Zimbra Proxy Manual:Configuration And Template Files And Proxy Related Variables

Zimbra Proxy Manual: Configuration And Template Files And Proxy Related Variables

   KB 21165        Last updated on 2016-06-7  




0.00
(0 votes)

Nginx Configuration Overview

Zimbra NGINX Proxy has a hierarchical configuration structure. Top level configuration files include other functionality-specific configuration files. The main configuration file is /opt/zimbra/conf/nginx.conf, and this includes other configuration files as per the hierarchy below. Each configuration file usually defines and/or references one or more directives. For a complete list of NGINX Proxy Configuration Directives, please refer to NGINX Configuration Directive Reference

Each NGINX configuration file is generated from a corresponding template file. A template file looks exactly the same as its corresponding configuration file, with the difference that the template file contains keywords which are expanded by the Proxy Config Generator, and the configuration file is produced as a result

Understanding The Zimbra Proxy Config Rewrite


zmproxyconfgen , zmproxyconfig and zmproxyctl

One changes the proxy environment variables with either zmproxyconfig or zmprov . After you make your changes, zmproxyctl restart is ran, which will restart the proxy service and invoke zmproxyconfgen in the background. The zmproxyconfgen script reads in the proxy configuration template files and generates the NGINX config files after performing keyword substitution on the template files with values from the LDAP configuration. zmproxyconfgen is usually never invoked directly -- it is invoked automatically by zmproxyctl.

To change multiple LDAP attributes related to the proxy at once (i.e any of the zimbraReverseProxy* attrs) instead of using zmprov command to change each attribute individually, /opt/zimbra/libexec/zmproxyconfig can be used. The usage for this script see Ajcody-Proxy-Guide-Rewrite-Project#zmproxyconfig

You will have to restart the proxy after modifying your proxy server with zmproxyconfig by running 'zmproxyctl restart' .

  • Note: zmproxyconfig is no longer required to enable the proxy if you are doing a fresh installation of ZCS with proxy. The installer already runs this and the proxy is enabled for imap/pop/https access by default. Although it is needed while trying to deploy proxy in existing non-proxy environments when using the existing servers. Kindly refer http://wiki.zimbra.com/wiki/Enabling_Zimbra_Proxy#Using_existing_servers

zmconfigd

* More details needed.

Updates to the Nginx configuration files are also done via the zmconfigd processes on your proxy and mailstore nodes.

Config Files And Config Templates


Source: http://wiki.zimbra.com/wiki/Zimbra_Proxy_Guide#Config_Files_and_Config_Templates

To simplify configuration, the Nginx configuration files have been split up into different config files based on functionality. The main, top-level configuration file is /opt/zimbra/conf/nginx.conf, and this file includes the main config, memcache config, mail config, and web config files. The mail config in turn includes the configuration for imap, imaps, pop3 and pop3s. The web config includes the configuration for http and https. The template files follow exactly the same inclusion hierarchy, and each configuration file has a corresponding template file from which it is generated. Each template file resides in /opt/zimbra/conf/nginx/templates/ Each corresponding config file resides in /opt/zimbra/conf/nginx/includes/ (excluding top-level config file which is /opt/zimbra/conf/nginx/nginx.conf)

Nginx Configuration File Hierarchy

The symbol |_ indicates that a file is included by the one above it. Increasing levels of indentation indicate lower levels of config files

   /opt/zimbra/conf/nginx.conf
    |_ /opt/zimbra/conf/nginx/includes/nginx.conf.main
    |_ /opt/zimbra/conf/nginx/includes/nginx.conf.memcache
    |_ /opt/zimbra/conf/nginx/includes/nginx.conf.zmlookup
    |_ /opt/zimbra/conf/nginx/includes/nginx.conf.mail
       |_ /opt/zimbra/conf/nginx/includes/nginx.conf.mail.imap.default
       |_ /opt/zimbra/conf/nginx/includes/nginx.conf.mail.imaps.default
       |_ /opt/zimbra/conf/nginx/includes/nginx.conf.mail.pop3.default
       |_ /opt/zimbra/conf/nginx/includes/nginx.conf.mail.pop3s.default
    |_ /opt/zimbra/conf/nginx/includes/nginx.conf.web
       |_ /opt/zimbra/conf/nginx/includes/nginx.conf.web.http.default
       |_ /opt/zimbra/conf/nginx/includes/nginx.conf.web.https.default
       |_ /opt/zimbra/conf/nginx/includes/nginx.conf.web.admin.default  
       |_ /opt/zimbra/conf/nginx/includes/nginx.conf.web.sso.default

Description Of The Nginx Configuration Files

/opt/zimbra/conf/nginx.conf


  • /opt/zimbra/conf/nginx.conf
Description:
This is the main top-level Nginx configuration file. It defines the working directory for Nginx worker processes (/opt/zimbra), and includes the main, memcache, mail, and web configuration files. When Nginx Proxy starts, it reads this configuration file first
Template:
/opt/zimbra/conf/nginx/templates/nginx.conf.template
Includes:
/opt/zimbra/conf/nginx/includes/nginx.conf.main
/opt/zimbra/conf/nginx/includes/nginx.conf.memcache
/opt/zimbra/conf/nginx/includes/nginx.conf.zmlookup
/opt/zimbra/conf/nginx/includes/nginx.conf.mail
/opt/zimbra/conf/nginx/includes/nginx.conf.web

/opt/zimbra/conf/nginx/includes/nginx.conf.main


  • /opt/zimbra/conf/nginx/includes/nginx.conf.main
Description:
This file contains the directives that control the basic Nginx functionality. Defines global parameters for all Nginx worker processes.
Template:
/opt/zimbra/conf/nginx/templates/nginx.conf.main.template
Includes:
None

/opt/zimbra/conf/nginx/includes/nginx.conf.memcache


  • /opt/zimbra/conf/nginx/includes/nginx.conf.memcache
Description:
This file contains the memcache configuration for Nginx. It defines all the memcache servers that are used by Nginx Proxy, and the various cache timeout related settings for cache fetch/store. Common for mail [POP3[S] , IMAP[S]] and web [HTTP[S]].
Template:
/opt/zimbra/conf/nginx/templates/nginx.conf.memcache.template
Includes:
None

/opt/zimbra/conf/nginx/includes/nginx.conf.zmlookup


  • /opt/zimbra/conf/nginx/includes/nginx.conf.zmlookup
Description:
This file contains the zmlookup configuration for Nginx.
Template:
/opt/zimbra/conf/nginx/templates/nginx.conf.zmlookup.template
Includes:
None

/opt/zimbra/conf/nginx/includes/nginx.conf.mail


  • /opt/zimbra/conf/nginx/includes/nginx.conf.mail
Description:
This file contains the common configuration for Mail [POP3[S] And IMAP[S]]. The directives referenced here are usually common across both, POP3[S] and IMAP[S]. Significantly, this file defines the route lookup handlers used by Nginx to discover the mail routes.
Template:
/opt/zimbra/conf/nginx/templates/nginx.conf.mail.template
Includes:
/opt/zimbra/conf/nginx/includes/nginx.conf.mail.imap.default
/opt/zimbra/conf/nginx/includes/nginx.conf.mail.imaps.default
/opt/zimbra/conf/nginx/includes/nginx.conf.mail.pop3.default
/opt/zimbra/conf/nginx/includes/nginx.conf.mail.pop3s.default

/opt/zimbra/conf/nginx/includes/nginx.conf.mail.imap.default


  • /opt/zimbra/conf/nginx/includes/nginx.conf.mail.imap.default
Description:
This file defines the server block for IMAP.
Template:
/opt/zimbra/conf/nginx/templates/nginx.conf.mail.imap.default.template
Includes:
None

/opt/zimbra/conf/nginx/includes/nginx.conf.mail.imaps.default


  • /opt/zimbra/conf/nginx/includes/nginx.conf.mail.imaps.default
Description:
This file defines the server block for IMAPS.
Template:
/opt/zimbra/conf/nginx/templates/nginx.conf.mail.imaps.default.template
Includes:
None

/opt/zimbra/conf/nginx/includes/nginx.conf.mail.pop3.default


  • /opt/zimbra/conf/nginx/includes/nginx.conf.mail.pop3.default
Description:
This file defines the server block for POP3.
Template:
/opt/zimbra/conf/nginx/templates/nginx.conf.template.pop3.default.template
Includes:
None

/opt/zimbra/conf/nginx/includes/nginx.conf.mail.pop3s.default


  • /opt/zimbra/conf/nginx/includes/nginx.conf.mail.pop3s.default
Description:
This file defines the server block for POP3S.
Template:
/opt/zimbra/conf/nginx/templates/nginx.conf.mail.pop3s.default.template
Includes:
None

/opt/zimbra/conf/nginx/includes/nginx.conf.web


  • /opt/zimbra/conf/nginx/includes/nginx.conf.web
Description:
This file contains the common configuration for Web Proxy [HTTP and HTTPS]. The directives here apply HTTP as well as HTTPS. This file also defines the route lookup handlers used by NGINX to discover the web routes.
Template:
/opt/zimbra/conf/nginx/templates/nginx.conf.web.template
Includes:
/opt/zimbra/conf/nginx/includes/nginx.conf.web.http.default
/opt/zimbra/conf/nginx/includes/nginx.conf.web.https.default
/opt/zimbra/conf/nginx/includes/nginx.conf.web.sso.default
/opt/zimbra/conf/nginx/includes/nginx.conf.web.admin.default

/opt/zimbra/conf/nginx/includes/nginx.conf.web.http.default


  • /opt/zimbra/conf/nginx/includes/nginx.conf.web.http.default
Description:
This file defines the server block for HTTP.
Template:
/opt/zimbra/conf/nginx/templates/nginx.conf.web.http.default.template
Includes:
None

/opt/zimbra/conf/nginx/includes/nginx.conf.web.https.default


  • /opt/zimbra/conf/nginx/includes/nginx.conf.web.https.default
Description:
This file defines the server block for HTTPS.
Template:
/opt/zimbra/conf/nginx/templates/nginx.conf.web.https.default.template
Includes:
None

/opt/zimbra/conf/nginx/includes/nginx.conf.web.sso.default


  • /opt/zimbra/conf/nginx/includes/nginx.conf.web.sso.default
Description:
This file defines the server block for Single Sign On (SSO).
Template:
/opt/zimbra/conf/nginx/templates/nginx.conf.web.sso.default.template
Includes:
None

/opt/zimbra/conf/nginx/includes/nginx.conf.web.admin.default


  • /opt/zimbra/conf/nginx/includes/nginx.conf.web.admin.default
Description:
This file defines the server block for NGINX Admin Proxy - Admin console.
Template:
/opt/zimbra/conf/nginx/templates/nginx.conf.web.admin.default.template
Includes:
None

LDAP Proxy Attributes

Introduction to LDAP Proxy Attributes


To check the description, type, default value etc for any of the above attributes, simply do 'zmprov desc -a <attr>'

eg. zmprov desc -a zimbraReverseProxyWorkerConnections

Pre 8.5 Attributes


zimbraReverseProxyWorkerConnections


zimbraReverseProxyWorkerConnections
    Maximum number of connections that an NGINX Proxy worker process is
    allowed to handle
               type : integer
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : server,globalConfig
              flags : serverInherited
           defaults : 10240
                min : 1
                max : 40960
                 id : 725
    requiresRestart : nginxproxy
              since : 5.0.10
    deprecatedSince :

zimbraReverseProxyAdminEnabled


zimbraReverseProxyAdminEnabled
    indicate whether to turn on admin console proxy

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : FALSE
                min : 
                max : 
                 id : 1321
    requiresRestart : 
              since : 8.0.0
    deprecatedSince : 

zimbraReverseProxyAdminIPAddress


zimbraReverseProxyAdminIPAddress
    Allowed reverse proxy IP addresses. Lookup servlet will only generate
    authtokens if request was made from one of these IP addresses

               type : astring
              value : 
           callback : 
          immutable : false
        cardinality : multi
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : 
                min : 
                max : 256
                 id : 697
    requiresRestart : 
              since : 5.0.9
    deprecatedSince : 

zimbraReverseProxyAdminPortAttribute


zimbraReverseProxyAdminPortAttribute
    the attribute that identifies the zimbra admin bind port

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : zimbraAdminPort
                min : 
                max : 
                 id : 700
    requiresRestart : 
              since : 5.0.9
    deprecatedSince : 

zimbraReverseProxyAuthWaitInterval


zimbraReverseProxyAuthWaitInterval
    wait duration before nginx sending back the NO response for failed
    imap/pop3 reverse proxy lookups. Must be in valid duration format:
    {digits}{time-unit}. digits: 0-9, time-unit: [hmsd]|ms. h - hours, m -
    minutes, s - seconds, d - days, ms - milliseconds. If time unit is not
    specified, the default is s(seconds).

               type : duration
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : 10s
                min : 0
                max : 
                 id : 569
    requiresRestart : nginxproxy
              since : 5.0.0
    deprecatedSince : 

zimbraReverseProxyAvailableLookupTargets


zimbraReverseProxyAvailableLookupTargets
    The servers to be included in the proxy lookup handlers list. Proxy
    will only use the servers specified here to do the lookup. Leaving
    empty means using all the servers whose zimbraReverseProxyLookupTarget
    is TRUE.
               type : string
              value : 
           callback : 
          immutable : false
        cardinality : multi
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : 
                min : 
                max : 
                 id : 1379
    requiresRestart : 
              since : 8.0.0
    deprecatedSince : 

zimbraReverseProxyCacheEntryTTL


zimbraReverseProxyCacheEntryTTL
    time interval that an entry cached by NGINX will remain in the cache.
    Must be in valid duration format: {digits}{time-unit}. digits: 0-9,
    time-unit: [hmsd]|ms. h - hours, m - minutes, s - seconds, d - days,
    ms - milliseconds. If time unit is not specified, the default is
    s(seconds).

               type : duration
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : 1h
                min : 0
                max : 
                 id : 732
    requiresRestart : nginxproxy
              since : 5.0.10
    deprecatedSince : 

zimbraReverseProxyCacheFetchTimeout


zimbraReverseProxyCacheFetchTimeout
    time interval that NGINX proxy will wait for a cache result, before
    considering the result as a cache miss. Must be in valid duration
    format: {digits}{time-unit}. digits: 0-9, time-unit: [hmsd]|ms. h -
    hours, m - minutes, s - seconds, d - days, ms - milliseconds. If time
    unit is not specified, the default is s(seconds).

               type : duration
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : 3s
                min : 0
                max : 
                 id : 731
    requiresRestart : nginxproxy
              since : 5.0.10
    deprecatedSince : 

zimbraReverseProxyCacheReconnectInterval


zimbraReverseProxyCacheReconnectInterval
    time interval that NGINX proxy will wait before attempting to
    re-establish a connection to a memcache server that disconnected. Must
    be in valid duration format: {digits}{time-unit}. digits: 0-9,
    time-unit: [hmsd]|ms. h - hours, m - minutes, s - seconds, d - days,
    ms - milliseconds. If time unit is not specified, the default is
    s(seconds).

               type : duration
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : 1m
                min : 0
                max : 
                 id : 730
    requiresRestart : nginxproxy
              since : 5.0.10
    deprecatedSince : 

zimbraReverseProxyClientCertCA


zimbraReverseProxyClientCertCA
    CA certificate for authenticating client certificates in nginx proxy
    (https only)

               type : astring
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server,domain
              flags : domainInherited,serverInherited
           defaults : 
                min : 
                max : 
                 id : 1201
    requiresRestart : 
              since : 7.1.1
    deprecatedSince : 

zimbraReverseProxyClientCertMode


zimbraReverseProxyClientCertMode
    enable authentication via X.509 Client Certificate in nginx proxy
    (https only)

               type : enum
              value : on,off,optional
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server,domain
              flags : domainInherited,serverInherited
           defaults : off
                min : 
                max : 
                 id : 1200
    requiresRestart : 
              since : 7.1.1
    deprecatedSince : 

zimbraReverseProxyConnectTimeout


zimbraReverseProxyConnectTimeout
    Time interval after which NGINX mail proxy will disconnect while
    establishing an upstream IMAP/POP connection. Must be in valid
    duration format: {digits}{time-unit}. digits: 0-9, time-unit:
    [hmsd]|ms. h - hours, m - minutes, s - seconds, d - days, ms -
    milliseconds. If time unit is not specified, the default is
    s(seconds).

               type : duration
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : 120000ms
                min : 0
                max : 
                 id : 797
    requiresRestart : nginxproxy
              since : 6.0.0_BETA1
    deprecatedSince : 

zimbraReverseProxyDefaultRealm


zimbraReverseProxyDefaultRealm
    The default realm that will be used by NGINX mail proxy, when the
    realm is not specified in GSSAPI Authentication

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : 
                min : 
                max : 
                 id : 703
    requiresRestart : nginxproxy
              since : 5.0.9
    deprecatedSince : 

zimbraReverseProxyDnsLookupInServerEnabled


zimbraReverseProxyDnsLookupInServerEnabled
    Control whether force the server side do the DNS lookup and send the
    result IP back to proxy. If set false, the raw address configured
    (e.g. zimbraMailHost) is directly sent to proxy.

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : TRUE
                min : 
                max : 
                 id : 1384
    requiresRestart : 
              since : 8.0.0
    deprecatedSince : 

zimbraReverseProxyDomainNameAttribute


zimbraReverseProxyDomainNameAttribute
    LDAP attribute that contains domain name for the domain

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : zimbraDomainName
                min : 
                max : 
                 id : 547
    requiresRestart : 
              since : 5.0.0
    deprecatedSince : 

zimbraReverseProxyDomainNameQuery


zimbraReverseProxyDomainNameQuery
    LDAP query to find a domain

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : (&(zimbraVirtualIPAddress=${IPADDR})(objectClass=zimbraDomain))
                min : 
                max : 
                 id : 545
    requiresRestart : 
              since : 5.0.0
    deprecatedSince : 

zimbraReverseProxyDomainNameSearchBase


zimbraReverseProxyDomainNameSearchBase
    search base for zimbraReverseProxyDomainNameQuery

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : 
                min : 
                max : 
                 id : 546
    requiresRestart : 
              since : 5.0.0
    deprecatedSince : 

zimbraReverseProxyErrorHandlerURL


zimbraReverseProxyErrorHandlerURL
    the URL of customized proxy error handler. If set, when errors happen
    in proxy, proxy will redirect to this URL with two paras - err: error
    code; up: the addr of upstream server connecting to which the error
    happens

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : 
                min : 
                max : 
                 id : 1332
    requiresRestart : 
              since : 8.0.0
    deprecatedSince : 

zimbraReverseProxyExternalRouteIncludeOriginalAuthusername


zimbraReverseProxyExternalRouteIncludeOriginalAuthusername
    During migrations Nginx lookup handler rewrites non-qualified username
    to fully qualified breaking proxy to external legacy mail platform.
    When zimbraReverseProxyUseExternalRoute is set to TRUE and
    zimbraReverseProxyExternalRouteIncludeOriginalAuthusername is set to
    FALSE nginx lookup handler drops the domain name from the userAccount
    and returns just the username.

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,domain
              flags : domainAdminModifiable,domainInherited
           defaults : FALSE
                min : 
                max : 
                 id : 1454
    requiresRestart : 
              since : 8.0.5
    deprecatedSince : 

zimbraReverseProxyGenConfigPerVirtualHostname


zimbraReverseProxyGenConfigPerVirtualHostname
    Control whether to generate per virtual hostname nginx configuration.
    This would be helpful when multiple virtual host names are defined,
    but they are actually share the same configuration (like ssl cert,
    client CA, ...). This attr has to be set as "TRUE" to enable the
    features like cert per domain.

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : TRUE
                min : 
                max : 
                 id : 1374
    requiresRestart : 
              since : 7.2.0
    deprecatedSince : 

zimbraReverseProxyHttpEnabled


zimbraReverseProxyHttpEnabled
    Whether to enable HTTP proxy

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : FALSE
                min : 
                max : 
                 id : 628
    requiresRestart : nginxproxy
              since : 5.0.3
    deprecatedSince : 

zimbraReverseProxyHttpPortAttribute


zimbraReverseProxyHttpPortAttribute
    attribute that contains http bind port

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : zimbraMailPort
                min : 
                max : 
                 id : 632
    requiresRestart : 
              since : 5.0.5
    deprecatedSince : 

zimbraReverseProxyHttpSSLPortAttribute


zimbraReverseProxyHttpSSLPortAttribute
    attribute that contains http ssl bind port

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : zimbraMailSSLPort
                min : 
                max : 
                 id : 1359
    requiresRestart : 
              since : 8.0.0
    deprecatedSince : 

zimbraReverseProxyIPLoginLimit


zimbraReverseProxyIPLoginLimit
    Sets the upper limit on logins from a remote IP via POP or IMAP to
    this proxy server after which login is rejected with an appropriate
    protocol specific bye response. This counter is cumulative for all
    users that appear to the proxy to be logging in from the same IP
    address. If multiple users appear to the proxy to be logging in from
    the same IP address (usual with NATing), then each of the different
    users login will contribute to increasing the hit counter for that IP
    address, and when the counter eventually exceeds the limit, then the
    connections from that IP address will be throttled. Therefore, all
    users from the same IP will contribute to (and be affected by) this
    counter. Logins using all protocols (POP3/POP3S/IMAP/IMAPS) will
    affect this counter (the counter is aggregate for all protocols, *not*
    separate). If this value is set to 0, then no limiting will take place
    for any IP.

               type : integer
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : 0
                min : 0
                max : 
                 id : 622
    requiresRestart : 
              since : 5.0.3
    deprecatedSince : 

zimbraReverseProxyIPLoginLimitTime


zimbraReverseProxyIPLoginLimitTime
    Sets the time-to-live for the hit counter for IP based login
    throttling. If time is set to 3600 and limit is set to 1000, then it
    means that NGINX should not allow more than 1000 users to log in via
    the proxy from the same IP, within the time interval of an hour. The
    semantics for such a configuration would then be: allow maximum 1000
    users per hour from any given IP address.

               type : integer
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : 3600
                min : 0
                max : 
                 id : 623
    requiresRestart : 
              since : 5.0.3
    deprecatedSince : 

zimbraReverseProxyImapEnabledCapability


zimbraReverseProxyImapEnabledCapability
    NGINX reverse proxy imap capabilities

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : multi
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : IMAP4rev1,ACL,BINARY,CATENATE,CHILDREN,CONDSTORE,ENABLE,ESEARCH,
ESORT,I18NLEVEL=1,ID,IDLE,LIST-EXTENDED,LIST-STATUS,LITERAL+,MULTIAPPEND,NAMESPACE,
QRESYNC,QUOTA,RIGHTS=ektx,SASL-IR,SEARCHRES,SORT,THREAD=ORDEREDSUBJECT,UIDPLUS,
UNSELECT,WITHIN,XLIST
                min : 
                max : 256
                 id : 719
    requiresRestart : nginxproxy
              since : 5.0.10
    deprecatedSince : 

zimbraReverseProxyImapExposeVersionOnBanner


zimbraReverseProxyImapExposeVersionOnBanner
    Whether to expose version on Proxy IMAP banner

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : FALSE
                min : 
                max : 
                 id : 713
    requiresRestart : nginxproxy
              since : 5.0.10
    deprecatedSince : 

zimbraReverseProxyImapPortAttribute


zimbraReverseProxyImapPortAttribute
    attribute that contains imap bind port

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : zimbraImapBindPort
                min : 
                max : 
                 id : 479
    requiresRestart : 
              since : 
    deprecatedSince : 

zimbraReverseProxyImapSSLPortAttribute


zimbraReverseProxyImapSSLPortAttribute
    attribute that contains imap bind port for SSL

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : zimbraImapSSLBindPort
                min : 
                max : 
                 id : 480
    requiresRestart : 
              since : 
    deprecatedSince : 

zimbraReverseProxyImapSaslGssapiEnabled


zimbraReverseProxyImapSaslGssapiEnabled
    whether IMAP SASL GSSAPI is enabled for reverse proxy

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : FALSE
                min : 
                max : 
                 id : 643
    requiresRestart : nginxproxy
              since : 5.0.5
    deprecatedSince : 

zimbraReverseProxyImapSaslPlainEnabled


zimbraReverseProxyImapSaslPlainEnabled
    whether IMAP SASL PLAIN is enabled for reverse proxy

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : TRUE
                min : 
                max : 
                 id : 728
    requiresRestart : nginxproxy
              since : 5.0.10
    deprecatedSince : 

zimbraReverseProxyImapStartTlsMode


zimbraReverseProxyImapStartTlsMode
    on - on the plain POP/IMAP port, starttls is allowed off - no starttls
    is offered on plain port only - you have to use starttls before clear
    text login

               type : enum
              value : on,off,only
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : only
                min : 
                max : 
                 id : 641
    requiresRestart : nginxproxy
              since : 5.0.5
    deprecatedSince : 

zimbraReverseProxyInactivityTimeout


zimbraReverseProxyInactivityTimeout
    Deprecated since: 8.0.0. deprecated in favor of local config
    "imap_max_idle_time", "pop3_max_idle_time",
    "imap_authenticated_max_idle_time" in bug 59685. Orig desc: Time
    interval after which NGINX mail proxy will disconnect an inactive
    IMAP/POP connection. Must be in valid duration format:
    {digits}{time-unit}. digits: 0-9, time-unit: [hmsd]|ms. h - hours, m -
    minutes, s - seconds, d - days, ms - milliseconds. If time unit is not
    specified, the default is s(seconds).

               type : duration
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : 1h
                min : 0
                max : 
                 id : 735
    requiresRestart : nginxproxy
              since : 5.0.10
    deprecatedSince : 8.0.0

zimbraReverseProxyIpThrottleMsg


zimbraReverseProxyIpThrottleMsg
    The error message with which a connection attempt from an IP address
    will be throttled, if the connection count exceeds the configured
    limit

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : Login rejected from this IP
                min : 
                max : 
                 id : 727
    requiresRestart : nginxproxy
              since : 5.0.10
    deprecatedSince : 

zimbraReverseProxyLogLevel


zimbraReverseProxyLogLevel
    Log level for NGINX Proxy error log

               type : enum
              value : debug,info,notice,warn,error,crit,debug_http,debug_mail,debug_core,debug_zimbra
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : info
                min : 
                max : 
                 id : 723
    requiresRestart : nginxproxy
              since : 5.0.10
    deprecatedSince : 

zimbraReverseProxyLookupTarget


zimbraReverseProxyLookupTarget
    whether this server is a reverse proxy lookup target

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : FALSE
                min : 
                max : 
                 id : 504
    requiresRestart : nginxproxy
              since : 
    deprecatedSince : 

zimbraReverseProxyMailEnabled


zimbraReverseProxyMailEnabled
    Whether to enable IMAP/POP proxy

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : TRUE
                min : 
                max : 
                 id : 629
    requiresRestart : nginxproxy
              since : 5.0.3
    deprecatedSince : 

zimbraReverseProxyMailHostAttribute


zimbraReverseProxyMailHostAttribute
    LDAP attribute that contains mailhost for the user

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : zimbraMailHost
                min : 
                max : 
                 id : 474
    requiresRestart : 
              since : 
    deprecatedSince : 

zimbraReverseProxyMailHostQuery


zimbraReverseProxyMailHostQuery
    LDAP query to find a user

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : (|(zimbraMailDeliveryAddress=${USER})(zimbraMailAlias=${USER})(zimbraId=${USER}))
                min : 
                max : 
                 id : 472
    requiresRestart : 
              since : 
    deprecatedSince : 

zimbraReverseProxyMailHostSearchBase


zimbraReverseProxyMailHostSearchBase
    search base for zimbraReverseProxyMailHostQuery

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : 
                min : 
                max : 
                 id : 473
    requiresRestart : 
              since : 
    deprecatedSince : 

zimbraReverseProxyMailImapEnabled


zimbraReverseProxyMailImapEnabled
    Whether to enable IMAP proxy

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : TRUE
                min : 
                max : 
                 id : 1621
    requiresRestart : nginxproxy
              since : 8.5.0
    deprecatedSince : 

zimbraReverseProxyMailImapsEnabled


zimbraReverseProxyMailImapsEnabled
    Whether to enable IMAPs proxy

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : TRUE
                min : 
                max : 
                 id : 1622
    requiresRestart : nginxproxy
              since : 8.5.0
    deprecatedSince : 

zimbraReverseProxyMailMode


zimbraReverseProxyMailMode
    whether to run proxy in HTTP, HTTPS, both, mixed, or redirect mode.
    See also related attributes zimbraMailProxyPort and
    zimbraMailSSLProxyPort

               type : enum
              value : http,https,both,mixed,redirect
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : 
                min : 
                max : 
                 id : 685
    requiresRestart : nginxproxy
              since : 5.0.7
    deprecatedSince : 

zimbraReverseProxyMailPop3Enabled


zimbraReverseProxyMailPop3Enabled
    Whether to enable Pop3 proxy

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : TRUE
                min : 
                max : 
                 id : 1623
    requiresRestart : nginxproxy
              since : 8.5.0
    deprecatedSince : 

zimbraReverseProxyMailPop3sEnabled


zimbraReverseProxyMailPop3sEnabled
    Whether to enable Pop3s proxy

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : TRUE
                min : 
                max : 
                 id : 1624
    requiresRestart : nginxproxy
              since : 8.5.0
    deprecatedSince : 

zimbraReverseProxyPassErrors


zimbraReverseProxyPassErrors
    whether NGINX mail proxy will pass upstream server errors back to the
    downstream email clients

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : TRUE
                min : 
                max : 
                 id : 736
    requiresRestart : nginxproxy
              since : 5.0.10
    deprecatedSince : 

zimbraReverseProxyPop3EnabledCapability


zimbraReverseProxyPop3EnabledCapability
    NGINX reverse proxy pop3 capabilities

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : multi
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : TOP,USER,UIDL,EXPIRE 31 USER,XOIP
                min : 
                max : 256
                 id : 721
    requiresRestart : nginxproxy
              since : 5.0.10
    deprecatedSince : 

zimbraReverseProxyPop3ExposeVersionOnBanner


zimbraReverseProxyPop3ExposeVersionOnBanner
    Whether to expose version on Proxy POP3 banner

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : FALSE
                min : 
                max : 
                 id : 712
    requiresRestart : nginxproxy
              since : 5.0.10
    deprecatedSince : 

zimbraReverseProxyPop3PortAttribute


zimbraReverseProxyPop3PortAttribute
    attribute that contains pop3 bind port

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : zimbraPop3BindPort
                min : 
                max : 
                 id : 477
    requiresRestart : 
              since : 
    deprecatedSince : 

zimbraReverseProxyPop3SSLPortAttribute


zimbraReverseProxyPop3SSLPortAttribute
    attribute that contains pop3 bind port for SSL

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : zimbraPop3SSLBindPort
                min : 
                max : 
                 id : 478
    requiresRestart : 
              since : 
    deprecatedSince : 

zimbraReverseProxyPop3SaslGssapiEnabled


zimbraReverseProxyPop3SaslGssapiEnabled
    whether POP3 SASL GSSAPI is enabled for reverse proxy

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : FALSE
                min : 
                max : 
                 id : 644
    requiresRestart : nginxproxy
              since : 5.0.5
    deprecatedSince : 

zimbraReverseProxyPop3SaslPlainEnabled


zimbraReverseProxyPop3SaslPlainEnabled
    whether POP3 SASL PLAIN is enabled for reverse proxy

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : TRUE
                min : 
                max : 
                 id : 729
    requiresRestart : nginxproxy
              since : 5.0.10
    deprecatedSince : 

zimbraReverseProxyPop3StartTlsMode


zimbraReverseProxyPop3StartTlsMode
    on - on the plain POP/IMAP port, starttls is allowed off - no starttls
    is offered on plain port only - you have to use starttls before clear
    text login

               type : enum
              value : on,off,only
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : only
                min : 
                max : 
                 id : 642
    requiresRestart : nginxproxy
              since : 5.0.5
    deprecatedSince : 

zimbraReverseProxyPortQuery


zimbraReverseProxyPortQuery
    LDAP query to find server object

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : (&(zimbraServiceHostname=${MAILHOST})(objectClass=zimbraServer))
                min : 
                max : 
                 id : 475
    requiresRestart : 
              since : 
    deprecatedSince : 

zimbraReverseProxyPortSearchBase


zimbraReverseProxyPortSearchBase
    search base for zimbraReverseProxyPortQuery

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : 
                min : 
                max : 
                 id : 476
    requiresRestart : 
              since : 
    deprecatedSince : 

zimbraReverseProxyRouteLookupTimeout


zimbraReverseProxyRouteLookupTimeout
    Time interval after which NGINX will fail over to the next route
    lookup handler, if a handler does not respond to the route lookup
    request within this time. Must be in valid duration format:
    {digits}{time-unit}. digits: 0-9, time-unit: [hmsd]|ms. h - hours, m -
    minutes, s - seconds, d - days, ms - milliseconds. If time unit is not
    specified, the default is s(seconds).

               type : duration
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : 15s
                min : 0
                max : 
                 id : 745
    requiresRestart : nginxproxy
              since : 5.0.10
    deprecatedSince : 

zimbraReverseProxyRouteLookupTimeoutCache


zimbraReverseProxyRouteLookupTimeoutCache
    Time interval (ms) given to mail route lookup handler to cache a
    failed response to route a previous lookup request (after this time
    elapses, Proxy retries this host). Must be in valid duration format:
    {digits}{time-unit}. digits: 0-9, time-unit: [hmsd]|ms. h - hours, m -
    minutes, s - seconds, d - days, ms - milliseconds. If time unit is not
    specified, the default is s(seconds).

               type : duration
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : 60s
                min : 0
                max : 
                 id : 778
    requiresRestart : nginxproxy
              since : 5.0.12
    deprecatedSince : 

zimbraReverseProxySSLCiphers


zimbraReverseProxySSLCiphers
    permitted ciphers for reverse proxy. Ciphers are in the formats
    supported by OpenSSL e.g.
    ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; if not set,
    default ciphers permitted by nginx will apply

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:E
CDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:
ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:
DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:
AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:
RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
                min : 
                max : 
                 id : 640
    requiresRestart : nginxproxy
              since : 5.0.5
    deprecatedSince : 

zimbraReverseProxySSLToUpstreamEnabled


zimbraReverseProxySSLToUpstreamEnabled
    If set as TRUE, proxy will use SSL to connect to the upstream mail
    servers for web and mail proxy. Note admin console proxy always use
    https no matter how this attr is set.

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : TRUE
                min : 
                max : 
                 id : 1360
    requiresRestart : 
              since : 8.0.0
    deprecatedSince : 

zimbraReverseProxySendImapId


zimbraReverseProxySendImapId
    whether nginx should send ID command for imap

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : TRUE
                min : 
                max : 
                 id : 588
    requiresRestart : nginxproxy
              since : 5.0.1
    deprecatedSince : 

zimbraReverseProxySendPop3Xoip


zimbraReverseProxySendPop3Xoip
    whether nginx should send XOIP command for pop3

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : TRUE
                min : 
                max : 
                 id : 587
    requiresRestart : nginxproxy
              since : 5.0.1
    deprecatedSince : 

zimbraReverseProxyUpstreamConnectTimeout


zimbraReverseProxyUpstreamConnectTimeout
    The connect timeout is the time interval after which NGINX will
    disconnect while establishing an upstream HTTP connection. Measured in
    seconds, should not be more than 75 seconds.

               type : integer
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : 25
                min : 0
                max : 75
                 id : 1440
    requiresRestart : 
              since : 8.0.4
    deprecatedSince : 

zimbraReverseProxyUpstreamPollingTimeout


zimbraReverseProxyUpstreamPollingTimeout
    The read timeout for long polling support by proxy, e.g. ActiveSync
    for mobile devices. . Must be in valid duration format:
    {digits}{time-unit}. digits: 0-9, time-unit: [hmsd]|ms. h - hours, m -
    minutes, s - seconds, d - days, ms - milliseconds. If time unit is not
    specified, the default is s(seconds).

               type : duration
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : 1h
                min : 0
                max : 
                 id : 1337
    requiresRestart : 
              since : 7.1.4
    deprecatedSince : 

zimbraReverseProxyUpstreamReadTimeout


zimbraReverseProxyUpstreamReadTimeout
    The read timeout for the response of upstream server, which determines
    how long nginx will wait to get the response to a request. . Must be
    in valid duration format: {digits}{time-unit}. digits: 0-9, time-unit:
    [hmsd]|ms. h - hours, m - minutes, s - seconds, d - days, ms -
    milliseconds. If time unit is not specified, the default is
    s(seconds).

               type : duration
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : 60s
                min : 0
                max : 
                 id : 1335
    requiresRestart : 
              since : 7.1.4
    deprecatedSince : 

zimbraReverseProxyUpstreamSendTimeout


zimbraReverseProxyUpstreamSendTimeout
    The send timeout of transfering a request to the upstream server. If
    after this time the upstream server doesn't take new data, proxy will
    close the connection. . Must be in valid duration format:
    {digits}{time-unit}. digits: 0-9, time-unit: [hmsd]|ms. h - hours, m -
    minutes, s - seconds, d - days, ms - milliseconds. If time unit is not
    specified, the default is s(seconds).

               type : duration
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : 60s
                min : 0
                max : 
                 id : 1336
    requiresRestart : 
              since : 7.1.4
    deprecatedSince : 

zimbraReverseProxyUpstreamServers


zimbraReverseProxyUpstreamServers
    The servers to be included in the "upstream" block in the nginx web
    proxy config file. The servers configured here will only affect the
    proxy of pre-login requests. Leaving empty means using all the servers
    whose zimbraReverseProxyLookupTarget is TRUE.

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : multi
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : 
                min : 
                max : 
                 id : 1378
    requiresRestart : 
              since : 8.0.0
    deprecatedSince : 

zimbraReverseProxyUseExternalRoute


zimbraReverseProxyUseExternalRoute
    There is a deployment scenario for migrations where all of the
    customers users are pointed at the zimbra POP IMAP reverse proxy. We
    then want their connections proxied back to the legacy system for
    not-yet-non-migrated users. If this attribute is TRUE, reverse proxy
    lookup servlet should check to see if zimbraExternal* is set on the
    domain. If so it is used. If not, lookup proceeds as usual.

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : account,domain
              flags : domainAdminModifiable
           defaults : 
                min : 
                max : 
                 id : 779
    requiresRestart : 
              since : 5.0.12
    deprecatedSince : 

zimbraReverseProxyUseExternalRouteIfAccountNotExist


zimbraReverseProxyUseExternalRouteIfAccountNotExist
    Use external route configured on domain if account cannot be found.
    Also see zimbraReverseProxyUseExternalRoute.

               type : boolean
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : domain
              flags : domainAdminModifiable
           defaults : 
                min : 
                max : 
                 id : 1132
    requiresRestart : 
              since : 7.0.0
    deprecatedSince : 

zimbraReverseProxyUserLoginLimit


zimbraReverseProxyUserLoginLimit
    Limit how many times a user can login via the proxy. Setting limit to
    100 and time to 3600 means: allow maximum 100 logins per hour for any
    user. As with the ip counterparts, the user hit counter and timeout
    are cumulative for all protocols. Also, for a given users login, both
    counters are checked in succession, with the IP counter being checked
    first. A login may be rejected (throttled) because the IP is
    over-usage, or because the login name itself is over-usage. A value of
    0 indicates that no throttling will take place for any user.

               type : integer
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : 0
                min : 0
                max : 
                 id : 624
    requiresRestart : nginxproxy
              since : 5.0.3
    deprecatedSince : 

zimbraReverseProxyUserLoginLimitTime


zimbraReverseProxyUserLoginLimitTime
    Sets the time-to-live for the hit counter for per user login
    throttling.

               type : integer
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : 3600
                min : 0
                max : 
                 id : 625
    requiresRestart : nginxproxy
              since : 5.0.3
    deprecatedSince : 

zimbraReverseProxyUserNameAttribute


zimbraReverseProxyUserNameAttribute
    LDAP attribute that contains user name for the principal

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : 
                min : 
                max : 
                 id : 572
    requiresRestart : 
              since : 5.0.0
    deprecatedSince : 

zimbraReverseProxyUserThrottleMsg


zimbraReverseProxyUserThrottleMsg
    The error message with which a login attempt by a user will be
    throttled, if the attempt count exceeds the configured limit

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig
              flags : 
           defaults : Login rejected for this user
                min : 
                max : 
                 id : 726
    requiresRestart : nginxproxy
              since : 5.0.10
    deprecatedSince : 

zimbraReverseProxyWorkerConnections


zimbraReverseProxyWorkerConnections
    Maximum number of connections that an NGINX Proxy worker process is
    allowed to handle

               type : integer
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : 10240
                min : 1
                max : 40960
                 id : 725
    requiresRestart : nginxproxy
              since : 5.0.10
    deprecatedSince : 

zimbraReverseProxyWorkerProcesses


zimbraReverseProxyWorkerProcesses
    Number of worker processes of NGINX Proxy

               type : integer
              value : 
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : 4
                min : 1
                max : 16
                 id : 724
    requiresRestart : nginxproxy
              since : 5.0.10
    deprecatedSince :

New 8.5 attributes

zimbraReverseProxyAcceptMutex


zimbraReverseProxyAcceptMutex
    on - accept_mutex flag 'on' for the reverse proxy. This is default.
    off - accept_mutex flag 'off' for the reverse proxy. Turning it off
    will get much better distribution of client connections between
    workers.

               type : enum
              value : on,off
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : on
                min : 
                max : 
                 id : 1594
    requiresRestart : nginxproxy
              since : 8.5.0
    deprecatedSince : 

zimbraReverseProxyUpstreamEwsServers


zimbraReverseProxyUpstreamEwsServers
    The servers running mailbox with EWS functionality to be included in
    the "ews" block in the nginx web proxy config file

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : multi
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : 
                min : 
                max : 
                 id : 1595
    requiresRestart : 
              since : 8.5.0
    deprecatedSince : 

zimbraReverseProxyUpstreamLoginServers


zimbraReverseProxyUpstreamLoginServers
    The servers to be included in the login block in the nginx web proxy
    config file. The servers configured here will only affect the proxy of
    login URL requests.

               type : string
              value : 
           callback : 
          immutable : false
        cardinality : multi
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : 
                min : 
                max : 
                 id : 1603
    requiresRestart : 
              since : 8.5.0
    deprecatedSince : 

zimbraReverseProxyExactServerVersionCheck


zimbraReverseProxyExactServerVersionCheck
    Whether nginx will match exact server version against the version
    received in the client request (in ZM_AUTH_TOKEN). Defaults to on.
    Setting this to off will make nginx compare only the major and minor
    server versions (eg. all 8.5.x will be treated same by nginx)

               type : enum
              value : on,off
           callback : 
          immutable : false
        cardinality : single
         requiredIn : 
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : on
                min : 
                max : 
                 id : 1616
    requiresRestart : nginxproxy
              since : 8.5.0
    deprecatedSince : 


Nginx Configuration Directive Reference Introduction

Almost all the configuration directives for Zimbra NGINX Proxy are controlled by LDAP attributes, and in some cases, by LocalConfig values. To simplify the Proxy Configuration, the NGINX Proxy Configuration Generator reads these LDAP/LocalConfig values, and generates the Proxy configuration files. To allow more flexibility to the process of config generation, the Config Generator reads in a set of template files, substitutes certain keywords with the actual values from LDAP/LocalConfig, and generates the configuration files for use with NGINX.

Both, the Proxy configuration files, and the Proxy configuration templates, are hierarchical in nature, which means that a main, top-level configuration file or template, includes other configuration files or templates respectively. Refer to the NGINX Configuration Structure for the Proxy Configuration Inclusion Hierarchy

Configuration Keywords

core.workdir


 NGINX Keyword:         core.workdir
 Description:           Working Directory for NGINX worker processes
 Controlling Attribute: (none)
 Default Value:         /opt/zimbra
 Config Text:           /opt/zimbra
 How to modify:         N/A

core.includes


 NGINX Keyword:         core.includes
 Description:           Include directory (relative to ${core.workdir}/conf) containing sub-configuration files
 Controlling Attribute: (none)
 Default Value:         nginx/includes
 Config Text:           nginx/includes
 How to modify:         N/A

core.cprefix


 NGINX Keyword:         core.cprefix
 Description:           Common config file prefix
 Controlling Attribute: (none)
 Default Value:         nginx.conf
 Config Text:           nginx.conf
 How to modify:         N/A

core.tprefix


 NGINX Keyword:         core.tprefix
 Description:           Common template file prefix
 Controlling Attribute: (none)
 Default Value:         nginx.conf
 Config Text:           nginx.conf
 How to modify:         N/A

core.ipv4only.enabled


 NGINX Keyword:         core.ipv4only.enabled
 Description:               Whether ipv4 is enabled for the proxy or not (based on zimbraIPMode)
 Controlling Attribute: (none)
 Default Value:            false
 Config Text:              N/A
 How to modify:          N/A

core.ipv6only.enabled


 NGINX Keyword:         core.ipv6only.enabled
 Description:            Whether ipv6 is enabled for the proxy or not (based on zimbraIPMode)
 Controlling Attribute: (none)
 Default Value:         false
 Config Text:             N/A
 How to modify:         N/A

core.ipboth.enabled


 NGINX Keyword:         core.ipboth.enabled
 Description:            Whether ipv4 & ipv6 both are enabled for the proxy or not (based on zimbraIPMode)
 Controlling Attribute: (none)
 Default Value:         true
 Config Text:             N/A
 How to modify:         N/A

mail.:auth_http


 NGINX Keyword:         mail.:auth_http
 Description:           List of mail route lookup handlers (i.e. servers for which zimbraReverseProxyLookupTarget is true)
 Controlling Attribute: zimbraReverseProxyLookupTarget
 Default Value:         []
 Current Value:         [<server>:7072]
 Config Text:               auth_http   <server>:7072/service/extension/nginx-lookup;
 How to modify:         zmprov ms <server> zimbraReverseProxyLookupTarget TRUE       // to add a server to route-lookup list
                        zmprov ms <server> zimbraReverseProxyLookupTarget FALSE      // to remove a server from route-lookup list

mail.authwait


 NGINX Keyword:         mail.authwait
 Description:           Time delay (ms) after which an incorrect POP/IMAP login attempt will be rejected
 Controlling Attribute: zimbraReverseProxyAuthWaitInterval
 Default Value:         10000
 Config Text:           10000ms
 How to modify:         zmprov mcf zimbraReverseProxyAuthWaitInterval 15s            // s=seconds, m=minutes, h=hours, d=days

mail.defaultrealm


 NGINX Keyword:         mail.defaultrealm
 Description:           Default SASL realm used in case Kerberos principal does not contain realm information
 Controlling Attribute: zimbraReverseProxyDefaultRealm
 Default Value:         
 Config Text:           
 How to modify:         zmprov ms <server> zimbraReverseProxyDefaultRealm MYREALM.COM

mail.dpasswd


 NGINX Keyword:         mail.dpasswd
 Description:           Password for master credentials used by NGINX to log in to upstream for GSSAPI authentication
 Controlling Attribute: ldap_nginx_password
 Default Value:         zmnginx
 Config Text:           zmnginx
 How to modify:         N/A

mail.enabled


 NGINX Keyword:         mail.enabled
 Description:           Indicates whether Mail Proxy is enabled
 Controlling Attribute: zimbraReverseProxyMailEnabled
 Default Value:         true
 Config Text:           
 How to modify:         zmprov ms <server> zimbraReverseProxyMailEnabled FALSE

mail.imap.authgssapi.enabled


 NGINX Keyword:         mail.imap.authgssapi.enabled
 Description:           Whether SASL GSSAPI is enabled for IMAP
 Controlling Attribute: zimbraReverseProxyImapSaslGssapiEnabled
 Default Value:         false
 Config Text:           
 How to modify:         zmprov ms <server> zimbraReverseProxyImapSaslGssapiEnabled TRUE

mail.imap.authplain.enabled


 NGINX Keyword:         mail.imap.authplain.enabled
 Description:           Whether SASL PLAIN is enabled for IMAP
 Controlling Attribute: zimbraReverseProxyImapSaslPlainEnabled
 Default Value:         true
 Config Text:           
 How to modify:         zmprov ms <server> zimbraReverseProxyImapSaslPlainEnabled FALSE

mail.imap.greeting


 NGINX Keyword:         mail.imap.greeting
 Description:           Proxy IMAP banner message (contains build version if zimbraReverseProxyImapExposeVersionOnBanner is true)
 Controlling Attribute: zimbraReverseProxyPop3ExposeVersionOnBanner
 Default Value:         
 Config Text:           
 How to modify:         zmprov ms zimbraReverseProxyPop3ExposeVersionOnBanner TRUE

mail.imap.literalauth


 NGINX Keyword:         mail.imap.literalauth
 Description:           Whether NGINX uses literal strings for user name/password when logging in to upstream IMAP server - if false, NGINX uses quoted strings
 Controlling Attribute: (none)
 Default Value:         true
 Config Text:           on
 How to modify:         N/A

mail.imap.port


 NGINX Keyword:         mail.imap.port
 Description:           Mail Proxy IMAP Port
 Controlling Attribute: zimbraImapProxyBindPort
 Default Value:         143
 Config Text:           143
 How to modify:         N/A

mail.imap.tls


 NGINX Keyword:         mail.imap.tls
 Description:           TLS support for IMAP - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel
 Controlling Attribute: zimbraReverseProxyImapStartTlsMode
 Default Value:         only
 Config Text:           on
 How to modify:         N/A

mail.imapcapa


 NGINX Keyword:         mail.imapcapa
 Description:           IMAP Capability List
 Controlling Attribute: zimbraReverseProxyImapEnabledCapability
 Default Value:         []
 Current Value:         [ACL, BINARY, CATENATE, CHILDREN, CONDSTORE, ENABLE, ESEARCH, ESORT, I18NLEVEL=1, ID, IDLE, IMAP4rev1, LIST-EXTENDED, LITERAL+, MULTIAPPEND, NAMESPACE, QRESYNC, QUOTA, RIGHTS=ektx, SASL-IR, SEARCHRES, SORT, THREAD=ORDEREDSUBJECT, UIDPLUS, UNSELECT, WITHIN]
 Config Text:            "ACL" "BINARY" "CATENATE" "CHILDREN" "CONDSTORE" "ENABLE" "ESEARCH" "ESORT" "I18NLEVEL=1" "ID" "IDLE" "IMAP4rev1" "LIST-EXTENDED" "LITERAL+" "MULTIAPPEND" "NAMESPACE" "QRESYNC" "QUOTA" "RIGHTS=ektx" "SASL-IR" "SEARCHRES" "SORT" "THREAD=ORDEREDSUBJECT" "UIDPLUS" "UNSELECT" "WITHIN"
 How to modify:         N/A

mail.imapid


 NGINX Keyword:         mail.imapid
 Description:           NGINX response to IMAP ID command
 Controlling Attribute: (none)
 Default Value:         "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"
 Current Value:         "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"
 Config Text:           "NAME" "Zimbra" "VERSION" "5.0" "RELEASE" "zimbra"
 How to modify:         N/A

mail.imaps.port


 NGINX Keyword:         mail.imaps.port
 Description:           Mail Proxy IMAPS Port
 Controlling Attribute: zimbraImapSSLProxyBindPort
 Default Value:         993
 Config Text:           993
 How to modify:         N/A

mail.ipmax


 NGINX Keyword:         mail.ipmax
 Description:           IP Login Limit (Throttle) - 0 means infinity
 Controlling Attribute: zimbraReverseProxyIPLoginLimit
 Default Value:         0
 Config Text:           0
 How to modify:         N/A

mail.iprej


 NGINX Keyword:         mail.iprej
 Description:           Rejection message for IP throttle
 Controlling Attribute: zimbraReverseProxyIpThrottleMsg
 Default Value:         Login rejected from this IP
 Config Text:           Login rejected from this IP
 How to modify:         N/A

mail.ipttl


 NGINX Keyword:         mail.ipttl
 Description:           Time interval (ms) after which IP Login Counter is reset
 Controlling Attribute: zimbraReverseProxyIPLoginLimitTime
 Default Value:         3600000
 Config Text:           3600000ms
 How to modify:         N/A

mail.passerrors


 NGINX Keyword:         mail.passerrors
 Description:           Indicates whether mail proxy will pass any protocol specific errors from the upstream server back to the downstream client
 Controlling Attribute: zimbraReverseProxyPassErrors
 Default Value:         true
 Config Text:           on
 How to modify:         N/A

mail.pop3.authgssapi.enabled


 NGINX Keyword:         mail.pop3.authgssapi.enabled
 Description:           Whether SASL GSSAPI is enabled for POP3
 Controlling Attribute: zimbraReverseProxyPop3SaslGssapiEnabled
 Default Value:         false
 Config Text:           
 How to modify:         N/A

mail.pop3.authplain.enabled


 NGINX Keyword:         mail.pop3.authplain.enabled
 Description:           Whether SASL PLAIN is enabled for POP3
 Controlling Attribute: zimbraReverseProxyPop3SaslPlainEnabled
 Default Value:         true
 Config Text:           
 How to modify:         N/A

mail.pop3.greeting


 NGINX Keyword:         mail.pop3.greeting
 Description:           Proxy POP3 banner message (contains build version if zimbraReverseProxyPop3ExposeVersionOnBanner is true)
 Controlling Attribute: zimbraReverseProxyPop3ExposeVersionOnBanner
 Default Value:         
 Config Text:           
 How to modify:         N/A

mail.pop3.port


 NGINX Keyword:         mail.pop3.port
 Description:           Mail Proxy POP3 Port
 Controlling Attribute: zimbraPop3ProxyBindPort
 Default Value:         110
 Config Text:           110
 How to modify:         N/A

mail.pop3.tls


 NGINX Keyword:         mail.pop3.tls
 Description:           TLS support for POP3 - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel
 Controlling Attribute: zimbraReverseProxyPop3StartTlsMode
 Default Value:         only
 Config Text:           on
 How to modify:         N/A

mail.pop3capa


 NGINX Keyword:         mail.pop3capa
 Description:           POP3 Capability List
 Controlling Attribute: zimbraReverseProxyPop3EnabledCapability
 Default Value:         []
 Current Value:         [EXPIRE 31 USER, TOP, UIDL, USER, XOIP]
 Config Text:            "EXPIRE 31 USER" "TOP" "UIDL" "USER" "XOIP"
 How to modify:         N/A

mail.pop3s.port


 NGINX Keyword:         mail.pop3s.port
 Description:           Mail Proxy POP3S Port
 Controlling Attribute: zimbraPop3SSLProxyBindPort
 Default Value:         995
 Config Text:           995
 How to modify:         N/A

mail.sasl_host_from_ip


 NGINX Keyword:         mail.sasl_host_from_ip
 Description:           Whether to use incoming interface IP address to determine service principal name (if true, IP address is reverse mapped to DNS name, else host name of proxy is used)
 Controlling Attribute: krb5_service_principal_from_interface_address
 Default Value:         false
 Config Text:           off
 How to modify:         N/A

mail.saslapp


 NGINX Keyword:         mail.saslapp
 Description:           Application name used by NGINX to initialize SASL authentication
 Controlling Attribute: (none)
 Default Value:         nginx
 Config Text:           nginx
 How to modify:         N/A

mail.ssl.cert


 NGINX Keyword:         mail.ssl.cert
 Description:           Mail Proxy SSL certificate file
 Controlling Attribute: (none)
 Default Value:         /opt/zimbra/conf/nginx.crt
 Config Text:           /opt/zimbra/conf/nginx.crt
 How to modify:         N/A

mail.ssl.ciphers


 NGINX Keyword:         mail.ssl.ciphers
 Description:           Permitted ciphers for mail proxy
 Controlling Attribute: zimbraReverseProxySSLCiphers
 Default Value:         !SSLv2:!MD5:HIGH
 Config Text:           !SSLv2:!MD5:HIGH
 How to modify:         N/A

mail.ssl.key


 NGINX Keyword:         mail.ssl.key
 Description:           Mail Proxy SSL certificate key
 Controlling Attribute: (none)
 Default Value:         /opt/zimbra/conf/nginx.key
 Config Text:           /opt/zimbra/conf/nginx.key
 How to modify:         N/A

mail.ssl.preferserverciphers


 NGINX Keyword:         mail.ssl.preferserverciphers
 Description:           Requires protocols SSLv3 and TLSv1 server ciphers be preferred over the client's ciphers
 Controlling Attribute: (none)
 Default Value:         true
 Config Text:           on
 How to modify:         N/A

mail.timeout


 NGINX Keyword:         mail.timeout
 Description:           Time interval (ms) after which, if a POP/IMAP connection is inactive, it will be automatically disconnected
 Controlling Attribute: zimbraReverseProxyInactivityTimeout
 Default Value:         3600000
 Config Text:           3600000ms
 How to modify:         N/A

mail.upstream.imapid


 NGINX Keyword:         mail.upstream.imapid
 Description:           Whether NGINX issues the IMAP ID command to the upstream server prior to logging in (audit purpose)
 Controlling Attribute: zimbraReverseProxySendImapId
 Default Value:         true
 Config Text:           on
 How to modify:         N/A

mail.upstream.pop3xoip


 NGINX Keyword:         mail.upstream.pop3xoip
 Description:           Whether NGINX issues the POP3 XOIP command to the upstream server prior to logging in (audit purpose)
 Controlling Attribute: zimbraReverseProxySendPop3Xoip
 Default Value:         true
 Config Text:           on
 How to modify:         N/A

mail.usermax


 NGINX Keyword:         mail.usermax
 Description:           User Login Limit (Throttle) - 0 means infinity
 Controlling Attribute: zimbraReverseProxyUserLoginLimit
 Default Value:         0
 Config Text:           0
 How to modify:         N/A

mail.userrej


 NGINX Keyword:         mail.userrej
 Description:           Rejection message for User throttle
 Controlling Attribute: zimbraReverseProxyUserThrottleMsg
 Default Value:         Login rejected for this user
 Config Text:           Login rejected for this user
 How to modify:         N/A

mail.userttl


 NGINX Keyword:         mail.userttl
 Description:           Time interval (ms) after which User Login Counter is reset
 Controlling Attribute: zimbraReverseProxyUserLoginLimitTime
 Default Value:         3600000
 Config Text:           3600000ms
 How to modify:         N/A

main.connections


 NGINX Keyword:         main.connections
 Description:           Maximum number of simultaneous connections per worker process
 Controlling Attribute: zimbraReverseProxyWorkerConnections
 Default Value:         10240
 Config Text:           10240
 How to modify:         N/A

main.group


 NGINX Keyword:         main.group
 Description:           The group as which the worker processes will run
 Controlling Attribute: (none)
 Default Value:         zimbra
 Config Text:           zimbra
 How to modify:         N/A

main.krb5keytab


 NGINX Keyword:         main.krb5keytab
 Description:           Path to kerberos keytab file used for GSSAPI authentication
 Controlling Attribute: krb5_keytab
 Default Value:         /opt/zimbra/conf/krb5.keytab
 Config Text:           /opt/zimbra/conf/krb5.keytab
 How to modify:         N/A

main.logfile


 NGINX Keyword:         main.logfile
 Description:           Log file path (relative to ${core.workdir})
 Controlling Attribute: (none)
 Default Value:         log/nginx.log
 Config Text:           log/nginx.log
 How to modify:         N/A

main.loglevel


 NGINX Keyword:         main.loglevel
 Description:           Log level - can be debug|info|notice|warn|error|crit
 Controlling Attribute: zimbraReverseProxyLogLevel
 Default Value:         info
 Config Text:           info
 How to modify:         N/A

main.pidfile


 NGINX Keyword:         main.pidfile
 Description:           PID file path (relative to ${core.workdir})
 Controlling Attribute: (none)
 Default Value:         log/nginx.pid
 Config Text:           log/nginx.pid
 How to modify:         N/A

main.user


 NGINX Keyword:         main.user
 Description:           The user as which the worker processes will run
 Controlling Attribute: (none)
 Default Value:         zimbra
 Config Text:           zimbra
 How to modify:         N/A

main.workers


 NGINX Keyword:         main.workers
 Description:           Number of worker processes
 Controlling Attribute: zimbraReverseProxyWorkerProcesses
 Default Value:         4
 Config Text:           4
 How to modify:         N/A

memcache.:servers


 NGINX Keyword:         memcache.:servers
 Description:           List of known memcache servers (i.e. servers having imapproxy service enabled)
 Controlling Attribute: (none)
 Default Value:         []
 Current Value:         [<server>:11211]
 Config Text:             servers   <server>:11211;
 How to modify:         N/A

memcache.reconnect


 NGINX Keyword:         memcache.reconnect
 Description:           Time (ms) after which NGINX will attempt to re-establish a broken connection to a memcache server
 Controlling Attribute: zimbraReverseProxyCacheReconnectInterval
 Default Value:         60000
 Config Text:           60000ms
 How to modify:         N/A

memcache.timeout


 NGINX Keyword:         memcache.timeout
 Description:           Time (ms) given to a cache-fetch operation to complete
 Controlling Attribute: zimbraReverseProxyCacheFetchTimeout
 Default Value:         3000
 Config Text:           3000ms
 How to modify:         N/A

memcache.ttl


 NGINX Keyword:         memcache.ttl
 Description:           Time interval (ms) for which cached entries remain in memcache
 Controlling Attribute: zimbraReverseProxyCacheEntryTTL
 Default Value:         3600000
 Config Text:           3600000ms
 How to modify:         N/A

memcache.unqual


 NGINX Keyword:         memcache.unqual
 Description:           Deprecated - always set to false
 Controlling Attribute: (none)
 Default Value:         false
 Config Text:           off
 How to modify:         N/A

web.:routehandlers


 NGINX Keyword:         web.:routehandlers
 Description:           List of web route lookup handlers (i.e. servers for which zimbraReverseProxyLookupTarget is true)
 Controlling Attribute: zimbraReverseProxyLookupTarget
 Default Value:         []
 Current Value:         [<server>:7072]
 Config Text:               zmroutehandlers   <server>:7072/service/extension/nginx-lookup;
 How to modify:         N/A

web.enabled


 NGINX Keyword:         web.enabled
 Description:           Indicates whether HTTP proxying is enabled
 Controlling Attribute: zimbraReverseProxyHttpEnabled
 Default Value:         false
 Config Text:           
 How to modify:         N/A

web.http.enabled


 NGINX Keyword:         web.http.enabled
 Description:           Indicates whether HTTP Proxy will accept connections on HTTP (true unless zimbraReverseProxyMailMode is 'https')
 Controlling Attribute: (none)
 Default Value:         true
 Config Text:           
 How to modify:         N/A

web.http.maxbody


 NGINX Keyword:         web.http.maxbody
 Description:           Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413
 Controlling Attribute: zimbraFileUploadMaxSize
 Default Value:         10485760
 Config Text:           10485760
 How to modify:         N/A

web.http.port


 NGINX Keyword:         web.http.port
 Description:           Web Proxy HTTP Port
 Controlling Attribute: zimbraMailProxyPort
 Default Value:         0
 Config Text:           80
 How to modify:         N/A

web.http.uport


 NGINX Keyword:         web.http.uport
 Description:           Web upstream server port
 Controlling Attribute: zimbraMailPort
 Default Value:         80
 Config Text:           7070
 How to modify:         N/A

web.https.enabled


 NGINX Keyword:         web.https.enabled
 Description:           Indicates whether HTTP Proxy will accept connections on HTTPS (true unless zimbraReverseProxyMailMode is 'http')
 Controlling Attribute: (none)
 Default Value:         true
 Config Text:           
 How to modify:         N/A

web.https.maxbody


 NGINX Keyword:         web.https.maxbody
 Description:           Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413
 Controlling Attribute: zimbraFileUploadMaxSize
 Default Value:         10485760
 Config Text:           10485760
 How to modify:         N/A

web.https.port


 NGINX Keyword:         web.https.port
 Description:           Web Proxy HTTPS Port
 Controlling Attribute: zimbraMailSSLProxyPort
 Default Value:         0
 Config Text:           443
 How to modify:         N/A

web.mailmode


 NGINX Keyword:         web.mailmode
 Description:           Reverse Proxy Mail Mode - can be http|https|both|redirect|mixed
 Controlling Attribute: zimbraReverseProxyMailMode
 Default Value:         both
 Config Text:           mixed
 How to modify:         N/A

web.routetimeout


 NGINX Keyword:         web.routetimeout
 Description:           Time interval (ms) given to web route lookup handler to respond to route lookup request (after this time elapses, Proxy fails over to next handler, or fails the request if there are no more lookup handlers)
 Controlling Attribute: (none)
 Default Value:         15000
 Config Text:           15000ms
 How to modify:         N/A

web.ssl.cert


 NGINX Keyword:         web.ssl.cert
 Description:           Web Proxy SSL certificate path
 Controlling Attribute: (none)
 Default Value:         /opt/zimbra/conf/nginx.crt
 Config Text:           /opt/zimbra/conf/nginx.crt

web.ssl.key


 NGINX Keyword:         web.ssl.key
 Description:           Web Proxy SSL certificate key
 Controlling Attribute: (none)
 Default Value:         /opt/zimbra/conf/nginx.key
 Config Text:           /opt/zimbra/conf/nginx.key
 How to modify:         N/A

web.uploadmax


 NGINX Keyword:         web.uploadmax
 Description:           Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413
 Controlling Attribute: zimbraFileUploadMaxSize
 Default Value:         10485760
 Config Text:           10485760
 How to modify:         N/A

web.upstream.webclient:servers


 NGINX Keyword:         web.upstream.webclient:servers
 Description:           List of upstream HTTP webclient servers used by Web Proxy (i.e. webclient servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both)
 Controlling Attribute: zimbraReverseProxyLookupTarget
 Default Value:         []
 Current Value:         [<server>:7070]
 Config Text:               server   <server>:7070;
 How to modify:         N/A

web.upstream.webclient.name


 NGINX Keyword:         web.upstream.webclient.name
 Description:           Symbolic name for HTTP webclient upstream cluster
 Controlling Attribute: (none)
 Default Value:         zimbra_webclient
 Config Text:           zimbra_webclient
 How to modify:         N/A

web.upstream.:servers


 NGINX Keyword:         web.upstream.:servers
 Description:           List of upstream HTTP servers used by Web Proxy (i.e. mailclient servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both)
 Controlling Attribute: zimbraReverseProxyLookupTarget
 Default Value:         []
 Current Value:         [<server>:7070]
 Config Text:               server   <server>:7070;
 How to modify:         N/A

web.upstream.name


 NGINX Keyword:         web.upstream.name
 Description:           Symbolic name for HTTP mailclient upstream cluster
 Controlling Attribute: (none)
 Default Value:         zimbra
 Config Text:           zimbra
 How to modify:         N/A

web.ssl.upstream.webclient:servers


 NGINX Keyword:         web.ssl.upstream.webclient:servers
 Description:           List of upstream HTTPS webclient servers used by Web Proxy (i.e. webclient servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both)
 Controlling Attribute: zimbraReverseProxyLookupTarget
 Default Value:         []
 Current Value:         [<server>:7070]
 Config Text:               server   <server>:7070;
 How to modify:         N/A

web.ssl.upstream.webclient.name


 NGINX Keyword:         web.ssl.upstream.webclient.name
 Description:           Symbolic name for HTTPS webclient upstream cluster
 Controlling Attribute: (none)
 Default Value:         zimbra_ssl_webclient
 Config Text:           zimbra_ssl_webclient
 How to modify:         N/A

web.ssl.upstream.:servers


 NGINX Keyword:         web.ssl.upstream.:servers
 Description:           List of upstream HTTPS mailclient servers used by Web Proxy (i.e. mailclient servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both)
 Controlling Attribute: zimbraReverseProxyLookupTarget
 Default Value:         []
 Current Value:         [<server>:7070]
 Config Text:               server   <server>:7070;
 How to modify:         N/A

web.ssl.upstream.name


 NGINX Keyword:         web.ssl.upstream.name
 Description:           Symbolic name for HTTP mailclient upstream cluster
 Controlling Attribute: (none)
 Default Value:         zimbra_ssl
 Config Text:           zimbra_ssl
 How to modify:         N/A

web.admin.upstream.adminclient.:servers


 NGINX Keyword:         web.admin.upstream.adminclient:servers
 Description:           List of upstream admin client servers used by Web Proxy (i.e. adminclient servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both)
 Controlling Attribute: zimbraReverseProxyLookupTarget
 Default Value:         []
 Current Value:         [<server>:7071]
 Config Text:               server   <server>:7071;
 How to modify:         N/A

web.admin.upstream.adminclient.name


 NGINX Keyword:         web.admin.upstream.adminclient.name
 Description:           Symbolic name for admin client upstream cluster
 Controlling Attribute: (none)
 Default Value:         zimbra_adminclient
 Config Text:           zimbra_adminclient
 How to modify:         N/A

web.admin.upstream.:servers


 NGINX Keyword:         web.admin.upstream.:servers
 Description:           List of upstream admin servers used by Web Proxy (i.e. admin servers for which zimbraReverseProxyLookupTarget is true, and whose mail mode is http|mixed|both)
 Controlling Attribute: zimbraReverseProxyLookupTarget
 Default Value:         []
 Current Value:         [<server>:7071]
 Config Text:               server   <server>:7071;
 How to modify:         N/A

web.admin.upstream.name


 NGINX Keyword:         web.admin.upstream.name
 Description:           Symbolic name for admin upstream cluster
 Controlling Attribute: (none)
 Default Value:         zimbra_admin
 Config Text:           zimbra_admin
 How to modify:         N/A

web.upstream.ewsserver:servers


 NGINX Keyword:         web.upstream.ewsserver:servers
 Description:           List of upstream HTTP EWS servers used by Web Proxy (i.e. servers to which we will proxy EWS requests)
 Controlling Attribute: zimbraReverseProxyUpstreamEwsServers
 Default Value:         []
 Current Value:         [<server>:7070]
 Config Text:               server   <server>:7070;
 How to modify:         N/A

web.ews.upstream.name


 NGINX Keyword:         web.upstream.name
 Description:           Symbolic name for HTTP EWS upstream cluster
 Controlling Attribute: (none)
 Default Value:         zimbra
 Config Text:           zimbra
 How to modify:         N/A

web.ssl.upstream.ewsserver:servers


 NGINX Keyword:         web.ssl.upstream.ewsserver:servers
 Description:           List of upstream HTTPS EWS servers used by Web Proxy (i.e. servers to which we will proxy EWS requests)
 Controlling Attribute: zimbraReverseProxyUpstreamEwsServers
 Default Value:         []
 Current Value:         [<server>:7070]
 Config Text:               server   <server>:7070;
 How to modify:         N/A

web.ssl.ews.upstream.name


 NGINX Keyword:         web.ssl.upstream.name
 Description:           Symbolic name for HTTPS EWS upstream cluster
 Controlling Attribute: (none)
 Default Value:         zimbra_ssl_ews
 Config Text:           zimbra_ssl_ews
 How to modify:         N/A

web.upstream.loginserver.:servers


 NGINX Keyword:         web.upstream.loginserver:servers
 Description:           List of upstream HTTP Login servers used by Web Proxy (i.e. servers to which we will proxy login page requests)
 Controlling Attribute: zimbraReverseProxyUpstreamLoginServers
 Default Value:         []
 Current Value:         [<server>:7070]
 Config Text:               server   <server>:7070;
 How to modify:         N/A

web.login.upstream.name


 NGINX Keyword:         web.login.upstream.name
 Description:           Symbolic name for HTTP Login upstream cluster
 Controlling Attribute: (none)
 Default Value:         zimbra_login
 Config Text:           zimbra_login
 How to modify:         N/A

web.ssl.upstream.loginserver.:servers


 NGINX Keyword:         web.ssl.upstream.loginserver:servers
 Description:           List of upstream HTTP Login servers used by Web Proxy (i.e. servers to which we will proxy login page requests)
 Controlling Attribute: zimbraReverseProxyUpstreamLoginServers
 Default Value:         []
 Current Value:         [<server>:7070]
 Config Text:               server   <server>:7070;
 How to modify:         N/A

web.ssl.login.upstream.name


 NGINX Keyword:         web.ssl.login.upstream.name
 Description:           Symbolic name for HTTPS Login upstream cluster
 Controlling Attribute: (none)
 Default Value:         zimbra_ssl_login
 Config Text:           zimbra_ssl_login
 How to modify:         N/A

max_fails


 NGINX Keyword:         max_fails
 Description:           The max number of unsuccessful attempts to connect to the current server (as an upstream).
                        If this number is reached, proxy will refuse to connect to the current server, wait for
                        zimbraMailProxyReconnectTimeout and then try to reconnect. Default value is 1. Setting
                        this to 0 means turning this check off.
 Controlling Attribute: zimbraMailProxyMaxFails
 Default Value:         1
 Config Text:           server    <server hostname>:<port> max_fails=<value>
 How to modify:         zmprov mcf zimbraMailProxyMaxFails <value>

fail_timeout


 NGINX Keyword:         fail_timeout
 Description:           The time in sec that proxy will reconnect the current server (as an upstream) after
                        connection errors happened before
 Controlling Attribute: zimbraMailProxyReconnectTimeout
 Default Value:         60
 Config Text:           server    <server hostname>:<port> fail_timeout=<value>
 How to modify:         zmprov mcf  zimbraMailProxyReconnectTimeout <value> 

version


 NGINX Keyword:         version
 Description:           Current version of ZCS installed on this server
 Controlling Attribute: zimbraServerVersion
 Default Value:         None
 Config Text:           server    <server hostname>:<port> version=<value>
 How to modify:         Should not be modified. Set by the installer
Verified Against: ZCS 8.0 and later Date Created: 9/5/2014
Article ID: https://wiki.zimbra.com/index.php?title=Zimbra_Proxy_Manual:Configuration_And_Template_Files_And_Proxy_Related_Variables Date Modified: 2016-06-07



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search