Zimbra Proxy Manual:Zimbra Proxy Related CLI Commands

Zimbra Proxy Manual: Zimbra Proxy Related CLI Commands

   KB 21172        Last updated on 06/7/2016  




0.00
(0 votes)
Article-check.png  - This is certified documentation and is protected for editing by Zimbra Employees & Moderators only.
 - This article is a Work in Progress, and may be unfinished or missing sections.

zmproxyconfig


Source: http://wiki.zimbra.com/wiki/Zimbra_Proxy_Guide#Proxy_config_rewrite.28zmproxyconfgen.29.2C_zmproxyconfig_and_zmproxyctl

Syntax And Usage

/opt/zimbra/libexec/zmproxyconfig help

Usage: /opt/zimbra/libexec/zmproxyconfig [-h] [-o] [-m] [-w] [-d [-r] [-s] [-a w1:w2:w3:w4] [-c [-n n1:n2]] [-i p1:p2:p3:p4] [-p p1:p2:p3:p4] [-x mailmode]] [-e [-a w1:w2:w3:w4] -C] [-n n1:n2 [-i p1:p2:p3:p4] [-p p1:p2:p3:p4] [-u|-U] [-x mailmode]] [-f] -H hostname

Description

-h: display this help message

-H: Hostname of server on which enable/disable proxy functionality.

-a: Colon separated list of Web ports to use. Format: HTTP-STORE:HTTP-PROXY:HTTPS-STORE:HTTPS-PROXY (Ex: 8080:80:8443:443)

-d: disable proxy

-e: enable proxy

-f: Full reset on memcached port and search queries and POP/IMAP throttling.

-i: Colon separated list of IMAP ports to use. Format: IMAP-STORE:IMAP-PROXY:IMAPS-STORE:IMAPS-PROXY (Ex: 7143:143:7993:993)

-m: Toggle mail proxy portions

-o: Override enabled checks

-p: Colon separated list of POP ports to use. Format: POP-STORE:POP-PROXY:POPS-STORE:POPS-PROXY (Ex: 7110:110:7995:995)

-r: Run against a remote host. Note that this requires the server to be properly configured in the LDAP master.

-s: Set cleartext to FALSE (secure mode) on disable

-t: Disable reverse proxy lookup target for store server. Only valid with -d. Be sure that you intend for all proxy function for the server to be disabled

-w: Toggle Web proxy portions

-c: Disable Admin Console proxy portions.

-C: Enable Admin Console proxy portions.

-n: Colon separated list of Admin Console ports to use. Format: ADMIN-CONSOLE-STORE:ADMIN-CONSOLE-PROXY (Ex: 7071:9071)

-x: the proxy mail mode when enable proxy, or the store mail mode when disable proxy (Both default: http).

-u: disable SSL connection from proxy to mail store.

-U: enable SSL connection from proxy to mail store.

hostname is the value of the zimbra_server_hostname LC key for the server being modified.

Required options are -f by itself, or -f with -d or -e.

Note that -d or -e require one or both of -m and -w.

Note that -i or -p require -m.

Note that -a requires -w.

Note that -c/-C requires -w, and -n requires -c/-C. When disabling web proxy, admin console proxy will be automatically disabled.

Note that -u or -U are only available when proxy is enabled by -e.

Note that -x requires -w and -d for store.

Note that -x requires -w for proxy.

Note that no matter what mail mode is set by -x and no matter proxy is enabled or disabled, admin console's mode is always https.

The following are the defaults for -a, -i, -p, and -x if they are not supplied as options.

-a default on enable: 8080:80:8443:443

-a default on disable: 80:0:443:0

-i default on enable: 7143:143:7993:993

-i default on disable: 143:7143:993:7993

-p default on enable: 7110:110:7995:995

-p default on disable: 110:7110:995:7995

-n default on enable: 7071:9071

-n default on disable: 7071:9071

-x default on store disable: http

-x default on proxy enable/disable: http, but -x default on proxy enable when upstream ssl connection is enabled: https

eg. To change the value of zimbraReverseProxySSLToUpstreamEnabled from TRUE(default) to FALSE (i.e use http for the proxy<->mailstore connections instead of https), execute this on the server running the proxy

/opt/zimbra/libexec/zmproxyconfig -e -m -w -H <hostname> -u

You will have to restart the proxy after this by running 'zmproxyctl restart'

  • Note: zmproxyconfig is no longer required to enable the proxy if you are doing a fresh installation of ZCS with proxy. The installer already runs this and the proxy is enabled for imap/pop/https access by default. Although it is needed while trying to deploy proxy in existing non-proxy environments when using the existing servers. Kindly refer http://wiki.zimbra.com/wiki/Enabling_Zimbra_Proxy#Using_existing_servers

To See What Current Server Values Are Set As

Single ZCS Server With All Packages Installed Example

For example, from a ZCS 8.5.0 single server with ALL packages installed :

$ zmprov gs `zmhostname` zimbraReverseProxySSLToUpstreamEnabled zimbraReverseProxyLookupTarget \
zimbraReverseProxyHttpEnabled zimbraMailReferMode zimbraMailPort zimbraMailProxyPort zimbraMailSSLPort  zimbraMailSSLProxyPort \
zimbraMailMode zimbraReverseProxyMailEnabled zimbraReverseProxyMailMode zimbraImapBindPort zimbraImapProxyBindPort \
zimbraImapSSLBindPort zimbraImapSSLProxyBindPort zimbraImapCleartextLoginEnabled zimbraPop3BindPort zimbraPop3ProxyBindPort \
zimbraPop3SSLBindPort zimbraPop3SSLProxyBindPort zimbraPop3CleartextLoginEnabled zimbraAdminPort zimbraAdminProxyPort \
zimbraReverseProxyAdminEnabled ; zmprov gs `zmhostname` zimbraServiceEnabled | egrep 'memcache|proxy|mailbox'

# name 850-ldap2.zimbra.DOMAIN.com
zimbraAdminPort: 7071
zimbraAdminProxyPort: 9071
zimbraImapBindPort: 7143
zimbraImapCleartextLoginEnabled: TRUE
zimbraImapProxyBindPort: 143
zimbraImapSSLBindPort: 7993
zimbraImapSSLProxyBindPort: 993
zimbraMailMode: https
zimbraMailPort: 8080
zimbraMailProxyPort: 80
zimbraMailReferMode: reverse-proxied
zimbraMailSSLPort: 8443
zimbraMailSSLProxyPort: 443
zimbraPop3BindPort: 7110
zimbraPop3CleartextLoginEnabled: TRUE
zimbraPop3ProxyBindPort: 110
zimbraPop3SSLBindPort: 7995
zimbraPop3SSLProxyBindPort: 995
zimbraReverseProxyAdminEnabled: FALSE
zimbraReverseProxyHttpEnabled: TRUE
zimbraReverseProxyLookupTarget: TRUE
zimbraReverseProxyMailEnabled: TRUE
zimbraReverseProxyMailMode: https
zimbraReverseProxySSLToUpstreamEnabled: TRUE

zimbraServiceEnabled: mailbox
zimbraServiceEnabled: memcached
zimbraServiceEnabled: proxy
Confirming the Ports

This example is from a ZCS 8.5.0 single server with ALL packages installed. And to see the various ports, as root do the following below. The output shows you: PORT Number | PID/Process Name .

# netstat -anltp | egrep '^tcp' | grep LISTEN | awk '{print $4 " "$7}' | sed -e 's/.*://' | sort -n | uniq

22 1574/sshd
25 10055/master
53 8335/unbound
110 8993/nginx
111 1292/rpcbind
143 8993/nginx
389 7841/slapd
443 8993/nginx
465 10055/master
587 10055/master
631 1436/cupsd
993 8993/nginx
995 8993/nginx
3310 9698/clamd
7025 17148/java
7047 8505/httpd
7071 17148/java
7072 17148/java
7110 17148/java
7143 17148/java
7171 7879/java
7306 8783/mysqld
7780 9761/httpd
7993 17148/java
7995 17148/java
8080 17148/java
8443 17148/java
8465 9729/opendkim
10024 9077/amavisd
10025 10055/master
10026 9077/amavisd
10027 10055/master
10028 10055/master
10029 10055/master
10030 10055/master
10032 9077/amavisd
11211 8973/memcached
23232 9032/perl
23233 9034/perl
40172 1310/rpc.statd
49767 -
53229 -
59982 1310/rpc.statd

Multi-Server Examples

First Node - LDAP-MTA-PROXY
$ zmprov gs `zmhostname` zimbraReverseProxySSLToUpstreamEnabled zimbraReverseProxyLookupTarget \
zimbraReverseProxyHttpEnabled zimbraMailReferMode zimbraMailPort zimbraMailProxyPort zimbraMailSSLPort  \
zimbraMailSSLProxyPort zimbraMailMode zimbraReverseProxyMailEnabled zimbraReverseProxyMailMode \
zimbraImapBindPort zimbraImapProxyBindPort zimbraImapSSLBindPort zimbraImapSSLProxyBindPort \
zimbraImapCleartextLoginEnabled zimbraPop3BindPort zimbraPop3ProxyBindPort zimbraPop3SSLBindPort \
zimbraPop3SSLProxyBindPort zimbraPop3CleartextLoginEnabled zimbraAdminPort zimbraAdminProxyPort \
zimbraReverseProxyAdminEnabled ; zmprov gs `zmhostname` zimbraServiceEnabled | egrep 'memcache|proxy|mailbox'

# name 850-ldap2.zimbra.DOMAIN.com
zimbraAdminPort: 7071
zimbraAdminProxyPort: 9071
zimbraImapBindPort: 7143
zimbraImapCleartextLoginEnabled: FALSE
zimbraImapProxyBindPort: 143
zimbraImapSSLBindPort: 7993
zimbraImapSSLProxyBindPort: 993
zimbraMailPort: 8080
zimbraMailProxyPort: 80
zimbraMailReferMode: wronghost
zimbraMailSSLPort: 8443
zimbraMailSSLProxyPort: 443
zimbraPop3BindPort: 7110
zimbraPop3CleartextLoginEnabled: FALSE
zimbraPop3ProxyBindPort: 110
zimbraPop3SSLBindPort: 7995
zimbraPop3SSLProxyBindPort: 995
zimbraReverseProxyAdminEnabled: FALSE
zimbraReverseProxyHttpEnabled: TRUE
zimbraReverseProxyLookupTarget: FALSE
zimbraReverseProxyMailEnabled: TRUE
zimbraReverseProxyMailMode: https
zimbraReverseProxySSLToUpstreamEnabled: TRUE

zimbraServiceEnabled: memcached
zimbraServiceEnabled: proxy
Second Node - Mailstore Node
$ zmprov gs `zmhostname` zimbraReverseProxySSLToUpstreamEnabled zimbraReverseProxyLookupTarget \
zimbraReverseProxyHttpEnabled zimbraMailReferMode zimbraMailPort zimbraMailProxyPort zimbraMailSSLPort  \
zimbraMailSSLProxyPort zimbraMailMode zimbraReverseProxyMailEnabled zimbraReverseProxyMailMode \
zimbraImapBindPort zimbraImapProxyBindPort zimbraImapSSLBindPort zimbraImapSSLProxyBindPort \
zimbraImapCleartextLoginEnabled zimbraPop3BindPort zimbraPop3ProxyBindPort zimbraPop3SSLBindPort \
zimbraPop3SSLProxyBindPort zimbraPop3CleartextLoginEnabled zimbraAdminPort zimbraAdminProxyPort \
zimbraReverseProxyAdminEnabled ; zmprov gs `zmhostname` zimbraServiceEnabled | egrep 'memcache|proxy|mailbox'

# name 850-store2.zimbra.DOMAIN.com
zimbraAdminPort: 7071
zimbraAdminProxyPort: 9071
zimbraImapBindPort: 143
zimbraImapCleartextLoginEnabled: FALSE
zimbraImapProxyBindPort: 7143
zimbraImapSSLBindPort: 993
zimbraImapSSLProxyBindPort: 7993
zimbraMailMode: https
zimbraMailPort: 80
zimbraMailProxyPort: 8080
zimbraMailReferMode: wronghost
zimbraMailSSLPort: 443
zimbraMailSSLProxyPort: 8443
zimbraPop3BindPort: 110
zimbraPop3CleartextLoginEnabled: FALSE
zimbraPop3ProxyBindPort: 7110
zimbraPop3SSLBindPort: 995
zimbraPop3SSLProxyBindPort: 7995
zimbraReverseProxyAdminEnabled: FALSE
zimbraReverseProxyHttpEnabled: FALSE
zimbraReverseProxyLookupTarget: TRUE
zimbraReverseProxyMailEnabled: TRUE
zimbraReverseProxySSLToUpstreamEnabled: TRUE

zimbraServiceEnabled: mailbox

zmproxyctl


Syntax

zmproxyctl help

Usage : /opt/zimbra/bin/zmproxyctl start|stop|restart|reload|status

Description

zmprov


Syntax

zmprov [cmd]

Description

Long Name Short Name Description
--getAllReverseProxyURLs -garpu Used to list all the upstream mailstore servers (NLEs) that should be used for reverse proxy lookup by the proxy
--getAllReverseProxyBackends -garpb Used to list all the upstream mailstore servers that are reverse-proxied by the proxy
--getAllMtaAuthURLs -gamau Used to publish into saslauthd.conf the servers that should be used for saslauthd.conf MTA auth
--getAllMemcachedServers -gamcs Used to list memcached servers (for Zimbra Proxy use)

zmproxyconfgen


Syntax

Description

zmnginxconf


Syntax

Description

Will be functional again with Bug 95169 being fixed.

zmproxypurge


Syntax

Description

zmproxyinit [ deprecated since ???]


Description

This command is no longer used on any supported versions of ZCS. See zmproxyconfig .
Jump to: navigation, search