Results 1 to 8 of 8

Thread: Access to Administration Console by Zimbra Proxy ?an

  1. #1
    spinnaker is offline Junior Member
    Join Date
    Oct 2010
    Posts
    5
    Rep Power
    4

    Default Access to Administration Console by Zimbra Proxy ?an

    Hi all.
    I have a question about the possibility to get access to admin console via the standard zimbra proxy host.

    We have made an installation with the large schema ad we use two ldap, two mta and one mailboxd server.
    Our lan, for a better security, is setted up to have two separated vlan, one for the mta servers and one for the ldap servers and the mailboxd server.
    I have noted that to get access to Administration Console I have to make a https connection on port 7071 directly to the mailboxd server...so we have to assign a public ip to that host.

    If I have choose to setup the Zimbra proxy host for normal http(s) connenction to webmail interface in order to not expose directly the mailboxd server host to the web...in this way - if I have to get access to admin consol - this schema have to be bypassed and the mailboxd server is exposed on the net anyway.

    Have you some suggestion?
    Is still not possible to get access to admin console via normal zimbra proxy? Maybe we have to setup a different proxy only for admin consol connetion?

  2. #2
    spinnaker is offline Junior Member
    Join Date
    Oct 2010
    Posts
    5
    Rep Power
    4

    Default

    Anyone have had the same problem?

  3. #3
    spinnaker is offline Junior Member
    Join Date
    Oct 2010
    Posts
    5
    Rep Power
    4

    Default

    Ok. I have solved this "problem" by using a workaround solutions.
    Anyway I renew my question and I would like to have an answer by the Zimbra engineers who read (and I suppose to) this forum because I think that the proxy system implemented in Zimbra is not still functional or not ??

  4. #4
    lmthong is offline User Awaiting Moderation
    Join Date
    May 2010
    Posts
    19
    Rep Power
    0

    Default

    I think you can not access to admin page throught any proxy, not only zimbra_http_proxy, just because you can not "proxy" any https or any secure port (admin-page always runs with https). If you can do it, the data from end-user to destination server will be un-guaranteed!!!

    What you see on zimbra_http_proxy, if https, just encrypt the data from client to proxy-server. Acctually, proxy-server and hidden server communicates with http.

  5. #5
    veronica is offline Outstanding Member
    Join Date
    Jun 2008
    Posts
    594
    Rep Power
    7

    Default

    I think your statement "because you can not "proxy" any https or any secure port" is totally wrong. If you couldnot proxy https port it doesnot mean its not possible in zimbra.

  6. #6
    spinnaker is offline Junior Member
    Join Date
    Oct 2010
    Posts
    5
    Rep Power
    4

    Default

    Quote Originally Posted by veronica View Post
    I think your statement "because you can not "proxy" any https or any secure port" is totally wrong. If you couldnot proxy https port it doesnot mean its not possible in zimbra.
    Yes I agree.

  7. #7
    peter@mxtoolbox.com is offline Partner (VAR/HSP)
    Join Date
    Feb 2007
    Location
    Austin, TX
    Posts
    110
    Rep Power
    8

    Default

    I am also looking for a way to access the Admin Console through a proxy server.
    Peter LeBlond
    Product Development Engineer
    http://www.mxtoolbox.com


  8. #8
    peter@mxtoolbox.com is offline Partner (VAR/HSP)
    Join Date
    Feb 2007
    Location
    Austin, TX
    Posts
    110
    Rep Power
    8

    Default

    I was told that Zimbra doesn't support modifying nginx to support this and that it would probably be simpler and easier to setup a manual redirect to a mail store. Here is how I quickly achieved this on my Ubuntu proxy node

    apt-get install lighttpd
    edit your /etc/lighttpd/lighttpd.conf file. Here's a diff between the stock and my modified one. This conf will take ANY request on port 7071 and redirect to https://zimbra.mailstore.com:7071/zimbraAdmin/

    Code:
    18c18
    <            "mod_redirect",
    ---
    > #           "mod_redirect",
    65c65
    <  server.port               = 7071
    ---
    > # server.port               = 81
    111d110
    < url.redirect                = ( "^.*$"                    => "https://zimbra.mailstore.com:7071/zimbraAdmin/" )
    167,168d165
    < ssl.engine = "enable"
    < ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"
    Lastly you will want to install your cert. I have a commercial cert on my proxy so I made a copy like this
    mkdir /etc/conf/lighttpd/certs
    cat /opt/zimbra/ssl/zimbra/commercial/commercial.key >/etc/conf/lighttpd/certs/lighttpd.pem
    cat /opt/zimbra/ssl/zimbra/commercial/commercial.crt >>/etc/conf/lighttpd/certs/lighttpd.pem

    /etc/init.d/lighttpd restart and you should be in business.
    Peter LeBlond
    Product Development Engineer
    http://www.mxtoolbox.com


Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. ZCS7 Beta only Listens on IPv6
    By tobru in forum Installation
    Replies: 2
    Last Post: 03-25-2011, 03:31 AM
  2. Old Backup stay in TO_DELETE status and no clearing..
    By bartounet in forum Administrators
    Replies: 0
    Last Post: 10-05-2010, 07:40 AM
  3. I have problems with en language in zimbra 5.01
    By yuranchik in forum Installation
    Replies: 0
    Last Post: 01-24-2008, 03:23 AM
  4. 4.5 Upgrade failure
    By brained in forum Installation
    Replies: 9
    Last Post: 03-03-2007, 03:30 PM
  5. svn version still won't start
    By kinaole in forum Developers
    Replies: 0
    Last Post: 10-04-2006, 06:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •