Hi guys,
Just returning if someone has to do the same
objective:
Block external access to webmail zimbra keeping the activesync zxmobile.
For this you need to install nginx proxy on zimbra or another server like antispam
Configure the firewall to forward port 443 requests sent to port 4443 for Zimbra or antispam (NAT)
The key configuration file:
/etc/nginx/sites-enabled/default
Change/add lines bellow
Code:
######################################
server {
listen 4443;
server_name mail.ZIMBRA.com.br;
ssl on;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
ssl_session_timeout 5m;
access_log /var/log/nginx/nginx.access.log;
error_log /var/log/nginx/nginx_error.log debug;
#location /Microsoft-Server-ActiveSync
location ^~ /Microsoft-Server-ActiveSync
{
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
# proxy_buffers 324k;
proxy_pass http://ZIMBRA-IP/Microsoft-Server-ActiveSync;
}
}
########################################
that's it
Bookmarks