Zimbra without Proxy (pre 8.5)
That’s the easy way how you can enforce https encrpytion by redirecting http to https:
su – zimbra zmtlsctl redirect zmcontrol stop zmcontrol start
Works at least on Zimbra 8.0 and I think should also work on 7
Zimbra with Proxy (required from 8.5+)
With Zimbra 8.5+, a Proxy is required. This makes the configuration a little different. To configure the proxy to redirect http to https, run:
su zimbra ~/libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both -H `zmhostname` # if your proxy is local: zmprov ms `zmhostname` zimbraReverseProxyMailMode redirect # if your proxy is proxy.server.name zmprov ms proxy.server.name zimbraReverseProxyMailMode redirect zmcontrol restart
With the latest Zimbra versions, the restart is not even necessary, it automatically detects the change within 2 minutes.
Hope this helps somebody!
[…] Read here how to redirect http to https to enforce the use of https. […]
Pingback by Zimbra: Setting up a free (real) "commercial" SSL certificate - Christosoft Blog — 5. June 2015 @ 11:23
Unfortunately it doesn’n works for me. when I manually add https: my zimbra is connecting normally. without https: it is not connecting at all
Comment by Sebastian — 3. February 2016 @ 09:22
After couple tries i found out.
I have to add port :8080 after http request.
I have used ‘redirect’ mode and it’s redirecting for now to 8443 port.
Comment by Sebastian — 3. February 2016 @ 09:39
I alredy redirect but permision[zimbra@mail root]$ ./libexec/zmproxyconfig -e -w -0 -a 8080:8443:443 -x both -H mail.moptc.gov.tl
bash: ./libexec/zmproxyconfig: Permission denied how con I do so have any option.
thanks.
nicho
Comment by nicho — 13. January 2017 @ 08:16
@nicho: I guess you are in the wrong directory, probably in /root. You need to be in “zimbra”‘s home directory, which normally is /opt/zimbra.
To be sure, just use ~ instead of . like this:
~/libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both -H `zmhostname`
I will adjust the post above so it always works.
Comment by Christopher Kramer — 13. January 2017 @ 09:55
But when I go to the menu and try to change my user’s password in web client a pop-up window with not secure connection opens: http://myserver-ip:8080/some_line
Comment by nikonaum — 17. April 2017 @ 13:48
if found this error
”
proxy mail mode both is invalid when SSL to upstream is enabled
”
use this before all
zmprov ms `zmhostname` zimbraReverseProxySSLToUpstreamEnabled FALSE
Comment by Jason — 15. May 2017 @ 16:03
On last comment – there is another way
slightly modified first command
~/libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both -H `zmhostname`
Comment by Pete — 9. December 2017 @ 12:54
I am using zimbra 8.8.6 on centOs7.
i am using single server . ( Proxy is local . )
cd /opt/zimbra
su zimbra
zmprov ms `zmhostname` zimbraReverseProxySSLToUpstreamEnabled FALSE
~/libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both -H `zmhostname`
zmprov ms `zmhostname` zimbraReverseProxyMailMode redirect
zmcontrol restart
It works
Comment by Suresh — 26. June 2018 @ 13:02
[…] redirect' is no longer available in latest versions. Hence above steps are required Refer: Zimbra: Redirect http to https SSL certificate renewal configuration via crontab This auto-renewal assumes that chain (Root and […]
Pingback by CentOS 7.x Install lets encrypt automated SSL certificate in Zimbra – 칼라정보기술(주) by "Kim yc” — 6. June 2022 @ 09:39
[…] https://blog.christosoft.de/2015/06/zimbra-redirect-http-to-https/ […]
Pingback by CentOS 7.x Install lets encrypt automated SSL certificate in Zimbra – 칼라정보기술(주) by "YC_Rep” — 9. September 2022 @ 00:58