses
Check your Apache configuration to make sure that it is listening on all IP addresses. For most installations, this will be the default, so if you haven't changed it yourself it should be working. Just to be sure, open your httpd.conf file (in CentOS it is /etc/httpd/conf/httpd.conf) and look for a line that starts with "Listen". It should just say:
Listen 80
Or, it might say:
Listen *:80
If it has a specific IP address in it, such as:
Listen XXX.XXX.XXX.XXX:80
You will either need to delete the IP address reference or simply add multiple Listen lines for each of your IP addresses.
Set up the http redirects
Under Apache2 on CentOS, I just create a file called /etc/httpd/conf.d/vhosts.conf with the following content:
NameVirtualHost XXX.XXX.XXX.100:80 NameVirtualHost XXX.XXX.XXX.101:80 <VirtualHost XXX.XXX.XXX.100:80> ServerAdmin admin@yourdomain.com DocumentRoot /var/www/html ErrorLog /var/log/httpd-error.log CustomLog /var/log/httpd-access.log common </VirtualHost> <VirtualHost XXX.XXX.XXX.101:80> ServerAdmin admin@yourdomain.com Redirect / https://mail.yourdomain.com:60443/ ErrorLog /var/log/zimbra-error.log CustomLog /var/log/zimbra-access.log common </VirtualHost>
Set up your https redirects
Under Apache2 on CentOS, I just edit the file called /etc/httpd/conf.d/ssl.conf. Look for the line that says:
<VirtualHost _default_:443>
Comment it out, and add the following just below it:
NameVirtualHost XXX.XXX.XXX.100:443 NameVirtualHost XXX.XXX.XXX.101:443 <VirtualHost XXX.XXX.XXX.100:443>
Next, go to the bottom of the file and setup your Zimbra virtual host
<VirtualHost XXX.XXX.XXX.101:443> ServerName mail.yourdomain.com ServerAdmin admin@yourdomain.com ErrorLog /var/log/zimbra-ssl-error.log CustomLog /var/log/zimbra-ssl-access.log common SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/pki/tls/certs/zimbra.crt SSLCertificateKeyFile /etc/pki/tls/private/zimbra.key SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt Redirect / https://mail.yourdomain.com:60443/ </VirtualHost>
Why do we bother specifying the SSL certificate if we are only going to redirect from Apache to Zimbra? Because if you don't, your user will get an "invalid certificate" error from their browser before the redirect happens.
Restart Apache
/etc/init.d/httpd restart
Other Links
Provide_HTTP(s)_Integration_with_Apache
Zimbra_with_Apache_using_mod_jk_-_mod_proxy_-_mod_proxy_ajp
Using_Tomcat_with_Apache_(mod_jk)