-
Notifications
You must be signed in to change notification settings - Fork 78
Zimbra proxy configuration for Certbot Zimbra
This is the suggested/required configuration of Zimbra proxy in order to make certbot-zibra script work. Recent default installation setup is usually working out of the box, but these istructions may be useful if you come from an upgrade or have manually configured the proxy.
In short, Zimbra's nginx must be listening on port 80. Other port configurations might work, but you have to deal with this advanced configuration yourself.
After doing all the changes do a zmcontrol restart
to make sure everything is in sync.
/opt/zimbra/libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x https -H `zmhostname`
/opt/zimbra/libexec/zmproxyconfig -e -m -o -i 7143:143:7993:993 -p 7110:110:7995:995 -H `zmhostname`
/opt/zimbra/libexec/zmproxyconfig -e -m -H `zmhostname`
zmprov ms `zmhostname` zimbraMailReferMode reverse-proxied
zmprov ms `zmhostname` +zimbraServiceEnabled memcached
You usually want all your webmail traffic to go via https by default. Remember http must be enabled for Letsencrypt verification to work.
zmprov ms `zmhostname` zimbraReverseProxyMailMode redirect
Not strictly required for the script, but often convenient
zmprov md <YOUR MAIN DOMAIN> zimbraPublicServicePort 443
zmprov md <YOUR MAIN DOMAIN> zimbraPublicServiceProtocol https
zmprov mcf zimbraPublicServiceHostname `zmhostname`
zmmailboxdctl restart
This list was originally posted by @lovelord83 on issue 90