ZCS Multi Server Installation Guide Network Edition 6.0 Rev 11/2010

Installing zimbra-proxy

Installing the zimbra-proxy package is optional, but recommended for scalable multi-server deployment. Zimbra proxy is normally installed on the MTA server or can be configured on a separate server. Zimbra proxy can be installed on more than one server. At least one instance of zimbra-memcached must be installed to cache the data for NGINX.

Important: If you are moving from a non-proxy environment (for example, single server to multi-server environment), additional steps are necessary for the mailbox server and proxy configuration. After you complete the proxy installation, reconfigure the mailbox server as described in the ZCS Administration Guide, Zimbra Proxy chapter.

Note: Memcached is shipped as the caching layer to cache LDAP lookups. Memcache does not have authentication and security features so the servers should have a firewall set up appropriately. The default port is 11211 and is controlled by zimbraMemcacheBindPort conf setting in zimbraserver.

If you are installing zimbra-proxy on the MTA server, select the zimbra-proxy package and the zimbra-memcached package. Follow the installation process for Installing Zimbra MTA on a Server. After Step 8, configure the Zimbra-proxy.

1.	On the MTA server to install the zimbra-proxy package, type Y and press Enter to install the selected package.

2.	The Main menu displays the default entries for the Zimbra component you are installing. Select Proxy Configuration menu. You can modify any of the values.

•	The default is POP/IMAP proxy enabled and HTTP Proxy disabled.

•

The Bind password for Nginx ldap user is configured when the LDAP server was installed. This is set when the MTA connected to the LDAP server. This is not used unless the Kerberos5 authenticating mechanism is enabled. Note: Setting the password even though GSSAPI auth/proxy is not set up does not cause any issues.

 

Proxy configuration   1) Status: Enabled    2) Enable POP/IMAP proxy:                   TRUE    3) IMAP proxy port: 143 4) IMAP SSL proxy port: 993 5) POP proxy port: 110 6) POP SSL proxy port: 995    7) Bind password for Nginx ldap user       (Only required for GSSAPI auth):         set    8) Enable HTTP[S] Proxy:                    FALSE

Return to the MTA section, step 8 on page to continue the MTA server installation.

Installing Zimbra-Proxy on a separate server

The LDAP host name and the Zimbra LDAP password must be known to the proxy server. If not, the proxy server cannot contact the LDAP server and the installation fails.

1.	Follow steps 1 through 4 in Starting the Installation Process to open a SSH session to the server, log on to the server as root, and unpack the Zimbra software.

2.	Type Y and press Enter to install the zimbra-proxy package. The other packages should be marked N. In the following screen shot example, the package to be installed is emphasized.

Note: If SNMP is used, the zimbra-snmp package must also be installed.

 

Select the packages to install   Install zimbra-ldap [Y] N Install zimbra-logger [Y] N Install zimbra-mta [Y] N Install zimbra-snmp [Y] N Install zimbra-store [Y] N Install zimbra-apache [Y] N Install zimbra-spell [Y] N Install zimbra-archiving [N] N Install zimbra-convertd [N] N Install zimbra-memcached [N] Y Install zimbra-proxy [N] Y   Installing:     zimbra-memcached zimbra-proxy   This system will be modified. Continue [N} Y Configuration section

3.	Type Y, and press Enter to install the selected package.

4.	The Main menu displays. Type 1 and press Enter to go to the Common Configuration menu.

The mailbox server hostname is displayed. You must change the LDAP master host name and password to be the values configured on the LDAP server.

•	Type 2, press Enter, and type the LDAP host name. (ldap-1.example.com, in this example.)

•	Type 4, press Enter, and type the LDAP password.

After you set these values, the server immediately contacts the LDAP server. If it cannot contact the server, you cannot proceed.

•	Type 6 to set the correct time zone, if your time zone is not Pacific Time.

5.	Select Proxy Configuration menu. You can modify any of the values.

•	The default is POP/IMAP proxy enabled and HTTP Proxy disabled.

•

The Bind password for Nginx ldap user is configured when the LDAP server was installed. This is set when the MTA connected to the LDAP server. This is not used unless the Kerberos5 authenticating mechanism is enabled. Note: Setting the password even though GSSAPI auth/proxy is not set up does not cause any issues.

 

Proxy configuration   1) Status: Enabled    2) Enable POP/IMAP proxy:                   TRUE    3) IMAP proxy port: 143 4) IMAP SSL proxy port: 993 5) POP proxy port: 110 6) POP SSL proxy port: 995    7) Bind password for Nginx ldap user       (Only required for GSSAPI auth):         set    8) Enable HTTP[S] Proxy:                    FALSE

6.	Type r to return to the Main menu.

7.	When the proxy server is configured, return to the Main menu and type a to apply the configuration changes. Press Enter to save the configuration data.

8.	When Save Configuration data to a file appears, press Enter.

9.	The next request asks where to save the files. To accept the default, press Enter. To save the files to another directory, enter the directory and then press Enter.

10.	When The system will be modified - continue? appears, type y and press Enter.

11.	When Installation complete - press return to exit displays, press Enter.

The installation of the proxy server is complete.

ZCS Multi Server Installation Guide Network Edition 6.0 Rev 11/2010