Need to be able to access Zimbra Web Client only at specific domain name

Ask questions about your setup or get help installing ZCS server (ZD section below).
Post Reply
essedum
Posts: 1
Joined: Mon Mar 09, 2020 10:55 pm

Need to be able to access Zimbra Web Client only at specific domain name

Post by essedum »

Good people,

I would like to have a Zimbra Web Client sitting behind Cloudflare. It is easier to control guys trying to hack the login (for example by rate limiting)
The issue is that in this case ip is hidden and Cloudflare cannot forward ports like 25, so I cannot receive mails.
So I thought of the following setup:

zimbra is running on mail.example.com running at 10.20.30.40 (ip as an example)

I have configured a DNS with:

A record mail.example.com pointing to 10.20.30.40 (proxied by Cloudflare with an extra layer of web security for Web Client)
A record mx.example.com pointing to 10.20.30.40 (pure DNS, so I can receive emails, as we cannot put IP directly in MX records)
MX record pointing to mx.example.com

The issue is that if I type mx.example.com - it still loads the Web Client. It looks like nginx does not care with which url I'm trying to access the server if it points to it's ip.
I would like the setup, that only mail.example.com loads the login page of Web Client and anything else would just give ERR_CONNECTION_REFUSED like it does in case if I just type ip address in the address bar.
I've spent a day searching but did not find a solution.

I hope I managed to explain.
Thank you very much in advance!
Top
User avatar
fs.schmidt
Outstanding Member
Outstanding Member
Posts: 278
Joined: Sat Sep 13, 2014 3:37 am
Location: Brazil
Contact:
Contact fs.schmidt

Re: Need to be able to access Zimbra Web Client only at specific domain name

Post by fs.schmidt »

Hello,

You can check if zimbraReverseProxyStrictServerNameEnabled does the trick for you.

Code: Select all

zimbraReverseProxyStrictServerNameEnabled
    Configure the default server block in
    'nginx.conf.web.https?.default.template' to return a default HTTP
    response for all unconfigured host names. See also related attributes
    'zimbraVirtualHostname' and 'zimbraVirtualIPAddress'.

               type : boolean
              value :
           callback :
          immutable : false
        cardinality : single
         requiredIn :
         optionalIn : server,globalConfig
              flags : serverInherited
           defaults : TRUE
                min :
                max :
                 id : 3020
    requiresRestart : nginxproxy
              since : 8.8.6
    deprecatedSince :

Best regards.
Top
Post Reply

Return to “Installation and Upgrade”