Zimbra Proxy Manual:Zimbra Proxy Related CLI Commands: Difference between revisions

Line 159: Line 159:


=====First Node - LDAP-MTA-PROXY=====
=====First Node - LDAP-MTA-PROXY=====
<pre>
$ zmprov gs `zmhostname` zimbraReverseProxySSLToUpstreamEnabled zimbraReverseProxyLookupTarget \
zimbraReverseProxyHttpEnabled zimbraMailReferMode zimbraMailPort zimbraMailProxyPort zimbraMailSSLPort  \
zimbraMailSSLProxyPort zimbraMailMode zimbraReverseProxyMailEnabled zimbraReverseProxyMailMode \
zimbraImapBindPort zimbraImapProxyBindPort zimbraImapSSLBindPort zimbraImapSSLProxyBindPort \
zimbraImapCleartextLoginEnabled zimbraPop3BindPort zimbraPop3ProxyBindPort zimbraPop3SSLBindPort \
zimbraPop3SSLProxyBindPort zimbraPop3CleartextLoginEnabled zimbraAdminPort zimbraAdminProxyPort \
zimbraReverseProxyAdminEnabled ; zmprov gs `zmhostname` zimbraServiceEnabled | egrep 'memcache|proxy|mailbox'
# name 850-ldap2.zimbra.DOMAIN.com
zimbraAdminPort: 7071
zimbraAdminProxyPort: 9071
zimbraImapBindPort: 7143
zimbraImapCleartextLoginEnabled: FALSE
zimbraImapProxyBindPort: 143
zimbraImapSSLBindPort: 7993
zimbraImapSSLProxyBindPort: 993
zimbraMailPort: 8080
zimbraMailProxyPort: 80
zimbraMailReferMode: wronghost
zimbraMailSSLPort: 8443
zimbraMailSSLProxyPort: 443
zimbraPop3BindPort: 7110
zimbraPop3CleartextLoginEnabled: FALSE
zimbraPop3ProxyBindPort: 110
zimbraPop3SSLBindPort: 7995
zimbraPop3SSLProxyBindPort: 995
zimbraReverseProxyAdminEnabled: FALSE
zimbraReverseProxyHttpEnabled: TRUE
zimbraReverseProxyLookupTarget: FALSE
zimbraReverseProxyMailEnabled: TRUE
zimbraReverseProxyMailMode: https
zimbraReverseProxySSLToUpstreamEnabled: TRUE
zimbraServiceEnabled: memcached
zimbraServiceEnabled: proxy
</pre>


=====Second Node - Mailstore Node=====
=====Second Node - Mailstore Node=====

Revision as of 04:44, 12 September 2014

General Proxy Overview
Overview And Planning For Zimbra Proxy Installing , Configuring, Disabling the Zimbra Proxy Zimbra Proxy Related CLI Commands Troubleshooting Zimbra Proxy

Advanced Topics
Configuration And Template Files And Proxy Related Variables Advanced Proxy Configuration Examples via CLI Miscellaneous Topics Zimbra Proxy Manual:Adding Additional Reverse Proxy To Zimbra Proxy


Admin Article

Article Information

This article applies to the following ZCS versions.

ZCS 8.5 Article ZCS 8.5 ZCS 8.0 Article ZCS 8.0


Zimbra Proxy Related CLI Commands

zmproxyconfig


Source: http://wiki.zimbra.com/wiki/Zimbra_Proxy_Guide#Proxy_config_rewrite.28zmproxyconfgen.29.2C_zmproxyconfig_and_zmproxyctl

Syntax And Usage

/opt/zimbra/libexec/zmproxyconfig help

Usage: /opt/zimbra/libexec/zmproxyconfig [-h] [-o] [-m] [-w] [-d [-r] [-s] [-a w1:w2:w3:w4] [-c [-n n1:n2]] [-i p1:p2:p3:p4] [-p p1:p2:p3:p4] [-x mailmode]] [-e [-a w1:w2:w3:w4] -C] [-n n1:n2 [-i p1:p2:p3:p4] [-p p1:p2:p3:p4] [-u|-U] [-x mailmode]] [-f] -H hostname

Description

-h: display this help message

-H: Hostname of server on which enable/disable proxy functionality.

-a: Colon separated list of Web ports to use. Format: HTTP-STORE:HTTP-PROXY:HTTPS-STORE:HTTPS-PROXY (Ex: 8080:80:8443:443)

-d: disable proxy

-e: enable proxy

-f: Full reset on memcached port and search queries and POP/IMAP throttling.

-i: Colon separated list of IMAP ports to use. Format: IMAP-STORE:IMAP-PROXY:IMAPS-STORE:IMAPS-PROXY (Ex: 7143:143:7993:993)

-m: Toggle mail proxy portions

-o: Override enabled checks

-p: Colon separated list of POP ports to use. Format: POP-STORE:POP-PROXY:POPS-STORE:POPS-PROXY (Ex: 7110:110:7995:995)

-r: Run against a remote host. Note that this requires the server to be properly configured in the LDAP master.

-s: Set cleartext to FALSE (secure mode) on disable

-t: Disable reverse proxy lookup target for store server. Only valid with -d. Be sure that you intend for all proxy function for the server to be disabled

-w: Toggle Web proxy portions

-c: Disable Admin Console proxy portions.

-C: Enable Admin Console proxy portions.

-n: Colon separated list of Admin Console ports to use. Format: ADMIN-CONSOLE-STORE:ADMIN-CONSOLE-PROXY (Ex: 7071:9071)

-x: the proxy mail mode when enable proxy, or the store mail mode when disable proxy (Both default: http).

-u: disable SSL connection from proxy to mail store.

-U: enable SSL connection from proxy to mail store.

hostname is the value of the zimbra_server_hostname LC key for the server being modified.

Required options are -f by itself, or -f with -d or -e.

Note that -d or -e require one or both of -m and -w.

Note that -i or -p require -m.

Note that -a requires -w.

Note that -c/-C requires -w, and -n requires -c/-C. When disabling web proxy, admin console proxy will be automatically disabled.

Note that -u or -U are only available when proxy is enabled by -e.

Note that -x requires -w and -d for store.

Note that -x requires -w for proxy.

Note that no matter what mail mode is set by -x and no matter proxy is enabled or disabled, admin console's mode is always https.

The following are the defaults for -a, -i, -p, and -x if they are not supplied as options.

-a default on enable: 8080:80:8443:443

-a default on disable: 80:0:443:0

-i default on enable: 7143:143:7993:993

-i default on disable: 143:7143:993:7993

-p default on enable: 7110:110:7995:995

-p default on disable: 110:7110:995:7995

-n default on enable: 7071:9071

-n default on disable: 7071:9071

-x default on store disable: http

-x default on proxy enable/disable: http, but -x default on proxy enable when upstream ssl connection is enabled: https

eg. To change the value of zimbraReverseProxySSLToUpstreamEnabled from TRUE(default) to FALSE (i.e use http for the proxy<->mailstore connections instead of https), execute this on the server running the proxy

/opt/zimbra/libexec/zmproxyconfig -e -m -w -H <hostname> -u

You will have to restart the proxy after this by running 'zmproxyctl restart'

  • Note: zmproxyconfig is no longer required to enable the proxy if you are doing a fresh installation of ZCS with proxy. The installer already runs this and the proxy is enabled for imap/pop/https access by default. Although it is needed while trying to deploy proxy in existing non-proxy environments when using the existing servers. Kindly refer http://wiki.zimbra.com/wiki/Enabling_Zimbra_Proxy#Using_existing_servers

To See What Current Server Values Are Set As

Single ZCS Server With All Packages Installed Example

For example, from a ZCS 8.5.0 single server with ALL packages installed :

$ zmprov gs `zmhostname` zimbraReverseProxySSLToUpstreamEnabled zimbraReverseProxyLookupTarget \
zimbraReverseProxyHttpEnabled zimbraMailReferMode zimbraMailPort zimbraMailProxyPort zimbraMailSSLPort  zimbraMailSSLProxyPort \
zimbraMailMode zimbraReverseProxyMailEnabled zimbraReverseProxyMailMode zimbraImapBindPort zimbraImapProxyBindPort \
zimbraImapSSLBindPort zimbraImapSSLProxyBindPort zimbraImapCleartextLoginEnabled zimbraPop3BindPort zimbraPop3ProxyBindPort \
zimbraPop3SSLBindPort zimbraPop3SSLProxyBindPort zimbraPop3CleartextLoginEnabled zimbraAdminPort zimbraAdminProxyPort \
zimbraReverseProxyAdminEnabled ; zmprov gs `zmhostname` zimbraServiceEnabled | egrep 'memcache|proxy|mailbox'

# name 850-ldap2.zimbra.DOMAIN.com
zimbraAdminPort: 7071
zimbraAdminProxyPort: 9071
zimbraImapBindPort: 7143
zimbraImapCleartextLoginEnabled: TRUE
zimbraImapProxyBindPort: 143
zimbraImapSSLBindPort: 7993
zimbraImapSSLProxyBindPort: 993
zimbraMailMode: https
zimbraMailPort: 8080
zimbraMailProxyPort: 80
zimbraMailReferMode: reverse-proxied
zimbraMailSSLPort: 8443
zimbraMailSSLProxyPort: 443
zimbraPop3BindPort: 7110
zimbraPop3CleartextLoginEnabled: TRUE
zimbraPop3ProxyBindPort: 110
zimbraPop3SSLBindPort: 7995
zimbraPop3SSLProxyBindPort: 995
zimbraReverseProxyAdminEnabled: FALSE
zimbraReverseProxyHttpEnabled: TRUE
zimbraReverseProxyLookupTarget: TRUE
zimbraReverseProxyMailEnabled: TRUE
zimbraReverseProxyMailMode: https
zimbraReverseProxySSLToUpstreamEnabled: TRUE

zimbraServiceEnabled: mailbox
zimbraServiceEnabled: memcached
zimbraServiceEnabled: proxy

Multi-Server Examples

First Node - LDAP-MTA-PROXY
$ zmprov gs `zmhostname` zimbraReverseProxySSLToUpstreamEnabled zimbraReverseProxyLookupTarget \
zimbraReverseProxyHttpEnabled zimbraMailReferMode zimbraMailPort zimbraMailProxyPort zimbraMailSSLPort  \
zimbraMailSSLProxyPort zimbraMailMode zimbraReverseProxyMailEnabled zimbraReverseProxyMailMode \
zimbraImapBindPort zimbraImapProxyBindPort zimbraImapSSLBindPort zimbraImapSSLProxyBindPort \
zimbraImapCleartextLoginEnabled zimbraPop3BindPort zimbraPop3ProxyBindPort zimbraPop3SSLBindPort \
zimbraPop3SSLProxyBindPort zimbraPop3CleartextLoginEnabled zimbraAdminPort zimbraAdminProxyPort \
zimbraReverseProxyAdminEnabled ; zmprov gs `zmhostname` zimbraServiceEnabled | egrep 'memcache|proxy|mailbox'

# name 850-ldap2.zimbra.DOMAIN.com
zimbraAdminPort: 7071
zimbraAdminProxyPort: 9071
zimbraImapBindPort: 7143
zimbraImapCleartextLoginEnabled: FALSE
zimbraImapProxyBindPort: 143
zimbraImapSSLBindPort: 7993
zimbraImapSSLProxyBindPort: 993
zimbraMailPort: 8080
zimbraMailProxyPort: 80
zimbraMailReferMode: wronghost
zimbraMailSSLPort: 8443
zimbraMailSSLProxyPort: 443
zimbraPop3BindPort: 7110
zimbraPop3CleartextLoginEnabled: FALSE
zimbraPop3ProxyBindPort: 110
zimbraPop3SSLBindPort: 7995
zimbraPop3SSLProxyBindPort: 995
zimbraReverseProxyAdminEnabled: FALSE
zimbraReverseProxyHttpEnabled: TRUE
zimbraReverseProxyLookupTarget: FALSE
zimbraReverseProxyMailEnabled: TRUE
zimbraReverseProxyMailMode: https
zimbraReverseProxySSLToUpstreamEnabled: TRUE

zimbraServiceEnabled: memcached
zimbraServiceEnabled: proxy
Second Node - Mailstore Node

zmproxyctl


Syntax

zmproxyctl help

Usage : /opt/zimbra/bin/zmproxyctl start|stop|restart|reload|status

Description

zmprov


Syntax

zmprov [cmd]

Description

Long Name Short Name Description
--getAllReverseProxyURLs -garpu Used to list all the upstream mailstore servers (NLEs) that should be used for reverse proxy lookup by the proxy
--getAllReverseProxyBackends -garpb Used to list all the upstream mailstore servers that are reverse-proxied by the proxy
--getAllMtaAuthURLs -gamau Used to publish into saslauthd.conf the servers that should be used for saslauthd.conf MTA auth
--getAllMemcachedServers -gamcs Used to list memcached servers (for Zimbra Proxy use)

zmproxyconfgen


Syntax

Description

zmnginxconf


Syntax

Description

Will be functional again with Bug 95169 being fixed.

zmproxypurge


Syntax

Description

zmproxyinit [ deprecated since ???]


Description

This command is no longer used on any supported versions of ZCS. See zmproxyconfig .

Jump to: navigation, search