Zimbra Forums

Hi Admins,

I was wondering if you could advise me how to install and maintain two separate mail servers (to have the config like this: one domain per server) under one public ip address. I mean (desired config), to have two zimbra servers behind nat to hosting 2 independent domains.

Does it something that the reverse proxy like nginx support, any ideas? If not, is it possible to achieve this by implementing any other service (relay agent)?

Thank you in advance.

hey admins,

unfortunately, no one so far has decided to answer my question, perhaps after providing more details some of you is going to help me to figure out how this be accomplished.
Starting from the beginning, what i would like to achieve is to get two separate / independent zimbra mail servers (with its own mail, ldap, mta) serving two separate domains respectively:

server1
IP: 192.168.0.10
hosname: mail.domain.net
zimbra domain: domain.net

server1
IP: 192.168.0.11
hosname: mail.domain.com
zimbra domain: domain.com

i am going to hide them behind nat and make them available under one IP / domain name:

proxy server:
ip: internet adress
hostname: mail.proxy.net

now, depending upon which domain i am connecting to (authorization) i want to be redirected to the proper server - the same should be done for incoming emails.

Is it possible to achieve this using the biuld-in nginx or any other proxy server / servive?
I have also reviewed nginx documentation (especially about ngx_mail_core_module) but still i do have nothing.

I was able to make just one case with two mailbox servers (to manage users separately) under one server hosting ldap and proxy services respectively (like here: https://wiki.zimbra.com/wiki/Enabling_Z ... _memcached). Unfortunately the configuration is somehow dependent on mailbox server 1 because each time when i stopped the first mailbox server it was impacting the proxy making the second server unavailable (access through the proxy server). I thought that having two mailbox servers defined as upstream collection will be redirecting requests to a working server. The weird thing is when the mailbox server 1 is up and mailbox 2 is down everything works fine for accounts that i created on the mailbox server 1. Can you help me understand how does it should work and what did i make wrong?

Zimbra includes nginx proxy and supports virtual hosts, multiple domains and multiple servers out of the box.

So yes, what you want to accomplish is no problem, but not exactly the way you describe (because you will leverage the proxy to use the one IP address for multiple domains and virtual hosts).

The Zimbra Proxy relies on a random mailbox server to paint the login page, so if a mailbox server is down (and you have four mailbox servers), 25% of the time a new user going to log in will get a proxy error. Once the user enters his/her credentials on the login page, the proxy redirects traffic to the user's proper mailbox server.

Hope that helps,
Mark

L. Mark Stone wrote:Zimbra includes nginx proxy and supports virtual hosts, multiple domains and multiple servers out of the box.

So yes, what you want to accomplish is no problem, but not exactly the way you describe (because you will leverage the proxy to use the one IP address for multiple domains and virtual hosts).

The Zimbra Proxy relies on a random mailbox server to paint the login page, so if a mailbox server is down (and you have four mailbox servers), 25% of the time a new user going to log in will get a proxy error. Once the user enters his/her credentials on the login page, the proxy redirects traffic to the user's proper mailbox server.

There is a way to fix this issue, at least for the login page: Set zimbraReverseProxyUpstreamServers on each server to the name of the server itself:
Now the login page will be rendered only by the server where the nginx reverse proxy is running on. There is another attribute I can't remmeber right now to make it use the memcached on the listed servers only which should be set as well (and memcached installed on all nodes).

There is one case where you still might run into issues though: This only affects the login page but not-yet-authenticated requests against eq. the /service/ endpoint will still use the old round-robin approach. I've got some half-finished patches for nginx to make it use the zimbraReverseProxyUpstreamServers, maybe the behaviour will change in the future if I find time to finish them.