DeutschEnglish

Submenu

 - - - By CrazyStat - - -

5. June 2015

Zimbra: Redirect http to https

Filed under: Linux,Security,Server Administration — Tags: , , , , — Christopher Kramer @ 11:15

Zimbra without Proxy (pre 8.5)

That’s the easy way how you can enforce https encrpytion by redirecting http to https:

su – zimbra
zmtlsctl redirect
zmcontrol stop
zmcontrol start

Works at least on Zimbra 8.0 and I think should also work on 7

Zimbra with Proxy (required from 8.5+)

With Zimbra 8.5+, a Proxy is required. This makes the configuration a little different. To configure the proxy to redirect http to https, run:

su zimbra
~/libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both  -H `zmhostname`
# if your proxy is local:
zmprov ms `zmhostname` zimbraReverseProxyMailMode redirect
# if your proxy is proxy.server.name
zmprov ms proxy.server.name zimbraReverseProxyMailMode redirect
zmcontrol restart

With the latest Zimbra versions, the restart is not even necessary, it automatically detects the change within 2 minutes.

Hope this helps somebody!

Recommendation

Try my Open Source PHP visitor analytics script CrazyStat.

8 Comments »

  1. […] Read here how to redirect http to https to enforce the use of https. […]

    Pingback by Zimbra: Setting up a free (real) "commercial" SSL certificate - Christosoft Blog — 5. June 2015 @ 11:23

  2. Unfortunately it doesn’n works for me. when I manually add https: my zimbra is connecting normally. without https: it is not connecting at all

    Comment by Sebastian — 3. February 2016 @ 09:22

  3. After couple tries i found out.
    I have to add port :8080 after http request.
    I have used ‘redirect’ mode and it’s redirecting for now to 8443 port.

    Comment by Sebastian — 3. February 2016 @ 09:39

  4. I alredy redirect but permision[zimbra@mail root]$ ./libexec/zmproxyconfig -e -w -0 -a 8080:8443:443 -x both -H mail.moptc.gov.tl
    bash: ./libexec/zmproxyconfig: Permission denied how con I do so have any option.

    thanks.
    nicho

    Comment by nicho — 13. January 2017 @ 08:16

  5. @nicho: I guess you are in the wrong directory, probably in /root. You need to be in “zimbra”‘s home directory, which normally is /opt/zimbra.
    To be sure, just use ~ instead of . like this:
    ~/libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both -H `zmhostname`

    I will adjust the post above so it always works.

    Comment by Christopher Kramer — 13. January 2017 @ 09:55

  6. But when I go to the menu and try to change my user’s password in web client a pop-up window with not secure connection opens: http://myserver-ip:8080/some_line

    Comment by nikonaum — 17. April 2017 @ 13:48

  7. if found this error


    proxy mail mode both is invalid when SSL to upstream is enabled

    use this before all

    zmprov ms `zmhostname` zimbraReverseProxySSLToUpstreamEnabled FALSE

    Comment by Jason — 15. May 2017 @ 16:03

  8. On last comment – there is another way
    slightly modified first command
    ~/libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both -H `zmhostname`

    Comment by Pete — 9. December 2017 @ 12:54

RSS feed for comments on this post. TrackBack URL

Leave a comment

%d bloggers like this: