Put Jetty behind nginx

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
User avatar
andras0602
Advanced member
Advanced member
Posts: 62
Joined: Sat May 21, 2022 3:11 pm
ZCS/ZD Version: 8.8.15

Put Jetty behind nginx

Post by andras0602 »

Dear Team,

I use zimbra 8.8.15 and now Java/Jetty is binding to my TCP 80 and 443 ports.
What would be the proper way to ask "zimbra-nginx" to bind onto these ports instead?
I would sleep better if an old Jetty 9.4.18 wouldn't bind to any public ports.
It's really inconvinient in terms of security and user experience.
If it matters, I bought the extra modules and all that jazz.

Many thanks,
Andras
Klug
Ambassador
Ambassador
Posts: 2746
Joined: Mon Dec 16, 2013 11:35 am
Location: France - Drôme
ZCS/ZD Version: All of them
Contact:

Re: Put Jetty behind nginx

Post by Klug »

Hello.

Unless you decided to do so (during setup or by modifying configuration), jetty doesn't use these ports.
Its default ports are 8080 and 8443.

The zimbra-proxy package should be installed (mandatory nowadays) and it should bind to 80 and 443.
User avatar
andras0602
Advanced member
Advanced member
Posts: 62
Joined: Sat May 21, 2022 3:11 pm
ZCS/ZD Version: 8.8.15

Re: Put Jetty behind nginx

Post by andras0602 »

woah that's useful, thanks!
On the servers I had to maintain it's quite the opposite!
Nginx listens on 8080 and 8443. I can access the admin dashboard trough 8443 (which comes from the zimbra-proxy-* packages)
Klug
Ambassador
Ambassador
Posts: 2746
Joined: Mon Dec 16, 2013 11:35 am
Location: France - Drôme
ZCS/ZD Version: All of them
Contact:

Re: Put Jetty behind nginx

Post by Klug »

You might encounter this because they are "old" servers (from the days before zimbra-proxy) that have been updated.
zimbra-proxy package might have been installed/added during an update but the ports (jetty and nginx) were not correctly re-setup after the package install.
User avatar
andras0602
Advanced member
Advanced member
Posts: 62
Joined: Sat May 21, 2022 3:11 pm
ZCS/ZD Version: 8.8.15

Re: Put Jetty behind nginx

Post by andras0602 »

It makes perfect sense! Thank you :!:
I just checked a few publicly available Zimbra servers with Shodan and it seems pretty common (or they just have a smart WAF or built the webserver from source - which I don't think so).

Now I need to figure out which Zimbra settings I should change.
Tbh it would be easier to just config Jetty and Nginx by their own configs but I'm afraid those wouldn't hold agains the next updates.
Klug
Ambassador
Ambassador
Posts: 2746
Joined: Mon Dec 16, 2013 11:35 am
Location: France - Drôme
ZCS/ZD Version: All of them
Contact:

Re: Put Jetty behind nginx

Post by Klug »

Post Reply