Configure Nginx On Separate Server For Zimbra Webmail

nginx configuration reverse-proxy zimbra

5,703

My http/https configuration using centos and nginx from the EPEL repo is as follows:

/etc/nginx/nginx.conf

user              nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log;

pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include           /etc/nginx/mime.types;
    default_type      application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log         /var/log/nginx/access.log  main;
    sendfile           on;
    tcp_nopush         on;
    keepalive_timeout  65;
    gzip  on;

    server {
        listen          80;
        server_name     rproxy.yourdomain.co.uk;
        ## use when niginx listens on a nonstandard port - the port in the rewrite 
        ## rule needs to be the port nginx is actually listening on.
        #rewrite     ^(.*)   https://rproxy.yourdomain.co.uk:80$1 permanent; 
        access_log      /var/www/rproxy.yourdomain.co.uk/log/nginx.access.log;
        error_log       /var/www/rproxy.yourdomain.co.uk/log/nginx_error.log debug;

        location / {
            proxy_pass  http://192.168.xx.x:81;
            proxy_redirect          default;
        }

        error_page  404              /404.html;
        location = /404.html {
            root   /usr/share/nginx/html;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }

    }

    server {
        listen          443;
        server_name     rproxy.yourdomain.co.uk;
        ## use when niginx listens on a nonstandard port - the port in the rewrite 
        ## rule needs to be the port nginx is actually listening on.
        #rewrite     ^(.*)   https://rproxy.yourdomain.co.uk:443$1 permanent;
        ssl                             on;
        ssl_certificate                 /etc/pki/tls/certs/ca.crt;
        ssl_certificate_key             /etc/pki/tls/private/ca.key;
        ssl_session_timeout             5m;
        ssl_protocols                   SSLv2 SSLv3 TLSv1;
        ssl_ciphers                     ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers       on;

        access_log      /var/www/rproxy.yourdomain.co.uk/log/nginx.access.log;
        error_log       /var/www/rproxy.yourdomain.co.uk/log/nginx_error.log debug;

        location / {
            proxy_pass  https://192.168.xx.x:444;  
            proxy_redirect          default;
        }

        error_page  404              /404.html;
        location = /404.html {
            root   /usr/share/nginx/html;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }

    }

    include /etc/nginx/conf.d/*.conf;
}

/etc/nginx/conf.d/proxy.conf

## $proxy_port setting string is needed when
## nginx is listening on a nonstandard port
#proxy_set_header        Host            $host:$proxy_port;
#proxy_set_header        X-Real-IP       $remote_addr:$proxy_port;
#proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for:$proxy_port;
proxy_set_header        Host            $host;
proxy_set_header        X-Real-IP       $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size    10m;
client_body_buffer_size 128k;
client_header_buffer_size 64k;
proxy_connect_timeout   90;
proxy_send_timeout      90;
proxy_read_timeout      90;
proxy_buffer_size   16k;
proxy_buffers       32   16k;
proxy_busy_buffers_size 64k;

The link below gives the full details of my centos and nginx configuration:

http://www.zen212739.zen.co.uk/centos5-5/pub-centos-rproxy-nginx-install.txt

I only use one domain for webmail access, but adding another domain to this nginx config should not be too difficult.

Using nginx for an imap proxy is a little more difficult so set up. I am still looking into this myself.

Smtp traffic needs a store and forward mail server. A separate postfix setup would probably be a better option.

I set up a intel atom based centos xen server with a few vm's to essentially the same thing that you are attempting to do.

5,703

alphadogg

Alphadogg loves macrame, scrapbooking and tearing flesh off forest creatures while pack hunting.

Updated on September 18, 2022

Comments

alphadogg almost 2 years

How do I properly configure a server with nginx to front for a Zimbra server with multiple domains?

I run a small SOHO network. I NAT/port forwarding on my Comcast router to get traffic to my handful of servers.

I setup a server with Zimbra, call it host1.internal.local. The server currently has two domains, call them domain1.com and domain2.com. Both offer webmail access at webmail.domain1.com and webmail.domain2.com.

I have a separate server with nginx. I want to configure nginx to reverse proxy, such that I can direct all HTTP/HTTPS, and send webmail traffic via matched host address/headers to the Zimbra server. If possible, I'd like to know how to map IMAP, POP and SMTP traffic too.

How would I do this?