[SOLVED] zimbra-proxy limitations

[Klug]

[quote user="quanah"]In general, people aren't expected to run zmproxyinit. They're expected to use the install-based menus.

However, I am working on making it smarter every release. [/QUOTE]

Yeah, seen that in the bugzilla.


[quote user="quanah"]Um, I'm not sure what you mean here. Either you are taking connections in at the proxy server on port 80, and forwarding them to the mail server at 8080, or you aren't using proxy. You can't have the store server also accepting port 80.[/QUOTE]

I don't agree.
Look at the way we're using the proxy here (maybe you'll tell me it's not designed for this use) : the customer wants his ZCS servers (MTA, LDAP and mailstore(s)) on his LAN.

Users are used to access to the mailstore in http (mainly https actually).

Customer want a reverse-proxy in the DMZ and he wants the external users to connect to the reverse-proxy while the internal users should still connect to the LAN servers without changing any habit of course.

Here comes zimbra-proxy for the reverse-proxy (being a proxy on https only, for external use) but we need the mailstore to keep the same behaviour (the "Both" mode)...
I agree with your point only if proxy and mailstore are on the same server... But I honestly don't see the point of this.
[quote user="quanah"]I'll have to ask the dev if there's a technical limitation here.[/QUOTE]

Maybe it's related to self-signed certificates (it's a pain with apache as reverse-proxy too, you need to teach the certificates to apache)?
Have a nice week-end.

[bjared]

Here's my situation. We have an existing stand-alone zimbra system in a

data center that the company (worldwide) accesses. I want to increase

response time for one location, and free up a little disk space, so I installed

another server on-site that I'll move all of those employees' mailboxes to.
I finally installed zimbra-proxy during my upgrade from 5.0.8 to 5.0.9 last

night, and I'm now thinking I will also want zimbra-proxy installed onto the

on-site server as well. I need the users to experience Zimbra on the LAN,

rather than over a T1, which will help customer perception of the system.
So, in my case, I'm going to have zimbra-store AND zimbra-proxy on both

systems.
Thinking about this gets me confused as to what the zmproxyinit command

actually does, since the documentation seems to have me typing that on

the proxy servers and the mailstore servers as if they're seperate... I also

thought that "mailbox.node.service.hostname" and

"mailbox.node.service.hostname" were literal strings, until reading this

thread. The documentation uses in other parts

of the documentation, so...there's that.
Anyway, do I need to type this zmproxyinit command twice on each server?

Since the mailstore is going to be listening on 8080 and 8443, it seems

silly to install a seperate OS for proxy services...
This idea (having both servers proxy + mailstore) is based on the assumption

that having zimbra-proxy only be at data center (over the T1), it'd do

nothing for increasing performance, and actually double the bandwidth as

traffic would be going down and back for those who have their mailboxes

moved to the on-site server.
The worst case scenario is that the users have to remember which zimbra

server they're on, and that would be one of the most annoying questions

to address on a daily basis..."Am I on zimbra1 or zimbra2?" (we're planning

on giving each remote site their own mailstore servers...so this scenario

would become increasingly annoying.)
--Brian

[quanah]

[quote user="bjared"]

So, in my case, I'm going to have zimbra-store AND zimbra-proxy on both

systems.

Anyway, do I need to type this zmproxyinit command twice on each server?

Since the mailstore is going to be listening on 8080 and 8443, it seems

silly to install a seperate OS for proxy services...

[/QUOTE]
No, if store and proxy are on the same box, then you only need to run it once for that box. I.e., it must be run once for all of store and proxy, but if they are both on a box together, it does the needed bits for both.