Difference between revisions of "Zimbra with Apache using mod jk - mod proxy - mod proxy ajp"

(Update for Zimbra 5.0 (Jetty) and mod_proxy_ajp; major re-organization and cleanup)
m
Line 237: Line 237:
 
* Enable ''mod_jk''.  Under Ubuntu, use the command:
 
* Enable ''mod_jk''.  Under Ubuntu, use the command:
 
<pre>sudo a2enmod jk</pre>
 
<pre>sudo a2enmod jk</pre>
 +
* Restart Apache.  Under Ubuntu, use the command:
 +
<pre>sudo /etc/init.d/apache2 force-reload</pre>
  
 
== Known Issues ==
 
== Known Issues ==

Revision as of 04:33, 24 December 2007

These instructions will enable access to Zimbra and other web applications/pages through the same host/port.

For example, if the Zimbra web interface is running at http://your.domain.com:8080/, and a separate instance of Apache is running at http://your.domain.com/, follow these steps to enable access to the Zimbra web interface through http://your.domain.com/zimbra/.

Disclaimer

This procedure is not fully verified, so follow these directions at your own risk. Particularly, note that using mod_proxy requires you to secure your server first, according to the Apache documentation. Please edit this page if something is wrong or incomplete.

Methods

There are two different ways of accomplishing this:

  1. Creating an HTTP proxy to the Zimbra web interface, using Apache's mod_proxy. (This method is easier but is generally considered to be less secure.)
  2. Configuring the Zimbra web interface for the Apache JServ Protocol (AJP), and then using Apache's mod_proxy_ajp or mod_jk to access it.

Prerequisites

Zimbra and Apache should both be installed.

If you are installing Apache after installing Zimbra, you may first need to change the specific port numbers that the Zimbra web interface uses. For example, if you originally configured Zimbra to use port 80, you will need to change it to another port (such as 8080) in order for Apache to run on port 80. You can do this with the zmprov command.

These instructions include the commands to use under Ubuntu Linux, which may need to be modified slightly under other distributions.

Using an HTTP proxy

  • Install and enable mod_proxy in Apache. Under Ubuntu, mod_proxy is installed by default, so just use this command to enable it:
sudo a2enmod proxy
  • Create a new Apache site for Zimbra. Under Ubuntu, add these lines to a new file named /etc/apache2/sites-available/zimbra:
<IfModule mod_proxy.c>
ProxyRequests On
ProxyVia On

<Location "/service">
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
    Allow from 192.168.0.5
    Allow from your.domain.com
    # modify this to your needs, but do not skip this step!

    ProxyPass http://localhost:8080/service
    ProxyPassReverse http://localhost:8080/service
</Location>

<Location "/zimbra">
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
    Allow from 192.168.0.5
    Allow from your.domain.com
    # modify this to your needs, but do not skip this step!

    ProxyPass http://localhost:8080/zimbra
    ProxyPassReverse http://localhost:8080/zimbra
</Location>

</IfModule>
  • Enable the site. Under Ubuntu, use the command:
sudo a2ensite zimbra

(Instead of creating a site, you could also add the previous configuration block to either apache2.conf, httpd.conf, or to a new file in conf.d/.)

  • Restart Apache. Under Ubuntu, use the command:
sudo /etc/init.d/apache2 force-reload

Using Apache JServ Protocol

The application server (Tomcat for Zimbra 4.5 and earlier, or Jetty for Zimbra 5.0) will be configured to bind to port 8009, in addition to the other ports that it is currently bound to for the Zimbra web interface. The application server will serve requests on this port using the Apache JServ Protocol (AJP). Then Apache will be configured to access Zimbra through this port with AJP, using either mod_proxy_ajp or mod_jk.

Configuring the application server

For Zimbra 5.0

Edit the file /opt/zimbra/jetty/etc/jetty.xml.in:

  • Search for these lines:
    <!-- =========================================================== -->
    <!-- Set connectors                                              -->
    <!-- =========================================================== -->
  • Below them, add the following:
    <Call name="addConnector">
      <Arg>
        <New id="ajp" class="org.mortbay.jetty.ajp.Ajp13SocketConnector">
          <Set name="port">8009</Set>
        </New>
      </Arg>
    </Call>


Next, edit the file /opt/zimbra/jetty/etc/service.web.xml.in:

  • Search for instances of the allowed.ports parameter, which will look like this:
    <init-param>
      <param-name>allowed.ports</param-name>
      <param-value>%%zimbraMailPort%%, %%zimbraMailSSLPort%%, 7070, 7443, 7071</param-value>
    </init-param>
  • If the parameter value contains %%zimbraMailPort%% and %%zimbraMailSSLPort%%, as above, then add port 8009 to the end of the list, like this:
...
      <param-value>%%zimbraMailPort%%, %%zimbraMailSSLPort%%, 7070, 7443, 7071, 8009</param-value>
...
  • If you wish to enable access to the Zimbra administrative web interface, then also perform the above step on any instance of allowed.ports in which the value contains 7071.


Finally, restart the application server. Under Ubuntu, type:

sudo -u zimbra /opt/zimbra/bin/zmcontrol stop
sudo -u zimbra /opt/zimbra/bin/zmcontrol start

For Zimbra 4.5 and earlier

Edit the file /opt/zimbra/tomcat/conf/server.xml.in:

  • Search for these lines in the file, and note the value of redirectPort:
<!-- HTTPBEGIN -->
<Connector port="6080"
        acceptCount="1024"
        enableLookups="false" redirectPort="6443"
        maxThreads="100" minSpareThreads="100" maxSpareThreads="100"/>
<!-- HTTPEND -->
  • Then find this line:
<Engine name="Catalina" defaultHost="localhost">
  • Just before this line, add the following:
<!-- AJPBEGIN -->
<Connector port="8009"
        acceptCount="1024"
        enableLookups="false" redirectPort="6443"
        protocol="AJP/1.3" />
<!-- AJPEND -->

where 6443 is the same as the value of redirectPort found above.


Next, edit the files /opt/zimbra/tomcat/conf/service.web.xml.in and /opt/zimbra/tomcat/conf/zimbra.web.xml.in (and, if you would like to access the Zimbra administrative web interface, /opt/zimbra/tomcat/conf/zimbraAdmin.web.xml.in):

  • Search for instances of the allowed.ports parameter, which will look like this:
    <init-param>
      <param-name>allowed.ports</param-name>
      <param-value>8080, 8443, 7070, 7443, 7071</param-value>
    </init-param>
  • For each instance, add ports 80 and 443 to the end of the list, like this:
...
      <param-value>8080, 8443, 7070, 7443, 7071, 80, 443</param-value>
...


Finally, restart the application server. Under Ubuntu, type:

sudo -u zimbra /opt/zimbra/bin/zmcontrol stop
sudo -u zimbra /opt/zimbra/bin/zmcontrol start

Configuring Apache

Using mod_proxy_ajp

  • Enable mod_proxy_ajp. Under Ubuntu, use the command:
sudo a2enmod proxy_ajp
  • Create a new Apache site for Zimbra. Under Ubuntu, add these lines to a new file named /etc/apache2/sites-available/zimbra:
<IfModule mod_proxy_ajp.c>
ProxyRequests On
ProxyVia On

<Location /service>
Order allow,deny
Allow from all
ProxyPass ajp://localhost:8009/service
ProxyPassReverse ajp://localhost:8009/service
</Location>

<Location /zimbra>
Order allow,deny
Allow from all
ProxyPass ajp://localhost:8009/zimbra
ProxyPassReverse ajp://localhost:8009/zimbra
</Location>

<!-- Uncomment these lines to enable access to the Zimbra administrative web interface
<Location /zimbraAdmin>
Order allow,deny
Allow from all
ProxyPass ajp://localhost:8009/zimbraAdmin
ProxyPassReverse ajp://localhost:8009/zimbraAdmin
</Location>
-->

</IfModule>
  • Enable the site. Under Ubuntu, use the command:
sudo a2ensite zimbra

(Instead of creating a site, you could also add the previous configuration block to either apache2.conf, httpd.conf, or to a new file in conf.d/.)

  • Restart Apache. Under Ubuntu, use the command:
sudo /etc/init.d/apache2 force-reload

Using mod_jk

  • Install mod_jk for Apache. Under Ubuntu, use the command:
sudo apt-get install libapache2-mod-jk
  • In the Apache configuration directory (/etc/apache2 in Ubuntu), create a file named workers.properties and add the following lines to it:
worker.list=zimbra
worker.zimbra.type=ajp13
worker.zimbra.host=localhost
worker.zimbra.port=8009
worker.zimbra.lbfactor=1
  • Add configuration for mod_jk to Apache. Under Ubuntu, create a file named /etc/apache2/mods-available/jk.conf and add the following lines:
# Modify the following two paths, according to your distribution's filesystem layout
JkWorkersFile       /etc/apache2/workers.properties
JkLogFile           /var/log/apache2/jk.log
JkLogLevel          info
JkLogStampFormat    "[%a %b %d %H:%M:%S %Y] "
JkRequestLogFormat  "%w %V %T"
JkOptions           +ForwardKeySize +ForwardURICompat -ForwardDirectories

JkMount             /zimbra         zimbra
JkMount             /zimbra/        zimbra
JkMount             /zimbra/*       zimbra
JkMount             /service        zimbra
JkMount             /service/       zimbra
JkMount             /service/*      zimbra

# Add the following lines to enable access to the Zimbra administrative web interface
JkMount             /zimbraAdmin    zimbra
JkMount             /zimbraAdmin/   zimbra
JkMount             /zimbraAdmin/*  zimbra

(Alternatively, you can add the previous block to either apache2.conf, httpd.conf, or a new file in conf.d/.)

  • Enable mod_jk. Under Ubuntu, use the command:
sudo a2enmod jk
  • Restart Apache. Under Ubuntu, use the command:
sudo /etc/init.d/apache2 force-reload

Known Issues

When using the Documents Wiki (zmwiki), the links on the wiki page use the port that Zimbra is configured for (i.e., 8080). Currently, you must copy the link to the address bar in your browser, and change the port number in the address.

Credits

Thanks to everyone at the Forums for posting about their problems and efforts in trying to run Zimbra with Apache using mod_jk. Also, thanks to the original Using_Tomcat_with_Apache_(mod_jk) entry (a lot has been borrowed from it). This how-to is a result of their efforts.

See Also

Jump to: navigation, search