Good people,
I would like to have a Zimbra Web Client sitting behind Cloudflare. It is easier to control guys trying to hack the login (for example by rate limiting)
The issue is that in this case ip is hidden and Cloudflare cannot forward ports like 25, so I cannot receive mails.
So I thought of the following setup:
zimbra is running on mail.example.com running at 10.20.30.40 (ip as an example)
I have configured a DNS with:
A record mail.example.com pointing to 10.20.30.40 (proxied by Cloudflare with an extra layer of web security for Web Client)
A record mx.example.com pointing to 10.20.30.40 (pure DNS, so I can receive emails, as we cannot put IP directly in MX records)
MX record pointing to mx.example.com
The issue is that if I type mx.example.com - it still loads the Web Client. It looks like nginx does not care with which url I'm trying to access the server if it points to it's ip.
I would like the setup, that only mail.example.com loads the login page of Web Client and anything else would just give ERR_CONNECTION_REFUSED like it does in case if I just type ip address in the address bar.
I've spent a day searching but did not find a solution.
I hope I managed to explain.
Thank you very much in advance!
Need to be able to access Zimbra Web Client only at specific domain name
- fs.schmidt
- Outstanding Member
- Posts: 278
- Joined: Sat Sep 13, 2014 3:37 am
- Location: Brazil
- Contact:
Re: Need to be able to access Zimbra Web Client only at specific domain name
Hello,
You can check if zimbraReverseProxyStrictServerNameEnabled does the trick for you.
Best regards.
You can check if zimbraReverseProxyStrictServerNameEnabled does the trick for you.
Code: Select all
zimbraReverseProxyStrictServerNameEnabled
Configure the default server block in
'nginx.conf.web.https?.default.template' to return a default HTTP
response for all unconfigured host names. See also related attributes
'zimbraVirtualHostname' and 'zimbraVirtualIPAddress'.
type : boolean
value :
callback :
immutable : false
cardinality : single
requiredIn :
optionalIn : server,globalConfig
flags : serverInherited
defaults : TRUE
min :
max :
id : 3020
requiresRestart : nginxproxy
since : 8.8.6
deprecatedSince :
Best regards.