You are probably tired of looking at documentation but I recommend you have a look here:
https://wiki.zimbra.com/wiki/Enabling_Z ... _memcached. There is good information on how to verify nginx and memcache are listening properly.
With reverse-proxy mode set to "both" you would want to have nginx listening on the standard ports: 80, 443, 143, 993, 110, 995 and the mailbox handler (java) listening on 8080, 8443, 7143, 7993, 7110, 7995. Then, when a client requests a connection on the standard port, nginx would proxy that connection to the port where the mailbox handler is listening.
i.e.:
80 ==> 8080 (http)
443 ==> 8443 (https)
143 ==> 7143 (IMAP)
993 ==> 7993 (IMAPS)
110 ==> 7110 (POP3)
995 ==> 7995 (POP3S)
If you run this command (as the zimbra user) it will return all the pertinent configuration parameters and you can inspect their settings:
Code: Select all
zmprov gs `zmhostname` \
zimbraReverseProxySSLToUpstreamEnabled \
zimbraReverseProxyLookupTarget \
zimbraReverseProxyHttpEnabled \
zimbraMailReferMode \
zimbraMailPort \
zimbraMailProxyPort \
zimbraMailSSLPort \
zimbraMailSSLProxyPort \
zimbraMailMode \
zimbraReverseProxyMailEnabled \
zimbraReverseProxyMailMode \
zimbraImapBindPort \
zimbraImapProxyBindPort \
zimbraImapSSLBindPort \
zimbraImapSSLProxyBindPort \
zimbraImapCleartextLoginEnabled \
zimbraPop3BindPort \
zimbraPop3ProxyBindPort \
zimbraPop3SSLBindPort \
zimbraPop3SSLProxyBindPort \
zimbraPop3CleartextLoginEnabled \
zimbraAdminPort \
zimbraAdminProxyPort \
zimbraReverseProxyAdminEnabled
If you wish to use https only for the web clients rather than both or redirect, nothing need listen on port 80 or 8080.
In this case zimbraMailMode should be set to either https or both and zimbraReverseProxyMailMode to https.
A client should never even be aware they are being proxied to a different port than the one they requested. Your ActiveSync client client should request connection on port 443 as normal and be transparently proxied to 8443. In any case, if the client is requesting a secure connection it should never be proxied to an unsecure port.
I hope some of this info helps.
Cheers!