在单独的服务器上为 Z​​imbra Webmail 配置 Nginx

在单独的服务器上为 Z​​imbra Webmail 配置 Nginx

如何正确配置带有 nginx 的服务器作为具有多个域的 Zimbra 服务器的前端?

我经营着一个小型 SOHO 网络。我在 Comcast 路由器上进行 NAT/端口转发,以便将流量传输到我的几台服务器。

我使用 Zimbra 设置了一个服务器,将其命名为 host1.internal.local。该服务器目前有两个域,分别称为 domain1.com 和 domain2.com。这两个域均在 webmail.domain1.com 和 webmail.domain2.com 上提供网络邮件访问。

我有一个单独的带有 nginx 的服务器。我想将 nginx 配置为反向代理,这样我就可以引导所有 HTTP/HTTPS,并通过匹配的主机地址/标头将 Webmail 流量发送到 Zimbra 服务器。如果可能的话,我还想知道如何映射 IMAP、POP 和 SMTP 流量。

我该如何做呢?

答案1

我使用来自 EPEL repo 的 centos 和 nginx 的 http/https 配置如下:

/etc/nginx/nginx.conf

user              nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log;

pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include           /etc/nginx/mime.types;
    default_type      application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log         /var/log/nginx/access.log  main;
    sendfile           on;
    tcp_nopush         on;
    keepalive_timeout  65;
    gzip  on;

    server {
        listen          80;
        server_name     rproxy.yourdomain.co.uk;
        ## use when niginx listens on a nonstandard port - the port in the rewrite 
        ## rule needs to be the port nginx is actually listening on.
        #rewrite     ^(.*)   https://rproxy.yourdomain.co.uk:80$1 permanent; 
        access_log      /var/www/rproxy.yourdomain.co.uk/log/nginx.access.log;
        error_log       /var/www/rproxy.yourdomain.co.uk/log/nginx_error.log debug;

        location / {
            proxy_pass  http://192.168.xx.x:81;
            proxy_redirect          default;
        }

        error_page  404              /404.html;
        location = /404.html {
            root   /usr/share/nginx/html;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }

    }

    server {
        listen          443;
        server_name     rproxy.yourdomain.co.uk;
        ## use when niginx listens on a nonstandard port - the port in the rewrite 
        ## rule needs to be the port nginx is actually listening on.
        #rewrite     ^(.*)   https://rproxy.yourdomain.co.uk:443$1 permanent;
        ssl                             on;
        ssl_certificate                 /etc/pki/tls/certs/ca.crt;
        ssl_certificate_key             /etc/pki/tls/private/ca.key;
        ssl_session_timeout             5m;
        ssl_protocols                   SSLv2 SSLv3 TLSv1;
        ssl_ciphers                     ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers       on;

        access_log      /var/www/rproxy.yourdomain.co.uk/log/nginx.access.log;
        error_log       /var/www/rproxy.yourdomain.co.uk/log/nginx_error.log debug;

        location / {
            proxy_pass  https://192.168.xx.x:444;  
            proxy_redirect          default;
        }

        error_page  404              /404.html;
        location = /404.html {
            root   /usr/share/nginx/html;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }

    }

    include /etc/nginx/conf.d/*.conf;
}

/etc/nginx/conf.d/proxy.conf

## $proxy_port setting string is needed when
## nginx is listening on a nonstandard port
#proxy_set_header        Host            $host:$proxy_port;
#proxy_set_header        X-Real-IP       $remote_addr:$proxy_port;
#proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for:$proxy_port;
proxy_set_header        Host            $host;
proxy_set_header        X-Real-IP       $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size    10m;
client_body_buffer_size 128k;
client_header_buffer_size 64k;
proxy_connect_timeout   90;
proxy_send_timeout      90;
proxy_read_timeout      90;
proxy_buffer_size   16k;
proxy_buffers       32   16k;
proxy_busy_buffers_size 64k;

以下链接提供了我的 centos 和 nginx 配置的完整详细信息:

http://www.zen212739.zen.co.uk/centos5-5/pub-centos-rproxy-nginx-install.txt

我仅使用一个域名来访问网络邮件,但向这个 nginx 配置添加另一个域名应该不会太难。

使用 nginx 进行 imap 代理设置起来有点困难。我自己还在研究这个问题。

Smtp 流量需要存储和转发邮件服务器。单独的 postfix 设置可能是更好的选择。

我设置了一个基于英特尔原子的 centos xen 服务器,其中有几个虚拟机,其功能基本上与您尝试执行的操作相同。

答案2

server {
        listen 443 ssl;
        server_name subdomain.domain.com;

        location / {
        proxy_set_header Host $host;
        proxy_set_header Referer $http_referer;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Frame-Options SAMEORIGIN;
        proxy_redirect https://$host:7071/ https://$host:7072/ https://$host/;
        proxy_pass https://<ip-domain>/;
        }

    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    ssl_certificate      /etc/ssl/mycert.crt;
    ssl_certificate_key  /etc/ssl/mykey.key;
}

相关内容