Zimbra Proxy Guide
|This article applies to the following ZCS versions.|
Zimbra Proxy is a high-performance proxy server that can be configured as a POP3/IMAP/HTTP proxy used to reverse proxy IMAP/POP3 and HTTP client requests to a set of backend servers. End users can connect using HTTP, HTTPS, POP3, IMAP, POP3S (Secure POP3), or IMAPS (Secure IMAP).
This guide covers Zimbra Proxy components, architecture, and command-line utilities. For information about other ZCS services, see the Zimbra Network Edition Documentation at http://www.zimbra.com/products/documentation.html.
Zimbra Proxy Components
Zimbra Proxy is designed to provide a HTTP/POP/IMAP proxy that is quick, reliable, and scalable. Zimbra Proxy includes the following:
- Nginx. A high performance HTTP/IMAP/POP3 proxy server which handles all incoming HTTP/POP/IMAP requests.
- Memcached. A high performance, distributed memory object caching system. Route information is cached for further use in order to increase performance.
- Zimbra Proxy Route Lookup Handler. This is a servlet located on the ZCS mailbox server. This servlet handles queries for the user account route information (the server and port number where the user account resides).
Zimbra Proxy Architecture
Architecture and Flow
The following sequence shows the architecture and flow of Zimbra Proxy.
- End clients connect to Zimbra Proxy using HTTP/HTTPS/POP/IMAP ports.
- When Zimbra Proxy receives an incoming connection, the Nginx component sends an HTTP request to Zimbra Proxy Route Lookup Handler component.
- Zimbra Proxy Route Lookup Handler locates the route information for the account being accessed and returns this to Nginx.
- The Memcached component stores the route information for the configured period of time (by default, this time is one hour). Nginx will use this route information instead of querying the Zimbra Proxy Route Lookup Handler until the default period of time has expired.
- Nginx uses the route information to connect to Zimbra Mailbox.
- Zimbra Proxy connects to Zimbra Mailbox and initiates the web/mail proxy session. The end client behaves as if it is connecting directly to Zimbra Mailbox.
Zimbra Proxy Ports
The following ports are used either by Zimbra Proxy or by Zimbra Mailbox. If you have any other services running on these ports, turn them off.
End clients connect directly to Zimbra Proxy, using the Zimbra Proxy Ports. Zimbra Proxy connects to the Route Lookup Handler or Zimbra Mailbox using the Zimbra Mailbox Ports.
|Zimbra Proxy Ports (External to ZCS)||Port|
|POP3S (Secure POP3)||995|
|IMAPS (Secure IMAP)||993|
|Zimbra Mailbox Ports (Internal to ZCS)||Port|
|Route Lookup Handler||7072|
|HTTP Backend (if Proxy configured)||8080|
|HTTPS Backend (if Proxy configured)||8443|
|POP3 Backend (if Proxy configured)||7110|
|POP3S Backend (if Proxy configured)||7995|
|IMAP Backend (if Proxy configured)||7143|
|IMAPS Backend (if Proxy configured)||7993|
Zimbra Proxy Command-Line Utilities
The following commands are zmprov commands that are specific to Zimbra Proxy. For more information about using zmprov, refer to the Appendix A: Command-Line Utilities in the ZCS Administrator’s Guide, located on the Zimbra Website.
|Long Name||Short Name||Description|
|--getAllReverseProxyURLs||-garpu||Used to list all the upstream mailstore servers (NLEs) that should be used for reverse proxy lookup by the proxy|
|--getAllReverseProxyBackends||-garpb||Used to list all the upstream mailstore servers that are reverse-proxied by the proxy|
|--getAllMtaAuthURLs||-gamau||Used to publish into saslauthd.conf the servers that should be used for saslauthd.conf MTA auth|
|--getAllMemcachedServers||-gamcs||Used to list memcached servers (for Zimbra Proxy use)|