Proxy requests from Apache server (mail.domain.com) to zimbra server(wiki question)

[danioj]

Hi All,

I was wandering if someone could answer a question I have regarding the wiki article Provide HTTP(s) Integration with Apache - Zimbra :: Wiki.

• I am currently using Zimbra 5.018 ce installed running on its own server with a private ip address.
  
• I have a web server running on a separate server (apache) which listens for requests on port 80 and 443 for domain.com. Also with a private ip address.
  
• I have ports 80 and 443 open on my firewall, forwarding to the web server.

The reason I followed the above wiki guide was so I could have requests coming in on mail.domain.com (https / 443 only) forwarded by apache on the web server to the zimbra server (all seamless to the user).

The guide seems fairly straight forward but for one bit. In the ssl / https part of the configuration in the wiki guide, I notice that although the request was made originally on 443 (i.e. https) it forwards and receives requests from Zimbra on a non secure line (http).

My question is .... is this really secure? Is all the communication encrypted using ssl?

I am happy for the data to be non secure on the lan side of things, but it is imperative that I have it secure between the client (remote host) and the apache server (i.e.e WAN side of things) ....

Thanks in advance for your time.

Dan

[danioj]

I spoke to a few developer friends of mine who say that given that the ssl 'tunnel' (for want of a better word) is established between the external party and the apache web server, that even though the connection on the LAN side is via normal http that the ssl tunnel is still open and thus any communication back to the external party will be encrypted also ...

Thoughts anyone?