Zimbra Proxy Manual:Configuration And Template Files And Proxy Related Variables: Difference between revisions
No edit summary |
m (NOTOC until it's fixed - ie, Centered-Top) |
||
Line 1: | Line 1: | ||
{{BC|Certified}} | {{BC|Certified}} | ||
__NOTOC__ | |||
<div class="col-md-12 ibox-content"> | <div class="col-md-12 ibox-content"> | ||
=Zimbra Proxy Manual: Configuration And Template Files And Proxy Related Variables= | =Zimbra Proxy Manual: Configuration And Template Files And Proxy Related Variables= |
Latest revision as of 21:54, 7 June 2016
Zimbra Proxy Manual: Configuration And Template Files And Proxy Related Variables
General Proxy Overview | |||
---|---|---|---|
Overview And Planning For Zimbra Proxy | Installing , Configuring, Disabling the Zimbra Proxy | Zimbra Proxy Related CLI Commands | Troubleshooting Zimbra Proxy |
Nginx Configuration Overview
Zimbra NGINX Proxy has a hierarchical configuration structure. Top level configuration files include other functionality-specific configuration files. The main configuration file is /opt/zimbra/conf/nginx.conf, and this includes other configuration files as per the hierarchy below. Each configuration file usually defines and/or references one or more directives. For a complete list of NGINX Proxy Configuration Directives, please refer to NGINX Configuration Directive Reference
Each NGINX configuration file is generated from a corresponding template file. A template file looks exactly the same as its corresponding configuration file, with the difference that the template file contains keywords which are expanded by the Proxy Config Generator, and the configuration file is produced as a result
Understanding The Zimbra Proxy Config Rewrite
zmproxyconfgen , zmproxyconfig and zmproxyctl
One changes the proxy environment variables with either zmproxyconfig or zmprov . After you make your changes, zmproxyctl restart is ran, which will restart the proxy service and invoke zmproxyconfgen in the background. The zmproxyconfgen script reads in the proxy configuration template files and generates the NGINX config files after performing keyword substitution on the template files with values from the LDAP configuration. zmproxyconfgen is usually never invoked directly -- it is invoked automatically by zmproxyctl.
To change multiple LDAP attributes related to the proxy at once (i.e any of the zimbraReverseProxy* attrs) instead of using zmprov command to change each attribute individually, /opt/zimbra/libexec/zmproxyconfig can be used. The usage for this script see Ajcody-Proxy-Guide-Rewrite-Project#zmproxyconfig
You will have to restart the proxy after modifying your proxy server with zmproxyconfig by running 'zmproxyctl restart' .
- Note: zmproxyconfig is no longer required to enable the proxy if you are doing a fresh installation of ZCS with proxy. The installer already runs this and the proxy is enabled for imap/pop/https access by default. Although it is needed while trying to deploy proxy in existing non-proxy environments when using the existing servers. Kindly refer http://wiki.zimbra.com/wiki/Enabling_Zimbra_Proxy#Using_existing_servers
zmconfigd
* More details needed.
Updates to the Nginx configuration files are also done via the zmconfigd processes on your proxy and mailstore nodes.
Config Files And Config Templates
Source: http://wiki.zimbra.com/wiki/Zimbra_Proxy_Guide#Config_Files_and_Config_Templates
To simplify configuration, the Nginx configuration files have been split up into different config files based on functionality. The main, top-level configuration file is /opt/zimbra/conf/nginx.conf, and this file includes the main config, memcache config, mail config, and web config files. The mail config in turn includes the configuration for imap, imaps, pop3 and pop3s. The web config includes the configuration for http and https. The template files follow exactly the same inclusion hierarchy, and each configuration file has a corresponding template file from which it is generated. Each template file resides in /opt/zimbra/conf/nginx/templates/ Each corresponding config file resides in /opt/zimbra/conf/nginx/includes/ (excluding top-level config file which is /opt/zimbra/conf/nginx/nginx.conf)
Nginx Configuration File Hierarchy
The symbol |_ indicates that a file is included by the one above it. Increasing levels of indentation indicate lower levels of config files
/opt/zimbra/conf/nginx.conf |_ /opt/zimbra/conf/nginx/includes/nginx.conf.main |_ /opt/zimbra/conf/nginx/includes/nginx.conf.memcache |_ /opt/zimbra/conf/nginx/includes/nginx.conf.zmlookup |_ /opt/zimbra/conf/nginx/includes/nginx.conf.mail |_ /opt/zimbra/conf/nginx/includes/nginx.conf.mail.imap.default |_ /opt/zimbra/conf/nginx/includes/nginx.conf.mail.imaps.default |_ /opt/zimbra/conf/nginx/includes/nginx.conf.mail.pop3.default |_ /opt/zimbra/conf/nginx/includes/nginx.conf.mail.pop3s.default |_ /opt/zimbra/conf/nginx/includes/nginx.conf.web |_ /opt/zimbra/conf/nginx/includes/nginx.conf.web.http.default |_ /opt/zimbra/conf/nginx/includes/nginx.conf.web.https.default |_ /opt/zimbra/conf/nginx/includes/nginx.conf.web.admin.default |_ /opt/zimbra/conf/nginx/includes/nginx.conf.web.sso.default
Description Of The Nginx Configuration Files
/opt/zimbra/conf/nginx.conf
- /opt/zimbra/conf/nginx.conf
- Description:
- This is the main top-level Nginx configuration file. It defines the working directory for Nginx worker processes (/opt/zimbra), and includes the main, memcache, mail, and web configuration files. When Nginx Proxy starts, it reads this configuration file first
- Template:
- /opt/zimbra/conf/nginx/templates/nginx.conf.template
- Includes:
- /opt/zimbra/conf/nginx/includes/nginx.conf.main
- /opt/zimbra/conf/nginx/includes/nginx.conf.memcache
- /opt/zimbra/conf/nginx/includes/nginx.conf.zmlookup
- /opt/zimbra/conf/nginx/includes/nginx.conf.mail
- /opt/zimbra/conf/nginx/includes/nginx.conf.web
/opt/zimbra/conf/nginx/includes/nginx.conf.main
- /opt/zimbra/conf/nginx/includes/nginx.conf.main
- Description:
- This file contains the directives that control the basic Nginx functionality. Defines global parameters for all Nginx worker processes.
- Template:
- /opt/zimbra/conf/nginx/templates/nginx.conf.main.template
- Includes:
- None
/opt/zimbra/conf/nginx/includes/nginx.conf.memcache
- /opt/zimbra/conf/nginx/includes/nginx.conf.memcache
- Description:
- This file contains the memcache configuration for Nginx. It defines all the memcache servers that are used by Nginx Proxy, and the various cache timeout related settings for cache fetch/store. Common for mail [POP3[S] , IMAP[S]] and web [HTTP[S]].
- Template:
- /opt/zimbra/conf/nginx/templates/nginx.conf.memcache.template
- Includes:
- None
/opt/zimbra/conf/nginx/includes/nginx.conf.zmlookup
- /opt/zimbra/conf/nginx/includes/nginx.conf.zmlookup
- Description:
- This file contains the zmlookup configuration for Nginx.
- Template:
- /opt/zimbra/conf/nginx/templates/nginx.conf.zmlookup.template
- Includes:
- None
/opt/zimbra/conf/nginx/includes/nginx.conf.mail
- /opt/zimbra/conf/nginx/includes/nginx.conf.mail
- Description:
- This file contains the common configuration for Mail [POP3[S] And IMAP[S]]. The directives referenced here are usually common across both, POP3[S] and IMAP[S]. Significantly, this file defines the route lookup handlers used by Nginx to discover the mail routes.
- Template:
- /opt/zimbra/conf/nginx/templates/nginx.conf.mail.template
- Includes:
- /opt/zimbra/conf/nginx/includes/nginx.conf.mail.imap.default
- /opt/zimbra/conf/nginx/includes/nginx.conf.mail.imaps.default
- /opt/zimbra/conf/nginx/includes/nginx.conf.mail.pop3.default
- /opt/zimbra/conf/nginx/includes/nginx.conf.mail.pop3s.default
/opt/zimbra/conf/nginx/includes/nginx.conf.mail.imap.default
- /opt/zimbra/conf/nginx/includes/nginx.conf.mail.imap.default
- Description:
- This file defines the server block for IMAP.
- Template:
- /opt/zimbra/conf/nginx/templates/nginx.conf.mail.imap.default.template
- Includes:
- None
/opt/zimbra/conf/nginx/includes/nginx.conf.mail.imaps.default
- /opt/zimbra/conf/nginx/includes/nginx.conf.mail.imaps.default
- Description:
- This file defines the server block for IMAPS.
- Template:
- /opt/zimbra/conf/nginx/templates/nginx.conf.mail.imaps.default.template
- Includes:
- None
/opt/zimbra/conf/nginx/includes/nginx.conf.mail.pop3.default
- /opt/zimbra/conf/nginx/includes/nginx.conf.mail.pop3.default
- Description:
- This file defines the server block for POP3.
- Template:
- /opt/zimbra/conf/nginx/templates/nginx.conf.template.pop3.default.template
- Includes:
- None
/opt/zimbra/conf/nginx/includes/nginx.conf.mail.pop3s.default
- /opt/zimbra/conf/nginx/includes/nginx.conf.mail.pop3s.default
- Description:
- This file defines the server block for POP3S.
- Template:
- /opt/zimbra/conf/nginx/templates/nginx.conf.mail.pop3s.default.template
- Includes:
- None
/opt/zimbra/conf/nginx/includes/nginx.conf.web
- /opt/zimbra/conf/nginx/includes/nginx.conf.web
- Description:
- This file contains the common configuration for Web Proxy [HTTP and HTTPS]. The directives here apply HTTP as well as HTTPS. This file also defines the route lookup handlers used by NGINX to discover the web routes.
- Template:
- /opt/zimbra/conf/nginx/templates/nginx.conf.web.template
- Includes:
- /opt/zimbra/conf/nginx/includes/nginx.conf.web.http.default
- /opt/zimbra/conf/nginx/includes/nginx.conf.web.https.default
- /opt/zimbra/conf/nginx/includes/nginx.conf.web.sso.default
- /opt/zimbra/conf/nginx/includes/nginx.conf.web.admin.default
/opt/zimbra/conf/nginx/includes/nginx.conf.web.http.default
- /opt/zimbra/conf/nginx/includes/nginx.conf.web.http.default
- Description:
- This file defines the server block for HTTP.
- Template:
- /opt/zimbra/conf/nginx/templates/nginx.conf.web.http.default.template
- Includes:
- None
/opt/zimbra/conf/nginx/includes/nginx.conf.web.https.default
- /opt/zimbra/conf/nginx/includes/nginx.conf.web.https.default
- Description:
- This file defines the server block for HTTPS.
- Template:
- /opt/zimbra/conf/nginx/templates/nginx.conf.web.https.default.template
- Includes:
- None
/opt/zimbra/conf/nginx/includes/nginx.conf.web.sso.default
- /opt/zimbra/conf/nginx/includes/nginx.conf.web.sso.default
- Description:
- This file defines the server block for Single Sign On (SSO).
- Template:
- /opt/zimbra/conf/nginx/templates/nginx.conf.web.sso.default.template
- Includes:
- None
/opt/zimbra/conf/nginx/includes/nginx.conf.web.admin.default
- /opt/zimbra/conf/nginx/includes/nginx.conf.web.admin.default
- Description:
- This file defines the server block for NGINX Admin Proxy - Admin console.
- Template:
- /opt/zimbra/conf/nginx/templates/nginx.conf.web.admin.default.template
- Includes:
- None
LDAP Proxy Attributes
Introduction to LDAP Proxy Attributes
To check the description, type, default value etc for any of the above attributes, simply do 'zmprov desc -a <attr>'
eg. zmprov desc -a zimbraReverseProxyWorkerConnections
Pre 8.5 Attributes
zimbraReverseProxyWorkerConnections
zimbraReverseProxyWorkerConnections Maximum number of connections that an NGINX Proxy worker process is allowed to handle type : integer value : callback : immutable : false cardinality : single requiredIn : optionalIn : server,globalConfig flags : serverInherited defaults : 10240 min : 1 max : 40960 id : 725 requiresRestart : nginxproxy since : 5.0.10 deprecatedSince :
zimbraReverseProxyAdminEnabled
zimbraReverseProxyAdminEnabled indicate whether to turn on admin console proxy type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : FALSE min : max : id : 1321 requiresRestart : since : 8.0.0 deprecatedSince :
zimbraReverseProxyAdminIPAddress
zimbraReverseProxyAdminIPAddress Allowed reverse proxy IP addresses. Lookup servlet will only generate authtokens if request was made from one of these IP addresses type : astring value : callback : immutable : false cardinality : multi requiredIn : optionalIn : globalConfig flags : defaults : min : max : 256 id : 697 requiresRestart : since : 5.0.9 deprecatedSince :
zimbraReverseProxyAdminPortAttribute
zimbraReverseProxyAdminPortAttribute the attribute that identifies the zimbra admin bind port type : string value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : zimbraAdminPort min : max : id : 700 requiresRestart : since : 5.0.9 deprecatedSince :
zimbraReverseProxyAuthWaitInterval
zimbraReverseProxyAuthWaitInterval wait duration before nginx sending back the NO response for failed imap/pop3 reverse proxy lookups. Must be in valid duration format: {digits}{time-unit}. digits: 0-9, time-unit: [hmsd]|ms. h - hours, m - minutes, s - seconds, d - days, ms - milliseconds. If time unit is not specified, the default is s(seconds). type : duration value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : 10s min : 0 max : id : 569 requiresRestart : nginxproxy since : 5.0.0 deprecatedSince :
zimbraReverseProxyAvailableLookupTargets
zimbraReverseProxyAvailableLookupTargets The servers to be included in the proxy lookup handlers list. Proxy will only use the servers specified here to do the lookup. Leaving empty means using all the servers whose zimbraReverseProxyLookupTarget is TRUE. type : string value : callback : immutable : false cardinality : multi requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : min : max : id : 1379 requiresRestart : since : 8.0.0 deprecatedSince :
zimbraReverseProxyCacheEntryTTL
zimbraReverseProxyCacheEntryTTL time interval that an entry cached by NGINX will remain in the cache. Must be in valid duration format: {digits}{time-unit}. digits: 0-9, time-unit: [hmsd]|ms. h - hours, m - minutes, s - seconds, d - days, ms - milliseconds. If time unit is not specified, the default is s(seconds). type : duration value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : 1h min : 0 max : id : 732 requiresRestart : nginxproxy since : 5.0.10 deprecatedSince :
zimbraReverseProxyCacheFetchTimeout
zimbraReverseProxyCacheFetchTimeout time interval that NGINX proxy will wait for a cache result, before considering the result as a cache miss. Must be in valid duration format: {digits}{time-unit}. digits: 0-9, time-unit: [hmsd]|ms. h - hours, m - minutes, s - seconds, d - days, ms - milliseconds. If time unit is not specified, the default is s(seconds). type : duration value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : 3s min : 0 max : id : 731 requiresRestart : nginxproxy since : 5.0.10 deprecatedSince :
zimbraReverseProxyCacheReconnectInterval
zimbraReverseProxyCacheReconnectInterval time interval that NGINX proxy will wait before attempting to re-establish a connection to a memcache server that disconnected. Must be in valid duration format: {digits}{time-unit}. digits: 0-9, time-unit: [hmsd]|ms. h - hours, m - minutes, s - seconds, d - days, ms - milliseconds. If time unit is not specified, the default is s(seconds). type : duration value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : 1m min : 0 max : id : 730 requiresRestart : nginxproxy since : 5.0.10 deprecatedSince :
zimbraReverseProxyClientCertCA
zimbraReverseProxyClientCertCA CA certificate for authenticating client certificates in nginx proxy (https only) type : astring value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server,domain flags : domainInherited,serverInherited defaults : min : max : id : 1201 requiresRestart : since : 7.1.1 deprecatedSince :
zimbraReverseProxyClientCertMode
zimbraReverseProxyClientCertMode enable authentication via X.509 Client Certificate in nginx proxy (https only) type : enum value : on,off,optional callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server,domain flags : domainInherited,serverInherited defaults : off min : max : id : 1200 requiresRestart : since : 7.1.1 deprecatedSince :
zimbraReverseProxyConnectTimeout
zimbraReverseProxyConnectTimeout Time interval after which NGINX mail proxy will disconnect while establishing an upstream IMAP/POP connection. Must be in valid duration format: {digits}{time-unit}. digits: 0-9, time-unit: [hmsd]|ms. h - hours, m - minutes, s - seconds, d - days, ms - milliseconds. If time unit is not specified, the default is s(seconds). type : duration value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : 120000ms min : 0 max : id : 797 requiresRestart : nginxproxy since : 6.0.0_BETA1 deprecatedSince :
zimbraReverseProxyDefaultRealm
zimbraReverseProxyDefaultRealm The default realm that will be used by NGINX mail proxy, when the realm is not specified in GSSAPI Authentication type : string value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : min : max : id : 703 requiresRestart : nginxproxy since : 5.0.9 deprecatedSince :
zimbraReverseProxyDnsLookupInServerEnabled
zimbraReverseProxyDnsLookupInServerEnabled Control whether force the server side do the DNS lookup and send the result IP back to proxy. If set false, the raw address configured (e.g. zimbraMailHost) is directly sent to proxy. type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : TRUE min : max : id : 1384 requiresRestart : since : 8.0.0 deprecatedSince :
zimbraReverseProxyDomainNameAttribute
zimbraReverseProxyDomainNameAttribute LDAP attribute that contains domain name for the domain type : string value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : zimbraDomainName min : max : id : 547 requiresRestart : since : 5.0.0 deprecatedSince :
zimbraReverseProxyDomainNameQuery
zimbraReverseProxyDomainNameQuery LDAP query to find a domain type : string value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : (&(zimbraVirtualIPAddress=${IPADDR})(objectClass=zimbraDomain)) min : max : id : 545 requiresRestart : since : 5.0.0 deprecatedSince :
zimbraReverseProxyDomainNameSearchBase
zimbraReverseProxyDomainNameSearchBase search base for zimbraReverseProxyDomainNameQuery type : string value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : min : max : id : 546 requiresRestart : since : 5.0.0 deprecatedSince :
zimbraReverseProxyErrorHandlerURL
zimbraReverseProxyErrorHandlerURL the URL of customized proxy error handler. If set, when errors happen in proxy, proxy will redirect to this URL with two paras - err: error code; up: the addr of upstream server connecting to which the error happens type : string value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : min : max : id : 1332 requiresRestart : since : 8.0.0 deprecatedSince :
zimbraReverseProxyExternalRouteIncludeOriginalAuthusername
zimbraReverseProxyExternalRouteIncludeOriginalAuthusername During migrations Nginx lookup handler rewrites non-qualified username to fully qualified breaking proxy to external legacy mail platform. When zimbraReverseProxyUseExternalRoute is set to TRUE and zimbraReverseProxyExternalRouteIncludeOriginalAuthusername is set to FALSE nginx lookup handler drops the domain name from the userAccount and returns just the username. type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,domain flags : domainAdminModifiable,domainInherited defaults : FALSE min : max : id : 1454 requiresRestart : since : 8.0.5 deprecatedSince :
zimbraReverseProxyGenConfigPerVirtualHostname
zimbraReverseProxyGenConfigPerVirtualHostname Control whether to generate per virtual hostname nginx configuration. This would be helpful when multiple virtual host names are defined, but they are actually share the same configuration (like ssl cert, client CA, ...). This attr has to be set as "TRUE" to enable the features like cert per domain. type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : TRUE min : max : id : 1374 requiresRestart : since : 7.2.0 deprecatedSince :
zimbraReverseProxyHttpEnabled
zimbraReverseProxyHttpEnabled Whether to enable HTTP proxy type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : FALSE min : max : id : 628 requiresRestart : nginxproxy since : 5.0.3 deprecatedSince :
zimbraReverseProxyHttpPortAttribute
zimbraReverseProxyHttpPortAttribute attribute that contains http bind port type : string value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : zimbraMailPort min : max : id : 632 requiresRestart : since : 5.0.5 deprecatedSince :
zimbraReverseProxyHttpSSLPortAttribute
zimbraReverseProxyHttpSSLPortAttribute attribute that contains http ssl bind port type : string value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : zimbraMailSSLPort min : max : id : 1359 requiresRestart : since : 8.0.0 deprecatedSince :
zimbraReverseProxyIPLoginLimit
zimbraReverseProxyIPLoginLimit Sets the upper limit on logins from a remote IP via POP or IMAP to this proxy server after which login is rejected with an appropriate protocol specific bye response. This counter is cumulative for all users that appear to the proxy to be logging in from the same IP address. If multiple users appear to the proxy to be logging in from the same IP address (usual with NATing), then each of the different users login will contribute to increasing the hit counter for that IP address, and when the counter eventually exceeds the limit, then the connections from that IP address will be throttled. Therefore, all users from the same IP will contribute to (and be affected by) this counter. Logins using all protocols (POP3/POP3S/IMAP/IMAPS) will affect this counter (the counter is aggregate for all protocols, *not* separate). If this value is set to 0, then no limiting will take place for any IP. type : integer value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : 0 min : 0 max : id : 622 requiresRestart : since : 5.0.3 deprecatedSince :
zimbraReverseProxyIPLoginLimitTime
zimbraReverseProxyIPLoginLimitTime Sets the time-to-live for the hit counter for IP based login throttling. If time is set to 3600 and limit is set to 1000, then it means that NGINX should not allow more than 1000 users to log in via the proxy from the same IP, within the time interval of an hour. The semantics for such a configuration would then be: allow maximum 1000 users per hour from any given IP address. type : integer value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : 3600 min : 0 max : id : 623 requiresRestart : since : 5.0.3 deprecatedSince :
zimbraReverseProxyImapEnabledCapability
zimbraReverseProxyImapEnabledCapability NGINX reverse proxy imap capabilities type : string value : callback : immutable : false cardinality : multi requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : IMAP4rev1,ACL,BINARY,CATENATE,CHILDREN,CONDSTORE,ENABLE,ESEARCH, ESORT,I18NLEVEL=1,ID,IDLE,LIST-EXTENDED,LIST-STATUS,LITERAL+,MULTIAPPEND,NAMESPACE, QRESYNC,QUOTA,RIGHTS=ektx,SASL-IR,SEARCHRES,SORT,THREAD=ORDEREDSUBJECT,UIDPLUS, UNSELECT,WITHIN,XLIST min : max : 256 id : 719 requiresRestart : nginxproxy since : 5.0.10 deprecatedSince :
zimbraReverseProxyImapExposeVersionOnBanner
zimbraReverseProxyImapExposeVersionOnBanner Whether to expose version on Proxy IMAP banner type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : FALSE min : max : id : 713 requiresRestart : nginxproxy since : 5.0.10 deprecatedSince :
zimbraReverseProxyImapPortAttribute
zimbraReverseProxyImapPortAttribute attribute that contains imap bind port type : string value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : zimbraImapBindPort min : max : id : 479 requiresRestart : since : deprecatedSince :
zimbraReverseProxyImapSSLPortAttribute
zimbraReverseProxyImapSSLPortAttribute attribute that contains imap bind port for SSL type : string value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : zimbraImapSSLBindPort min : max : id : 480 requiresRestart : since : deprecatedSince :
zimbraReverseProxyImapSaslGssapiEnabled
zimbraReverseProxyImapSaslGssapiEnabled whether IMAP SASL GSSAPI is enabled for reverse proxy type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : FALSE min : max : id : 643 requiresRestart : nginxproxy since : 5.0.5 deprecatedSince :
zimbraReverseProxyImapSaslPlainEnabled
zimbraReverseProxyImapSaslPlainEnabled whether IMAP SASL PLAIN is enabled for reverse proxy type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : TRUE min : max : id : 728 requiresRestart : nginxproxy since : 5.0.10 deprecatedSince :
zimbraReverseProxyImapStartTlsMode
zimbraReverseProxyImapStartTlsMode on - on the plain POP/IMAP port, starttls is allowed off - no starttls is offered on plain port only - you have to use starttls before clear text login type : enum value : on,off,only callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : only min : max : id : 641 requiresRestart : nginxproxy since : 5.0.5 deprecatedSince :
zimbraReverseProxyInactivityTimeout
zimbraReverseProxyInactivityTimeout Deprecated since: 8.0.0. deprecated in favor of local config "imap_max_idle_time", "pop3_max_idle_time", "imap_authenticated_max_idle_time" in bug 59685. Orig desc: Time interval after which NGINX mail proxy will disconnect an inactive IMAP/POP connection. Must be in valid duration format: {digits}{time-unit}. digits: 0-9, time-unit: [hmsd]|ms. h - hours, m - minutes, s - seconds, d - days, ms - milliseconds. If time unit is not specified, the default is s(seconds). type : duration value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : 1h min : 0 max : id : 735 requiresRestart : nginxproxy since : 5.0.10 deprecatedSince : 8.0.0
zimbraReverseProxyIpThrottleMsg
zimbraReverseProxyIpThrottleMsg The error message with which a connection attempt from an IP address will be throttled, if the connection count exceeds the configured limit type : string value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : Login rejected from this IP min : max : id : 727 requiresRestart : nginxproxy since : 5.0.10 deprecatedSince :
zimbraReverseProxyLogLevel
zimbraReverseProxyLogLevel Log level for NGINX Proxy error log type : enum value : debug,info,notice,warn,error,crit,debug_http,debug_mail,debug_core,debug_zimbra callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : info min : max : id : 723 requiresRestart : nginxproxy since : 5.0.10 deprecatedSince :
zimbraReverseProxyLookupTarget
zimbraReverseProxyLookupTarget whether this server is a reverse proxy lookup target type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : FALSE min : max : id : 504 requiresRestart : nginxproxy since : deprecatedSince :
zimbraReverseProxyMailEnabled
zimbraReverseProxyMailEnabled Whether to enable IMAP/POP proxy type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : TRUE min : max : id : 629 requiresRestart : nginxproxy since : 5.0.3 deprecatedSince :
zimbraReverseProxyMailHostAttribute
zimbraReverseProxyMailHostAttribute LDAP attribute that contains mailhost for the user type : string value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : zimbraMailHost min : max : id : 474 requiresRestart : since : deprecatedSince :
zimbraReverseProxyMailHostQuery
zimbraReverseProxyMailHostQuery LDAP query to find a user type : string value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : (|(zimbraMailDeliveryAddress=${USER})(zimbraMailAlias=${USER})(zimbraId=${USER})) min : max : id : 472 requiresRestart : since : deprecatedSince :
zimbraReverseProxyMailHostSearchBase
zimbraReverseProxyMailHostSearchBase search base for zimbraReverseProxyMailHostQuery type : string value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : min : max : id : 473 requiresRestart : since : deprecatedSince :
zimbraReverseProxyMailImapEnabled
zimbraReverseProxyMailImapEnabled Whether to enable IMAP proxy type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : TRUE min : max : id : 1621 requiresRestart : nginxproxy since : 8.5.0 deprecatedSince :
zimbraReverseProxyMailImapsEnabled
zimbraReverseProxyMailImapsEnabled Whether to enable IMAPs proxy type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : TRUE min : max : id : 1622 requiresRestart : nginxproxy since : 8.5.0 deprecatedSince :
zimbraReverseProxyMailMode
zimbraReverseProxyMailMode whether to run proxy in HTTP, HTTPS, both, mixed, or redirect mode. See also related attributes zimbraMailProxyPort and zimbraMailSSLProxyPort type : enum value : http,https,both,mixed,redirect callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : min : max : id : 685 requiresRestart : nginxproxy since : 5.0.7 deprecatedSince :
zimbraReverseProxyMailPop3Enabled
zimbraReverseProxyMailPop3Enabled Whether to enable Pop3 proxy type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : TRUE min : max : id : 1623 requiresRestart : nginxproxy since : 8.5.0 deprecatedSince :
zimbraReverseProxyMailPop3sEnabled
zimbraReverseProxyMailPop3sEnabled Whether to enable Pop3s proxy type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : TRUE min : max : id : 1624 requiresRestart : nginxproxy since : 8.5.0 deprecatedSince :
zimbraReverseProxyPassErrors
zimbraReverseProxyPassErrors whether NGINX mail proxy will pass upstream server errors back to the downstream email clients type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : TRUE min : max : id : 736 requiresRestart : nginxproxy since : 5.0.10 deprecatedSince :
zimbraReverseProxyPop3EnabledCapability
zimbraReverseProxyPop3EnabledCapability NGINX reverse proxy pop3 capabilities type : string value : callback : immutable : false cardinality : multi requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : TOP,USER,UIDL,EXPIRE 31 USER,XOIP min : max : 256 id : 721 requiresRestart : nginxproxy since : 5.0.10 deprecatedSince :
zimbraReverseProxyPop3ExposeVersionOnBanner
zimbraReverseProxyPop3ExposeVersionOnBanner Whether to expose version on Proxy POP3 banner type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : FALSE min : max : id : 712 requiresRestart : nginxproxy since : 5.0.10 deprecatedSince :
zimbraReverseProxyPop3PortAttribute
zimbraReverseProxyPop3PortAttribute attribute that contains pop3 bind port type : string value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : zimbraPop3BindPort min : max : id : 477 requiresRestart : since : deprecatedSince :
zimbraReverseProxyPop3SSLPortAttribute
zimbraReverseProxyPop3SSLPortAttribute attribute that contains pop3 bind port for SSL type : string value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : zimbraPop3SSLBindPort min : max : id : 478 requiresRestart : since : deprecatedSince :
zimbraReverseProxyPop3SaslGssapiEnabled
zimbraReverseProxyPop3SaslGssapiEnabled whether POP3 SASL GSSAPI is enabled for reverse proxy type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : FALSE min : max : id : 644 requiresRestart : nginxproxy since : 5.0.5 deprecatedSince :
zimbraReverseProxyPop3SaslPlainEnabled
zimbraReverseProxyPop3SaslPlainEnabled whether POP3 SASL PLAIN is enabled for reverse proxy type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : TRUE min : max : id : 729 requiresRestart : nginxproxy since : 5.0.10 deprecatedSince :
zimbraReverseProxyPop3StartTlsMode
zimbraReverseProxyPop3StartTlsMode on - on the plain POP/IMAP port, starttls is allowed off - no starttls is offered on plain port only - you have to use starttls before clear text login type : enum value : on,off,only callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : only min : max : id : 642 requiresRestart : nginxproxy since : 5.0.5 deprecatedSince :
zimbraReverseProxyPortQuery
zimbraReverseProxyPortQuery LDAP query to find server object type : string value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : (&(zimbraServiceHostname=${MAILHOST})(objectClass=zimbraServer)) min : max : id : 475 requiresRestart : since : deprecatedSince :
zimbraReverseProxyPortSearchBase
zimbraReverseProxyPortSearchBase search base for zimbraReverseProxyPortQuery type : string value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : min : max : id : 476 requiresRestart : since : deprecatedSince :
zimbraReverseProxyRouteLookupTimeout
zimbraReverseProxyRouteLookupTimeout Time interval after which NGINX will fail over to the next route lookup handler, if a handler does not respond to the route lookup request within this time. Must be in valid duration format: {digits}{time-unit}. digits: 0-9, time-unit: [hmsd]|ms. h - hours, m - minutes, s - seconds, d - days, ms - milliseconds. If time unit is not specified, the default is s(seconds). type : duration value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : 15s min : 0 max : id : 745 requiresRestart : nginxproxy since : 5.0.10 deprecatedSince :
zimbraReverseProxyRouteLookupTimeoutCache
zimbraReverseProxyRouteLookupTimeoutCache Time interval (ms) given to mail route lookup handler to cache a failed response to route a previous lookup request (after this time elapses, Proxy retries this host). Must be in valid duration format: {digits}{time-unit}. digits: 0-9, time-unit: [hmsd]|ms. h - hours, m - minutes, s - seconds, d - days, ms - milliseconds. If time unit is not specified, the default is s(seconds). type : duration value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : 60s min : 0 max : id : 778 requiresRestart : nginxproxy since : 5.0.12 deprecatedSince :
zimbraReverseProxySSLCiphers
zimbraReverseProxySSLCiphers permitted ciphers for reverse proxy. Ciphers are in the formats supported by OpenSSL e.g. ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; if not set, default ciphers permitted by nginx will apply type : string value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:E CDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384: ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256: DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA: AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256: RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK min : max : id : 640 requiresRestart : nginxproxy since : 5.0.5 deprecatedSince :
zimbraReverseProxySSLToUpstreamEnabled
zimbraReverseProxySSLToUpstreamEnabled If set as TRUE, proxy will use SSL to connect to the upstream mail servers for web and mail proxy. Note admin console proxy always use https no matter how this attr is set. type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : TRUE min : max : id : 1360 requiresRestart : since : 8.0.0 deprecatedSince :
zimbraReverseProxySendImapId
zimbraReverseProxySendImapId whether nginx should send ID command for imap type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : TRUE min : max : id : 588 requiresRestart : nginxproxy since : 5.0.1 deprecatedSince :
zimbraReverseProxySendPop3Xoip
zimbraReverseProxySendPop3Xoip whether nginx should send XOIP command for pop3 type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : TRUE min : max : id : 587 requiresRestart : nginxproxy since : 5.0.1 deprecatedSince :
zimbraReverseProxyUpstreamConnectTimeout
zimbraReverseProxyUpstreamConnectTimeout The connect timeout is the time interval after which NGINX will disconnect while establishing an upstream HTTP connection. Measured in seconds, should not be more than 75 seconds. type : integer value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : 25 min : 0 max : 75 id : 1440 requiresRestart : since : 8.0.4 deprecatedSince :
zimbraReverseProxyUpstreamPollingTimeout
zimbraReverseProxyUpstreamPollingTimeout The read timeout for long polling support by proxy, e.g. ActiveSync for mobile devices. . Must be in valid duration format: {digits}{time-unit}. digits: 0-9, time-unit: [hmsd]|ms. h - hours, m - minutes, s - seconds, d - days, ms - milliseconds. If time unit is not specified, the default is s(seconds). type : duration value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : 1h min : 0 max : id : 1337 requiresRestart : since : 7.1.4 deprecatedSince :
zimbraReverseProxyUpstreamReadTimeout
zimbraReverseProxyUpstreamReadTimeout The read timeout for the response of upstream server, which determines how long nginx will wait to get the response to a request. . Must be in valid duration format: {digits}{time-unit}. digits: 0-9, time-unit: [hmsd]|ms. h - hours, m - minutes, s - seconds, d - days, ms - milliseconds. If time unit is not specified, the default is s(seconds). type : duration value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : 60s min : 0 max : id : 1335 requiresRestart : since : 7.1.4 deprecatedSince :
zimbraReverseProxyUpstreamSendTimeout
zimbraReverseProxyUpstreamSendTimeout The send timeout of transfering a request to the upstream server. If after this time the upstream server doesn't take new data, proxy will close the connection. . Must be in valid duration format: {digits}{time-unit}. digits: 0-9, time-unit: [hmsd]|ms. h - hours, m - minutes, s - seconds, d - days, ms - milliseconds. If time unit is not specified, the default is s(seconds). type : duration value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : 60s min : 0 max : id : 1336 requiresRestart : since : 7.1.4 deprecatedSince :
zimbraReverseProxyUpstreamServers
zimbraReverseProxyUpstreamServers The servers to be included in the "upstream" block in the nginx web proxy config file. The servers configured here will only affect the proxy of pre-login requests. Leaving empty means using all the servers whose zimbraReverseProxyLookupTarget is TRUE. type : string value : callback : immutable : false cardinality : multi requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : min : max : id : 1378 requiresRestart : since : 8.0.0 deprecatedSince :
zimbraReverseProxyUseExternalRoute
zimbraReverseProxyUseExternalRoute There is a deployment scenario for migrations where all of the customers users are pointed at the zimbra POP IMAP reverse proxy. We then want their connections proxied back to the legacy system for not-yet-non-migrated users. If this attribute is TRUE, reverse proxy lookup servlet should check to see if zimbraExternal* is set on the domain. If so it is used. If not, lookup proceeds as usual. type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : account,domain flags : domainAdminModifiable defaults : min : max : id : 779 requiresRestart : since : 5.0.12 deprecatedSince :
zimbraReverseProxyUseExternalRouteIfAccountNotExist
zimbraReverseProxyUseExternalRouteIfAccountNotExist Use external route configured on domain if account cannot be found. Also see zimbraReverseProxyUseExternalRoute. type : boolean value : callback : immutable : false cardinality : single requiredIn : optionalIn : domain flags : domainAdminModifiable defaults : min : max : id : 1132 requiresRestart : since : 7.0.0 deprecatedSince :
zimbraReverseProxyUserLoginLimit
zimbraReverseProxyUserLoginLimit Limit how many times a user can login via the proxy. Setting limit to 100 and time to 3600 means: allow maximum 100 logins per hour for any user. As with the ip counterparts, the user hit counter and timeout are cumulative for all protocols. Also, for a given users login, both counters are checked in succession, with the IP counter being checked first. A login may be rejected (throttled) because the IP is over-usage, or because the login name itself is over-usage. A value of 0 indicates that no throttling will take place for any user. type : integer value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : 0 min : 0 max : id : 624 requiresRestart : nginxproxy since : 5.0.3 deprecatedSince :
zimbraReverseProxyUserLoginLimitTime
zimbraReverseProxyUserLoginLimitTime Sets the time-to-live for the hit counter for per user login throttling. type : integer value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : 3600 min : 0 max : id : 625 requiresRestart : nginxproxy since : 5.0.3 deprecatedSince :
zimbraReverseProxyUserNameAttribute
zimbraReverseProxyUserNameAttribute LDAP attribute that contains user name for the principal type : string value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : min : max : id : 572 requiresRestart : since : 5.0.0 deprecatedSince :
zimbraReverseProxyUserThrottleMsg
zimbraReverseProxyUserThrottleMsg The error message with which a login attempt by a user will be throttled, if the attempt count exceeds the configured limit type : string value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : Login rejected for this user min : max : id : 726 requiresRestart : nginxproxy since : 5.0.10 deprecatedSince :
zimbraReverseProxyWorkerConnections
zimbraReverseProxyWorkerConnections Maximum number of connections that an NGINX Proxy worker process is allowed to handle type : integer value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : 10240 min : 1 max : 40960 id : 725 requiresRestart : nginxproxy since : 5.0.10 deprecatedSince :
zimbraReverseProxyWorkerProcesses
zimbraReverseProxyWorkerProcesses Number of worker processes of NGINX Proxy type : integer value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : 4 min : 1 max : 16 id : 724 requiresRestart : nginxproxy since : 5.0.10 deprecatedSince :
New 8.5 attributes
zimbraReverseProxyAcceptMutex
zimbraReverseProxyAcceptMutex on - accept_mutex flag 'on' for the reverse proxy. This is default. off - accept_mutex flag 'off' for the reverse proxy. Turning it off will get much better distribution of client connections between workers. type : enum value : on,off callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : on min : max : id : 1594 requiresRestart : nginxproxy since : 8.5.0 deprecatedSince :
zimbraReverseProxyUpstreamEwsServers
zimbraReverseProxyUpstreamEwsServers The servers running mailbox with EWS functionality to be included in the "ews" block in the nginx web proxy config file type : string value : callback : immutable : false cardinality : multi requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : min : max : id : 1595 requiresRestart : since : 8.5.0 deprecatedSince :
zimbraReverseProxyUpstreamLoginServers
zimbraReverseProxyUpstreamLoginServers The servers to be included in the login block in the nginx web proxy config file. The servers configured here will only affect the proxy of login URL requests. type : string value : callback : immutable : false cardinality : multi requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : min : max : id : 1603 requiresRestart : since : 8.5.0 deprecatedSince :
zimbraReverseProxyExactServerVersionCheck
zimbraReverseProxyExactServerVersionCheck Whether nginx will match exact server version against the version received in the client request (in ZM_AUTH_TOKEN). Defaults to on. Setting this to off will make nginx compare only the major and minor server versions (eg. all 8.5.x will be treated same by nginx) type : enum value : on,off callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig,server flags : serverInherited defaults : on min : max : id : 1616 requiresRestart : nginxproxy since : 8.5.0 deprecatedSince :
Nginx Configuration Directive Reference Introduction
Almost all the configuration directives for Zimbra NGINX Proxy are controlled by LDAP attributes, and in some cases, by LocalConfig values. To simplify the Proxy Configuration, the NGINX Proxy Configuration Generator reads these LDAP/LocalConfig values, and generates the Proxy configuration files. To allow more flexibility to the process of config generation, the Config Generator reads in a set of template files, substitutes certain keywords with the actual values from LDAP/LocalConfig, and generates the configuration files for use with NGINX.
Both, the Proxy configuration files, and the Proxy configuration templates, are hierarchical in nature, which means that a main, top-level configuration file or template, includes other configuration files or templates respectively. Refer to the NGINX Configuration Structure for the Proxy Configuration Inclusion Hierarchy
Configuration Keywords
core.workdir
NGINX Keyword: core.workdir Description: Working Directory for NGINX worker processes Controlling Attribute: (none) Default Value: /opt/zimbra Config Text: /opt/zimbra How to modify: N/A
core.includes
NGINX Keyword: core.includes Description: Include directory (relative to ${core.workdir}/conf) containing sub-configuration files Controlling Attribute: (none) Default Value: nginx/includes Config Text: nginx/includes How to modify: N/A
core.cprefix
NGINX Keyword: core.cprefix Description: Common config file prefix Controlling Attribute: (none) Default Value: nginx.conf Config Text: nginx.conf How to modify: N/A
core.tprefix
NGINX Keyword: core.tprefix Description: Common template file prefix Controlling Attribute: (none) Default Value: nginx.conf Config Text: nginx.conf How to modify: N/A
core.ipv4only.enabled
NGINX Keyword: core.ipv4only.enabled Description: Whether ipv4 is enabled for the proxy or not (based on zimbraIPMode) Controlling Attribute: (none) Default Value: false Config Text: N/A How to modify: N/A
core.ipv6only.enabled
NGINX Keyword: core.ipv6only.enabled Description: Whether ipv6 is enabled for the proxy or not (based on zimbraIPMode) Controlling Attribute: (none) Default Value: false Config Text: N/A How to modify: N/A
core.ipboth.enabled
NGINX Keyword: core.ipboth.enabled Description: Whether ipv4 & ipv6 both are enabled for the proxy or not (based on zimbraIPMode) Controlling Attribute: (none) Default Value: true Config Text: N/A How to modify: N/A
mail.:auth_http
NGINX Keyword: mail.:auth_http Description: List of mail route lookup handlers (i.e. servers for which zimbraReverseProxyLookupTarget is true) Controlling Attribute: zimbraReverseProxyLookupTarget Default Value: [] Current Value: [<server>:7072] Config Text: auth_http <server>:7072/service/extension/nginx-lookup; How to modify: zmprov ms <server> zimbraReverseProxyLookupTarget TRUE // to add a server to route-lookup list zmprov ms <server> zimbraReverseProxyLookupTarget FALSE // to remove a server from route-lookup list
mail.authwait
NGINX Keyword: mail.authwait Description: Time delay (ms) after which an incorrect POP/IMAP login attempt will be rejected Controlling Attribute: zimbraReverseProxyAuthWaitInterval Default Value: 10000 Config Text: 10000ms How to modify: zmprov mcf zimbraReverseProxyAuthWaitInterval 15s // s=seconds, m=minutes, h=hours, d=days
mail.defaultrealm
NGINX Keyword: mail.defaultrealm Description: Default SASL realm used in case Kerberos principal does not contain realm information Controlling Attribute: zimbraReverseProxyDefaultRealm Default Value: Config Text: How to modify: zmprov ms <server> zimbraReverseProxyDefaultRealm MYREALM.COM
mail.dpasswd
NGINX Keyword: mail.dpasswd Description: Password for master credentials used by NGINX to log in to upstream for GSSAPI authentication Controlling Attribute: ldap_nginx_password Default Value: zmnginx Config Text: zmnginx How to modify: N/A
mail.enabled
NGINX Keyword: mail.enabled Description: Indicates whether Mail Proxy is enabled Controlling Attribute: zimbraReverseProxyMailEnabled Default Value: true Config Text: How to modify: zmprov ms <server> zimbraReverseProxyMailEnabled FALSE
mail.imap.authgssapi.enabled
NGINX Keyword: mail.imap.authgssapi.enabled Description: Whether SASL GSSAPI is enabled for IMAP Controlling Attribute: zimbraReverseProxyImapSaslGssapiEnabled Default Value: false Config Text: How to modify: zmprov ms <server> zimbraReverseProxyImapSaslGssapiEnabled TRUE
mail.imap.authplain.enabled
NGINX Keyword: mail.imap.authplain.enabled Description: Whether SASL PLAIN is enabled for IMAP Controlling Attribute: zimbraReverseProxyImapSaslPlainEnabled Default Value: true Config Text: How to modify: zmprov ms <server> zimbraReverseProxyImapSaslPlainEnabled FALSE
mail.imap.greeting
NGINX Keyword: mail.imap.greeting Description: Proxy IMAP banner message (contains build version if zimbraReverseProxyImapExposeVersionOnBanner is true) Controlling Attribute: zimbraReverseProxyPop3ExposeVersionOnBanner Default Value: Config Text: How to modify: zmprov ms zimbraReverseProxyPop3ExposeVersionOnBanner TRUE
mail.imap.literalauth
NGINX Keyword: mail.imap.literalauth Description: Whether NGINX uses literal strings for user name/password when logging in to upstream IMAP server - if false, NGINX uses quoted strings Controlling Attribute: (none) Default Value: true Config Text: on How to modify: N/A
mail.imap.port
NGINX Keyword: mail.imap.port Description: Mail Proxy IMAP Port Controlling Attribute: zimbraImapProxyBindPort Default Value: 143 Config Text: 143 How to modify: N/A
mail.imap.tls
NGINX Keyword: mail.imap.tls Description: TLS support for IMAP - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel Controlling Attribute: zimbraReverseProxyImapStartTlsMode Default Value: only Config Text: on How to modify: N/A
mail.imapcapa
NGINX Keyword: mail.imapcapa Description: IMAP Capability List Controlling Attribute: zimbraReverseProxyImapEnabledCapability Default Value: [] Current Value: [ACL, BINARY, CATENATE, CHILDREN, CONDSTORE, ENABLE, ESEARCH, ESORT, I18NLEVEL=1, ID, IDLE, IMAP4rev1, LIST-EXTENDED, LITERAL+, MULTIAPPEND, NAMESPACE, QRESYNC, QUOTA, RIGHTS=ektx, SASL-IR, SEARCHRES, SORT, THREAD=ORDEREDSUBJECT, UIDPLUS, UNSELECT, WITHIN] Config Text: "ACL" "BINARY" "CATENATE" "CHILDREN" "CONDSTORE" "ENABLE" "ESEARCH" "ESORT" "I18NLEVEL=1" "ID" "IDLE" "IMAP4rev1" "LIST-EXTENDED" "LITERAL+" "MULTIAPPEND" "NAMESPACE" "QRESYNC" "QUOTA" "RIGHTS=ektx" "SASL-IR" "SEARCHRES" "SORT" "THREAD=ORDEREDSUBJECT" "UIDPLUS" "UNSELECT" "WITHIN" How to modify: N/A
mail.imapid
NGINX Keyword: mail.imapid Description: NGINX response to IMAP ID command Controlling Attribute: (none) Default Value: "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra" Current Value: "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra" Config Text: "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra" How to modify: N/A
mail.imaps.port
NGINX Keyword: mail.imaps.port Description: Mail Proxy IMAPS Port Controlling Attribute: zimbraImapSSLProxyBindPort Default Value: 993 Config Text: 993 How to modify: N/A
mail.ipmax
NGINX Keyword: mail.ipmax Description: IP Login Limit (Throttle) - 0 means infinity Controlling Attribute: zimbraReverseProxyIPLoginLimit Default Value: 0 Config Text: 0 How to modify: N/A
mail.iprej
NGINX Keyword: mail.iprej Description: Rejection message for IP throttle Controlling Attribute: zimbraReverseProxyIpThrottleMsg Default Value: Login rejected from this IP Config Text: Login rejected from this IP How to modify: N/A
mail.ipttl
NGINX Keyword: mail.ipttl Description: Time interval (ms) after which IP Login Counter is reset Controlling Attribute: zimbraReverseProxyIPLoginLimitTime Default Value: 3600000 Config Text: 3600000ms How to modify: N/A
mail.passerrors
NGINX Keyword: mail.passerrors Description: Indicates whether mail proxy will pass any protocol specific errors from the upstream server back to the downstream client Controlling Attribute: zimbraReverseProxyPassErrors Default Value: true Config Text: on How to modify: N/A
mail.pop3.authgssapi.enabled
NGINX Keyword: mail.pop3.authgssapi.enabled Description: Whether SASL GSSAPI is enabled for POP3 Controlling Attribute: zimbraReverseProxyPop3SaslGssapiEnabled Default Value: false Config Text: How to modify: N/A
mail.pop3.authplain.enabled
NGINX Keyword: mail.pop3.authplain.enabled Description: Whether SASL PLAIN is enabled for POP3 Controlling Attribute: zimbraReverseProxyPop3SaslPlainEnabled Default Value: true Config Text: How to modify: N/A
mail.pop3.greeting
NGINX Keyword: mail.pop3.greeting Description: Proxy POP3 banner message (contains build version if zimbraReverseProxyPop3ExposeVersionOnBanner is true) Controlling Attribute: zimbraReverseProxyPop3ExposeVersionOnBanner Default Value: Config Text: How to modify: N/A
mail.pop3.port
NGINX Keyword: mail.pop3.port Description: Mail Proxy POP3 Port Controlling Attribute: zimbraPop3ProxyBindPort Default Value: 110 Config Text: 110 How to modify: N/A
mail.pop3.tls
NGINX Keyword: mail.pop3.tls Description: TLS support for POP3 - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel Controlling Attribute: zimbraReverseProxyPop3StartTlsMode Default Value: only Config Text: on How to modify: N/A
mail.pop3capa
NGINX Keyword: mail.pop3capa Description: POP3 Capability List Controlling Attribute: zimbraReverseProxyPop3EnabledCapability Default Value: [] Current Value: [EXPIRE 31 USER, TOP, UIDL, USER, XOIP] Config Text: "EXPIRE 31 USER" "TOP" "UIDL" "USER" "XOIP" How to modify: N/A
mail.pop3s.port
NGINX Keyword: mail.pop3s.port Description: Mail Proxy POP3S Port Controlling Attribute: zimbraPop3SSLProxyBindPort Default Value: 995 Config Text: 995 How to modify: N/A
mail.sasl_host_from_ip
NGINX Keyword: mail.sasl_host_from_ip Description: Whether to use incoming interface IP address to determine service principal name (if true, IP address is reverse mapped to DNS name, else host name of proxy is used) Controlling Attribute: krb5_service_principal_from_interface_address Default Value: false Config Text: off How to modify: N/A
mail.saslapp
NGINX Keyword: mail.saslapp Description: Application name used by NGINX to initialize SASL authentication Controlling Attribute: (none) Default Value: nginx Config Text: nginx How to modify: N/A
mail.ssl.cert
NGINX Keyword: mail.ssl.cert Description: Mail Proxy SSL certificate file Controlling Attribute: (none) Default Value: /opt/zimbra/conf/nginx.crt Config Text: /opt/zimbra/conf/nginx.crt How to modify: N/A
mail.ssl.ciphers
NGINX Keyword: mail.ssl.ciphers Description: Permitted ciphers for mail proxy Controlling Attribute: zimbraReverseProxySSLCiphers Default Value: !SSLv2:!MD5:HIGH Config Text: !SSLv2:!MD5:HIGH How to modify: N/A
mail.ssl.key
NGINX Keyword: mail.ssl.key Description: Mail Proxy SSL certificate key Controlling Attribute: (none) Default Value: /opt/zimbra/conf/nginx.key Config Text: /opt/zimbra/conf/nginx.key How to modify: N/A
mail.ssl.preferserverciphers
NGINX Keyword: mail.ssl.preferserverciphers Description: Requires protocols SSLv3 and TLSv1 server ciphers be preferred over the client's ciphers Controlling Attribute: (none) Default Value: true Config Text: on How to modify: N/A
mail.timeout
NGINX Keyword: mail.timeout Description: Time interval (ms) after which, if a POP/IMAP connection is inactive, it will be automatically disconnected Controlling Attribute: zimbraReverseProxyInactivityTimeout Default Value: 3600000 Config Text: 3600000ms How to modify: N/A
mail.upstream.imapid
NGINX Keyword: mail.upstream.imapid Description: Whether NGINX issues the IMAP ID command to the upstream server prior to logging in (audit purpose) Controlling Attribute: zimbraReverseProxySendImapId Default Value: true Config Text: on How to modify: N/A
mail.upstream.pop3xoip
NGINX Keyword: mail.upstream.pop3xoip Description: Whether NGINX issues the POP3 XOIP command to the upstream server prior to logging in (audit purpose) Controlling Attribute: zimbraReverseProxySendPop3Xoip Default Value: true Config Text: on How to modify: N/A
mail.usermax
NGINX Keyword: mail.usermax Description: User Login Limit (Throttle) - 0 means infinity Controlling Attribute: zimbraReverseProxyUserLoginLimit Default Value: 0 Config Text: 0 How to modify: N/A
mail.userrej
NGINX Keyword: mail.userrej Description: Rejection message for User throttle Controlling Attribute: zimbraReverseProxyUserThrottleMsg Default Value: Login rejected for this user Config Text: Login rejected for this user How to modify: N/A
mail.userttl
NGINX Keyword: mail.userttl Description: Time interval (ms) after which User Login Counter is reset Controlling Attribute: zimbraReverseProxyUserLoginLimitTime Default Value: 3600000 Config Text: 3600000ms How to modify: N/A
main.connections
NGINX Keyword: main.connections Description: Maximum number of simultaneous connections per worker process Controlling Attribute: zimbraReverseProxyWorkerConnections Default Value: 10240 Config Text: 10240 How to modify: N/A
main.group
NGINX Keyword: main.group Description: The group as which the worker processes will run Controlling Attribute: (none) Default Value: zimbra Config Text: zimbra How to modify: N/A
main.krb5keytab
NGINX Keyword: main.krb5keytab Description: Path to kerberos keytab file used for GSSAPI authentication Controlling Attribute: krb5_keytab Default Value: /opt/zimbra/conf/krb5.keytab Config Text: /opt/zimbra/conf/krb5.keytab How to modify: N/A
main.logfile
NGINX Keyword: main.logfile Description: Log file path (relative to ${core.workdir}) Controlling Attribute: (none) Default Value: log/nginx.log Config Text: log/nginx.log How to modify: N/A
main.loglevel
NGINX Keyword: main.loglevel Description: Log level - can be debug|info|notice|warn|error|crit Controlling Attribute: zimbraReverseProxyLogLevel Default Value: info Config Text: info How to modify: N/A
main.pidfile
NGINX Keyword: main.pidfile Description: PID file path (relative to ${core.workdir}) Controlling Attribute: (none) Default Value: log/nginx.pid Config Text: log/nginx.pid How to modify: N/A
main.user
NGINX Keyword: main.user Description: The user as which the worker processes will run Controlling Attribute: (none) Default Value: zimbra Config Text: zimbra How to modify: N/A
main.workers
NGINX Keyword: main.workers Description: Number of worker processes Controlling Attribute: zimbraReverseProxyWorkerProcesses Default Value: 4 Config Text: 4 How to modify: N/A
memcache.:servers
NGINX Keyword: memcache.:servers Description: List of known memcache servers (i.e. servers having imapproxy service enabled) Controlling Attribute: (none) Default Value: [] Current Value: [<server>:11211] Config Text: servers <server>:11211; How to modify: N/A
memcache.reconnect
NGINX Keyword: memcache.reconnect Description: Time (ms) after which NGINX will attempt to re-establish a broken connection to a memcache server Controlling Attribute: zimbraReverseProxyCacheReconnectInterval Default Value: 60000 Config Text: 60000ms How to modify: N/A
memcache.timeout
NGINX Keyword: memcache.timeout Description: Time (ms) given to a cache-fetch operation to complete Controlling Attribute: zimbraReverseProxyCacheFetchTimeout Default Value: 3000 Config Text: 3000ms How to modify: N/A
memcache.ttl
NGINX Keyword: memcache.ttl Description: Time interval (ms) for which cached entries remain in memcache Controlling Attribute: zimbraReverseProxyCacheEntryTTL Default Value: 3600000 Config Text: 3600000ms How to modify: N/A
memcache.unqual
NGINX Keyword: memcache.unqual Description: Deprecated - always set to false Controlling Attribute: (none) Default Value: false Config Text: off How to modify: N/A
web.:routehandlers
NGINX Keyword: web.:routehandlers Description: List of web route lookup handlers (i.e. servers for which zimbraReverseProxyLookupTarget is true) Controlling Attribute: zimbraReverseProxyLookupTarget Default Value: [] Current Value: [<server>:7072] Config Text: zmroutehandlers <server>:7072/service/extension/nginx-lookup; How to modify: N/A
web.enabled
NGINX Keyword: web.enabled Description: Indicates whether HTTP proxying is enabled Controlling Attribute: zimbraReverseProxyHttpEnabled Default Value: false Config Text: How to modify: N/A
web.http.enabled
NGINX Keyword: web.http.enabled Description: Indicates whether HTTP Proxy will accept connections on HTTP (true unless zimbraReverseProxyMailMode is 'https') Controlling Attribute: (none) Default Value: true Config Text: How to modify: N/A
web.http.maxbody
NGINX Keyword: web.http.maxbody Description: Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413 Controlling Attribute: zimbraFileUploadMaxSize Default Value: 10485760 Config Text: 10485760 How to modify: N/A
web.http.port
NGINX Keyword: web.http.port Description: Web Proxy HTTP Port Controlling Attribute: zimbraMailProxyPort Default Value: 0 Config Text: 80 How to modify: N/A
web.http.uport
NGINX Keyword: web.http.uport Description: Web upstream server port Controlling Attribute: zimbraMailPort Default Value: 80 Config Text: 7070 How to modify: N/A
web.https.enabled
NGINX Keyword: web.https.enabled Description: Indicates whether HTTP Proxy will accept connections on HTTPS (true unless zimbraReverseProxyMailMode is 'http') Controlling Attribute: (none) Default Value: true Config Text: How to modify: N/A
web.https.maxbody
NGINX Keyword: web.https.maxbody Description: Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413 Controlling Attribute: zimbraFileUploadMaxSize Default Value: 10485760 Config Text: 10485760 How to modify: N/A
web.https.port
NGINX Keyword: web.https.port Description: Web Proxy HTTPS Port Controlling Attribute: zimbraMailSSLProxyPort Default Value: 0 Config Text: 443 How to modify: N/A
web.mailmode
NGINX Keyword: web.mailmode Description: Reverse Proxy Mail Mode - can be http|https|both|redirect|mixed Controlling Attribute: zimbraReverseProxyMailMode Default Value: both Config Text: mixed How to modify: N/A
web.routetimeout
NGINX Keyword: web.routetimeout Description: Time interval (ms) given to web route lookup handler to respond to route lookup request (after this time elapses, Proxy fails over to next handler, or fails the request if there are no more lookup handlers) Controlling Attribute: (none) Default Value: 15000 Config Text: 15000ms How to modify: N/A
web.ssl.cert
NGINX Keyword: web.ssl.cert Description: Web Proxy SSL certificate path Controlling Attribute: (none) Default Value: /opt/zimbra/conf/nginx.crt Config Text: /opt/zimbra/conf/nginx.crt
web.ssl.key
NGINX Keyword: web.ssl.key Description: Web Proxy SSL certificate key Controlling Attribute: (none) Default Value: /opt/zimbra/conf/nginx.key Config Text: /opt/zimbra/conf/nginx.key How to modify: N/A
web.uploadmax
NGINX Keyword: web.uploadmax Description: Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413 Controlling Attribute: zimbraFileUploadMaxSize Default Value: 10485760 Config Text: 10485760 How to modify: N/A
web.upstream.webclient:servers
NGINX Keyword: web.upstream.webclient:servers Description: List of upstream HTTP webclient servers used by Web Proxy (i.e. webclient servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both) Controlling Attribute: zimbraReverseProxyLookupTarget Default Value: [] Current Value: [<server>:7070] Config Text: server <server>:7070; How to modify: N/A
web.upstream.webclient.name
NGINX Keyword: web.upstream.webclient.name Description: Symbolic name for HTTP webclient upstream cluster Controlling Attribute: (none) Default Value: zimbra_webclient Config Text: zimbra_webclient How to modify: N/A
web.upstream.:servers
NGINX Keyword: web.upstream.:servers Description: List of upstream HTTP servers used by Web Proxy (i.e. mailclient servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both) Controlling Attribute: zimbraReverseProxyLookupTarget Default Value: [] Current Value: [<server>:7070] Config Text: server <server>:7070; How to modify: N/A
web.upstream.name
NGINX Keyword: web.upstream.name Description: Symbolic name for HTTP mailclient upstream cluster Controlling Attribute: (none) Default Value: zimbra Config Text: zimbra How to modify: N/A
web.ssl.upstream.webclient:servers
NGINX Keyword: web.ssl.upstream.webclient:servers Description: List of upstream HTTPS webclient servers used by Web Proxy (i.e. webclient servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both) Controlling Attribute: zimbraReverseProxyLookupTarget Default Value: [] Current Value: [<server>:7070] Config Text: server <server>:7070; How to modify: N/A
web.ssl.upstream.webclient.name
NGINX Keyword: web.ssl.upstream.webclient.name Description: Symbolic name for HTTPS webclient upstream cluster Controlling Attribute: (none) Default Value: zimbra_ssl_webclient Config Text: zimbra_ssl_webclient How to modify: N/A
web.ssl.upstream.:servers
NGINX Keyword: web.ssl.upstream.:servers Description: List of upstream HTTPS mailclient servers used by Web Proxy (i.e. mailclient servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both) Controlling Attribute: zimbraReverseProxyLookupTarget Default Value: [] Current Value: [<server>:7070] Config Text: server <server>:7070; How to modify: N/A
web.ssl.upstream.name
NGINX Keyword: web.ssl.upstream.name Description: Symbolic name for HTTP mailclient upstream cluster Controlling Attribute: (none) Default Value: zimbra_ssl Config Text: zimbra_ssl How to modify: N/A
web.admin.upstream.adminclient.:servers
NGINX Keyword: web.admin.upstream.adminclient:servers Description: List of upstream admin client servers used by Web Proxy (i.e. adminclient servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both) Controlling Attribute: zimbraReverseProxyLookupTarget Default Value: [] Current Value: [<server>:7071] Config Text: server <server>:7071; How to modify: N/A
web.admin.upstream.adminclient.name
NGINX Keyword: web.admin.upstream.adminclient.name Description: Symbolic name for admin client upstream cluster Controlling Attribute: (none) Default Value: zimbra_adminclient Config Text: zimbra_adminclient How to modify: N/A
web.admin.upstream.:servers
NGINX Keyword: web.admin.upstream.:servers Description: List of upstream admin servers used by Web Proxy (i.e. admin servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both) Controlling Attribute: zimbraReverseProxyLookupTarget Default Value: [] Current Value: [<server>:7071] Config Text: server <server>:7071; How to modify: N/A
web.admin.upstream.name
NGINX Keyword: web.admin.upstream.name Description: Symbolic name for admin upstream cluster Controlling Attribute: (none) Default Value: zimbra_admin Config Text: zimbra_admin How to modify: N/A
web.upstream.ewsserver:servers
NGINX Keyword: web.upstream.ewsserver:servers Description: List of upstream HTTP EWS servers used by Web Proxy (i.e. servers to which we will proxy EWS requests) Controlling Attribute: zimbraReverseProxyUpstreamEwsServers Default Value: [] Current Value: [<server>:7070] Config Text: server <server>:7070; How to modify: N/A
web.ews.upstream.name
NGINX Keyword: web.upstream.name Description: Symbolic name for HTTP EWS upstream cluster Controlling Attribute: (none) Default Value: zimbra Config Text: zimbra How to modify: N/A
web.ssl.upstream.ewsserver:servers
NGINX Keyword: web.ssl.upstream.ewsserver:servers Description: List of upstream HTTPS EWS servers used by Web Proxy (i.e. servers to which we will proxy EWS requests) Controlling Attribute: zimbraReverseProxyUpstreamEwsServers Default Value: [] Current Value: [<server>:7070] Config Text: server <server>:7070; How to modify: N/A
web.ssl.ews.upstream.name
NGINX Keyword: web.ssl.upstream.name Description: Symbolic name for HTTPS EWS upstream cluster Controlling Attribute: (none) Default Value: zimbra_ssl_ews Config Text: zimbra_ssl_ews How to modify: N/A
web.upstream.loginserver.:servers
NGINX Keyword: web.upstream.loginserver:servers Description: List of upstream HTTP Login servers used by Web Proxy (i.e. servers to which we will proxy login page requests) Controlling Attribute: zimbraReverseProxyUpstreamLoginServers Default Value: [] Current Value: [<server>:7070] Config Text: server <server>:7070; How to modify: N/A
web.login.upstream.name
NGINX Keyword: web.login.upstream.name Description: Symbolic name for HTTP Login upstream cluster Controlling Attribute: (none) Default Value: zimbra_login Config Text: zimbra_login How to modify: N/A
web.ssl.upstream.loginserver.:servers
NGINX Keyword: web.ssl.upstream.loginserver:servers Description: List of upstream HTTP Login servers used by Web Proxy (i.e. servers to which we will proxy login page requests) Controlling Attribute: zimbraReverseProxyUpstreamLoginServers Default Value: [] Current Value: [<server>:7070] Config Text: server <server>:7070; How to modify: N/A
web.ssl.login.upstream.name
NGINX Keyword: web.ssl.login.upstream.name Description: Symbolic name for HTTPS Login upstream cluster Controlling Attribute: (none) Default Value: zimbra_ssl_login Config Text: zimbra_ssl_login How to modify: N/A
max_fails
NGINX Keyword: max_fails Description: The max number of unsuccessful attempts to connect to the current server (as an upstream). If this number is reached, proxy will refuse to connect to the current server, wait for zimbraMailProxyReconnectTimeout and then try to reconnect. Default value is 1. Setting this to 0 means turning this check off. Controlling Attribute: zimbraMailProxyMaxFails Default Value: 1 Config Text: server <server hostname>:<port> max_fails=<value> How to modify: zmprov mcf zimbraMailProxyMaxFails <value>
fail_timeout
NGINX Keyword: fail_timeout Description: The time in sec that proxy will reconnect the current server (as an upstream) after connection errors happened before Controlling Attribute: zimbraMailProxyReconnectTimeout Default Value: 60 Config Text: server <server hostname>:<port> fail_timeout=<value> How to modify: zmprov mcf zimbraMailProxyReconnectTimeout <value>
version
NGINX Keyword: version Description: Current version of ZCS installed on this server Controlling Attribute: zimbraServerVersion Default Value: None Config Text: server <server hostname>:<port> version=<value> How to modify: Should not be modified. Set by the installer