ZimbraApache - Zimbra :: Wiki

http://wiki.zimbra.com/index.php?title=ZimbraApache

Zimbra
the leader in open source email and collaboration

Search
User Help | Forums | Blog | Contact Us | Buy Zimbra Learn Products Community Support Partners Downloads About

ZimbraApache
From Zimbra :: Wiki

Contents
1 Running apache and zimbra webmail on the same host 1.1 Apache over http (port 80) and Zimbra over https (port 443) 1.2 Sharing http (port 80) and/or https (port 443) between Zimbra and Apache 1.3 Sharing both HTTP and HTTPS between both Zimbra and Apache using Dierent Domain Names 1.3.1 Change the ports that the Zimbra webmail client listens on 1.3.2 Set up your redirects in Apache 1.3.2.1 Set up the http redirects 1.3.2.2 Set up your https redirects 1.3.3 Restart Apache 1.4 Sharing both HTTP and HTTPS between both Zimbra and Apache using Dierent IP Addresses 1.4.1 Change the ports that the Zimbra webmail client listens on 1.4.2 Set up your redirects in Apache 1.4.2.1 Make sure Apache is listening on all IP addresses 1.4.2.2 Set up the http redirects 1.4.2.3 Set up your https redirects 1.4.3 Restart Apache 2 Other Links

Running apache and zimbra webmail on the same host

- This article is a community contribution and may include unsupported customizations for network edition customers.

Apache over http (port 80) and Zimbra over https (port 443)
If you don't need to have non-SSL (http/port 80) access to zimbra webmail and you don't need to have SSL (https/port 443) access to apache, congure zimbra to only listen on https port 443.
su - zimbra zmtlsctl https tomcat restart

1 de 7

08/05/12 12:21

ZimbraApache - Zimbra :: Wiki

http://wiki.zimbra.com/index.php?title=ZimbraApache

That's it! Now apache will serve websites (presumably over port 80), and zimbra will serve webmail over port 443.

Sharing http (port 80) and/or https (port 443) between Zimbra and Apache
If you do need to have access to both zimbra and apache over the same port, use this guide. Q: How to run Apache + Zimbra on the same host without having to use a weird port to access any of them ? A: Use mod_proxy ;) This wiki page is based on this zimbra forums thread: http://www.zimbra.com/forums/showthread.php?t=2476 (I am using a Debian Sarge). You must have several hostnames for your server (for example zimbra.domain.com and www.domain.com). First of all, change zimbraMailPort, and recreate zimbraMtaAuthHost and restart zimbra so our apache can listen on 80, do it like this :
zmprov ms zimbra.mydom.com zimbraMailPort 81 zmprov ms zimbra.mydom.com zimbraMtaAuthHost zimbra.mydom.com /etc/init.d/zimbra restart

Then, install your prefered apache version (1.3 / 2) and add the proxy module : for apache 1.3 :
echo "LoadModule proxy_module /usr/lib/apache/1.3/libproxy.so" >> /etc/apache/modules.conf apachectl restart

for apache 2 :
ln -s /etc/apache2/mods-available/proxy.load /etc/apache2/mods-enabled/proxy.load ln -s /etc/apache2/mods-available/proxy.conf /etc/apache2/mods-enabled/proxy.conf /etc/init.d/apache2 restart

Now we can add our virtualhosts. for apache 1.3, go into /etc/apache/conf.d/ and create/edit vhosts.conf : [for apache 2 go into /etc/apache2/conf.d/]
NameVirtualHost *:80 <VirtualHost *:80> ServerAdmin dz@mydom.com DocumentRoot /var/www/myweb ServerName www.mydom.com ErrorLog /var/log/apache/www-error.log CustomLog /var/log/apache/www-access.log common </VirtualHost> <VirtualHost *:80> ServerName zimbra.mydom.com ServerAdmin dz@mydom.com ProxyPass / http://zimbra.mydom.com:81/ ProxyPassReverse / http://zimbra.mydom.com:81/ ErrorLog /var/log/apache/zimbra-error.log CustomLog /var/log/apache/zimbra-access.log common </VirtualHost>

To do mod_proxy on the admin side do something along the following lines in httpd.conf
<VirtualHost *:80> ServerName zimbras.domain.tld ServerAdmin admin@domain.tld SSLProxyEngine On ProxyPass / https://zimbra.domain.tld:7071/

(the hostname of the real zimbra server)

2 de 7

08/05/12 12:21

ZimbraApache - Zimbra :: Wiki

http://wiki.zimbra.com/index.php?title=ZimbraApache

ProxyPassReverse / https://zimbra.domain.tld:7071/ (the hostname of the real zimbra server) ErrorLog /var/log/zimbras.domain-error.log CustomLog /var/log/zimbras.domain-access.log combined CustomLog /var/log/all-access.log combined (something i have on all my hosts) </VirtualHost>

Almost done. Restart everything. Test your new hosts. Enjoy Zimbra ;)

Sharing both HTTP and HTTPS between both Zimbra and Apache using Dierent Domain Names
I found that the above wouldn't work when I tried to preserve http and https access for both Zimbra and Apache. Here is what I did to x it. Instead of using ProxyPass, I used Redirect, as follows.

Change the ports that the Zimbra webmail client listens on

zmprov ms zmprov ms zmprov ms zmcontrol zmcontrol mail.yourdomain.com zimbraMailPort 60081 mail.yourdomain.com zimbraMailSSLPort 60443 mail.yourdomain.com zimbraMtaAuthHost mail.yourdomain.com stop start

Set up your redirects in Apache

Set up the http redirects Under Apache2 on CentOS, I just create a le called /etc/httpd/conf.d/vhosts.conf with the following content:
NameVirtualHost *:80 <VirtualHost *:80> ServerAdmin admin@yourdomain.com DocumentRoot /var/www/html ServerName www.yourdomain.com ErrorLog /var/log/httpd-error.log CustomLog /var/log/httpd-access.log common </VirtualHost> <VirtualHost *:80> ServerName mail.yourdomain.com ServerAdmin admin@yourdomain.com Redirect / https://mail.yourdomain.com:60443/ ErrorLog /var/log/zimbra-error.log CustomLog /var/log/zimbra-access.log common </VirtualHost>

Set up your https redirects Under Apache2 on CentOS, I just edit the le called /etc/httpd/conf.d/ssl.conf. Look for the line that says:
<VirtualHost _default_:443>

Comment it out, and add the following just below it:

NameVirtualHost *:443 <VirtualHost *:443>

Below that, look for the commented-out line that starts with ServerName, uncomment it, and add your server name that you want to use for Apache:
ServerName www.yourdomain.com

Next, go to the bottom of the le and setup your Zimbra virtual host
<VirtualHost *:443> ServerName mail.yourdomain.com ServerAdmin admin@yourdomain.com

3 de 7

08/05/12 12:21

ZimbraApache - Zimbra :: Wiki

ErrorLog /var/log/zimbra-ssl-error.log CustomLog /var/log/zimbra-ssl-access.log common SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/pki/tls/certs/zimbra.crt SSLCertificateKeyFile /etc/pki/tls/private/zimbra.key SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt Redirect / https://mail.yourdomain.com:60443/ </VirtualHost>

http://wiki.zimbra.com/index.php?title=ZimbraApache

Why do we bother specifying the SSL certicate if we are only going to redirect from Apache to Zimbra? Because if you don't, your user will get an "invalid certicate" error from their browser before the redirect happens.

Restart Apache
/etc/init.d/httpd restart

Sharing both HTTP and HTTPS between both Zimbra and Apache using Dierent IP Addresses
Instead of using dierent domain names, as in the above example, I nd that it is much easier and cleaner to simply use dierent IP addresses. On my box, I only have one network interface card, but I have six public IP addresses that all point to it. Therefore, in my DNS I simply assign the www.yourdomain.com subdomain to XXX.XXX.XXX.100 and the mail.yourdomain.com subdomain to XXX.XXX.XXX.101. This gives you the added exibility of adding many dierent sub domain aliases in your DNS and simply pointing them all to the same IP address. For example, you could add aliases like webmail.yourdomain.com and zimbra.yourdomain.com to the DNS, and you wouldn't have to change any of the conguration les below for it to work properly.

Change the ports that the Zimbra webmail client listens on

zmprov ms zmprov ms zmprov ms zmcontrol zmcontrol mail.yourdomain.com zimbraMailPort 60081 mail.yourdomain.com zimbraMailSSLPort 60443 mail.yourdomain.com zimbraMtaAuthHost mail.yourdomain.com stop start

Set up your redirects in Apache

Make sure Apache is listening on all IP addresses Check your Apache conguration to make sure that it is listening on all IP addresses. For most installations, this will be the default, so if you haven't changed it yourself it should be working. Just to be sure, open your httpd.conf le (in CentOS it is /etc/httpd/conf/httpd.conf) and look for a line that starts with "Listen". It should just say:
Listen 80

Or, it might say:

Listen *:80

If it has a specic IP address in it, such as:

Listen XXX.XXX.XXX.XXX:80

You will either need to delete the IP address reference or simply add multiple Listen lines for each of your IP addresses. Set up the http redirects Under Apache2 on CentOS, I just create a le called /etc/httpd/conf.d/vhosts.conf with the following content:
NameVirtualHost XXX.XXX.XXX.100:80 NameVirtualHost XXX.XXX.XXX.101:80

4 de 7

08/05/12 12:21

ZimbraApache - Zimbra :: Wiki

<VirtualHost XXX.XXX.XXX.100:80> ServerAdmin admin@yourdomain.com DocumentRoot /var/www/html ErrorLog /var/log/httpd-error.log CustomLog /var/log/httpd-access.log common </VirtualHost> <VirtualHost XXX.XXX.XXX.101:80> ServerAdmin admin@yourdomain.com Redirect / https://mail.yourdomain.com:60443/ ErrorLog /var/log/zimbra-error.log CustomLog /var/log/zimbra-access.log common </VirtualHost>

http://wiki.zimbra.com/index.php?title=ZimbraApache

Set up your https redirects Under Apache2 on CentOS, I just edit the le called /etc/httpd/conf.d/ssl.conf. Look for the line that says:
<VirtualHost _default_:443>

Comment it out, and add the following just below it:

NameVirtualHost XXX.XXX.XXX.100:443 NameVirtualHost XXX.XXX.XXX.101:443 <VirtualHost XXX.XXX.XXX.100:443>

Next, go to the bottom of the le and setup your Zimbra virtual host
<VirtualHost XXX.XXX.XXX.101:443> ServerName mail.yourdomain.com ServerAdmin admin@yourdomain.com ErrorLog /var/log/zimbra-ssl-error.log CustomLog /var/log/zimbra-ssl-access.log common SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/pki/tls/certs/zimbra.crt SSLCertificateKeyFile /etc/pki/tls/private/zimbra.key SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt Redirect / https://mail.yourdomain.com:60443/ </VirtualHost>

Why do we bother specifying the SSL certicate if we are only going to redirect from Apache to Zimbra? Because if you don't, your user will get an "invalid certicate" error from their browser before the redirect happens.

Restart Apache
/etc/init.d/httpd restart

Other Links
Provide_HTTP(s)_Integration_with_Apache Zimbra_with_Apache_using_mod_jk_-_mod_proxy_-_mod_proxy_ajp Using_Tomcat_with_Apache_(mod_jk)

Veried Against: Unknown Article ID: http://wiki.zimbra.com/index.php?title=ZimbraApache Retrieved from "http://wiki.zimbra.com/wiki/ZimbraApache" Category: Customizing ZCS Zimbra.com | Popular Searches | About Zimbra

Date Created: 5/5/2006 Date Modied: 5/7/2009

5 de 7

08/05/12 12:21

ZimbraApache - Zimbra :: Wiki

http://wiki.zimbra.com/index.php?title=ZimbraApache

Learn
What is Zimbra? Benets Demos and Videos Industry Solutions Customers Case Studies Awards

Products
Zimbra Collaboration Server Zimbra Cloud and Virtualization Zimbra Open Source Zimbra Desktop Compare Products Pricing Whats New Downloads

Community
Forums Documentation Wiki Blog Gallery Submit Bug Release Status Developer Zone Contribute

Support
Zimbra Support Program Overview User Help Zimbra Customer Support Portal

6 de 7

08/05/12 12:21

ZimbraApache - Zimbra :: Wiki

http://wiki.zimbra.com/index.php?title=ZimbraApache

Partners
Zimbra Hosting Providers Zimbra VARs Zimbra Training Providers Resources For Partners

About
Careers News Events Webinars Media Contact Us Twitter LinkedIn Facebook

Email Software Email Hosting Zimbra Mail Server Email Archiving and Compliance Software

Calendar and Collaboration Microsoft Outlook Alternative Zimbra for BlackBerry & iPhone Secure Email & Anti Spam Unied Messaging

Zimbra is open source server software for email and collaboration - email, group calendar, contacts, instant messaging, le storage and web document management. The Zimbra email and calendar server is available for Linux, Mac OS X and virtualization platforms. Zimbra syncs to smartphones (iPhone, BlackBerry) and desktop clients like Outlook and Thunderbird. Zimbra also features archiving and discovery for compliance. Zimbra can be deployed on-premises or as a hosted email solution. Zimbra Desktop is a free email and calendar client which runs on any Windows, Apple or Linux desktop computer. It works online and oine and works with any POP or IMAP email account as well as Yahoo! Mail.

7 de 7

08/05/12 12:21