ZCS Administrator's Guide Network Edition 6.0.8
Table of Contents Previous Next Index


Working with Zimbra Proxy : Configuring ZCS HTTP Proxy

Configuring ZCS HTTP Proxy
In addition to IMAP/POP3 proxying, the Zimbra proxy package based on nginx is also able to reverse proxy HTTP requests to the right backend server.
Using an nginx-based reverse proxy for HTTP helps to hide names of backend mailbox servers from end users.
For example, users can always use their web browser to visit the proxy server at http://mail.example.com. The connection from users whose mailboxes live on mbs1. example.com is proxied to mbs1.example.com by the proxy running on the mail.example.com server. In addition to the ZCS web interface, clients such as REST and CalDAV clients, Zimbra Connector for Outlook, and Zimbra Mobile Sync devices are also supported by the proxy.
HTTP reverse proxy routes requests as follows:
If the request has an auth token cookie (ZM_AUTH_TOKEN), the request is routed to the backend mailbox server of the authenticated user.
If the requesting URL can be examined to determine the user name, then the request is routed to the backend mailbox server of the user in the URL. REST, Ca lDAV, and Zimbra Mobile Sync are supported through this mechanism.
If the above methods do not work, the IP hash method is used to load balance the requests across the backend mailbox servers which are able to handle the request or do any necessary internal proxying.
Setting up HTTP Proxy after IMAP/POP Proxy is set up
Zimbra Proxy is installed with ZCS and is set up during Installation from the ZCS configuration menus. Zimbra proxy must be installed on the identified proxy nodes in order to set up HTTP proxy. No other configuration is usually required.
To set up http (s) proxy after you have already installed zimbra proxy for IMAP/POP, set up the Zimbra mailbox server and the proxy node as described in the following two sections.
Note: You can run the command as zmproxyconfig -r, to run against a remote host. Note that this requires the server to be properly configured in the LDAP master.
Setting Up HTTP Proxy With Separate Proxy Node
When your configuration includes a separate proxy server follow these steps.
 
Setup Zimbra Mailbox Servers
1.
/opt/zimbra/libexec/zmproxyconfig -e -w -H mailbox.node.service.hostname
This configures the following:
zimbraMailReferMode to reverse-proxied. See Note below.
zimbraMailPort to 8080, to avoid port conflicts.
zimbraMailSSLPort to 8443, to avoid port conflicts.
zimbraMailMode to http. This is the only supported mode.
2.
a.
b.
3.
Configure each domain with the public service host name to be used for REST URLs, commonly used in sharing Document Notebooks, email and Briefcase folders. Run
zmprov modifyDomain <domain.com> zimbraPublicServiceHostname <hostname.domain.com>
Setup Proxy Node
1.
/opt/zimbra/libexec/zmproxyconfig -e -w -H proxy.node.service.hostname
This configures the following:
zimbraMailReferMode to reverse-proxied. See Note below.
zimbraMailProxyPort to 80, to avoid port conflicts.
zimbraMailSSLProxyPort to 443, to avoid port conflicts.
zimbraReverseProxyHttpEnabled to TRUE to indicate that Web proxy is enabled.
zimbraReverseProxyMailMode defaults to both.
If you want to set the proxy server mail mode, add to the command the -x option with the mode you desire: http, https, both, redirect, mixed.
Setting Up a Single Node for HTTP Proxy
When Zimbra proxy is installed along with ZCS on the same server, follow this step.
1.
/opt/zimbra/libexec/zmproxyconfig -e -w -H mailbox.node.service.hostname
This configures the following:
zimbraMailReferMode to reverse-proxied. See Note below.
zimbraMailPort to 8080, to avoid port conflicts.
zimbraMailSSLPort to 8443, to avoid port conflicts.
zimbraMailMode to http. This is the only supported mode.
zimbraMailReferMode to reverse-proxied. See Note below.
zimbraMailProxyPort to 80, to avoid port conflicts.
zimbraMailSSLProxyPort to 443, to avoid port conflicts.
zimbraReverseProxyHttpEnabled to TRUE to indicate that Web proxy is enabled.
zimbraReverseProxyMailMode defaults to both.
If you want to set the proxy server mail mode, add to the command the -x option with the mode you desire: http, https, both, redirect, mixed.
2.
a.
b.
3.
Configure each domain with the public service host name to be used for REST URLs, commonly used in sharing Document Notebooks, email and Briefcase folders. Run
zmprov modifyDomain <domain.com> zimbraPublicServiceHostname <hostname.domain.com>
REST URL Generation
When HTTP proxy is enabled, the following attributes can be set globally or by domain for REST URL
When generating REST URL’s:
If domain.zimbraPublicServiceHostname is set, use zimbraPublicServiceProtocol + zimbraPublicServiceHostname + zimbraPublicServicePort
Otherwise it falls back to the server (account's home server) attributes:
- protocol is computed from server.zimbraMailMode
- hostname is server.zimbraServiceHostname
- port is computed from the protocol.
 
Note: Why use zimbraMailReferMode - In earlier versions of Zimbra, a local config variable called zimbra_auth_always_send_refer was used to determine what the backend server did when a user whose mailbox did not reside on that server logged in on that server. the default value of FALSE meant that the backend server would only redirect the user if the user was logging in on the wrong backend host.
On a multi-server ZCS, however, if a load balanced name was needed to create a friendly landing page, a user would always have to be redirected. In that case, zimbra_auth_always_send_refer was set to TRUE.
Now with a full-fledged reverse proxy, users do not need to be redirected. The localconfig variable zimbraMailReferMode is used with nginx reverse proxy.

Working with Zimbra Proxy : Configuring ZCS HTTP Proxy

Table of Contents Previous Next Index
ZCS Administrator's Guide Network Edition 6.0.8
Copyright © 2010 Zimbra Inc.