Dear Team,
I use zimbra 8.8.15 and now Java/Jetty is binding to my TCP 80 and 443 ports.
What would be the proper way to ask "zimbra-nginx" to bind onto these ports instead?
I would sleep better if an old Jetty 9.4.18 wouldn't bind to any public ports.
It's really inconvinient in terms of security and user experience.
If it matters, I bought the extra modules and all that jazz.
Many thanks,
Andras
Put Jetty behind nginx
- andras0602
- Advanced member
- Posts: 62
- Joined: Sat May 21, 2022 3:11 pm
- ZCS/ZD Version: 8.8.15
-
- Ambassador
- Posts: 2767
- Joined: Mon Dec 16, 2013 11:35 am
- Location: France - Drôme
- ZCS/ZD Version: All of them
- Contact:
Re: Put Jetty behind nginx
Hello.
Unless you decided to do so (during setup or by modifying configuration), jetty doesn't use these ports.
Its default ports are 8080 and 8443.
The zimbra-proxy package should be installed (mandatory nowadays) and it should bind to 80 and 443.
Unless you decided to do so (during setup or by modifying configuration), jetty doesn't use these ports.
Its default ports are 8080 and 8443.
The zimbra-proxy package should be installed (mandatory nowadays) and it should bind to 80 and 443.
- andras0602
- Advanced member
- Posts: 62
- Joined: Sat May 21, 2022 3:11 pm
- ZCS/ZD Version: 8.8.15
Re: Put Jetty behind nginx
woah that's useful, thanks!
On the servers I had to maintain it's quite the opposite!
Nginx listens on 8080 and 8443. I can access the admin dashboard trough 8443 (which comes from the zimbra-proxy-* packages)
On the servers I had to maintain it's quite the opposite!
Nginx listens on 8080 and 8443. I can access the admin dashboard trough 8443 (which comes from the zimbra-proxy-* packages)
-
- Ambassador
- Posts: 2767
- Joined: Mon Dec 16, 2013 11:35 am
- Location: France - Drôme
- ZCS/ZD Version: All of them
- Contact:
Re: Put Jetty behind nginx
You might encounter this because they are "old" servers (from the days before zimbra-proxy) that have been updated.
zimbra-proxy package might have been installed/added during an update but the ports (jetty and nginx) were not correctly re-setup after the package install.
zimbra-proxy package might have been installed/added during an update but the ports (jetty and nginx) were not correctly re-setup after the package install.
- andras0602
- Advanced member
- Posts: 62
- Joined: Sat May 21, 2022 3:11 pm
- ZCS/ZD Version: 8.8.15
Re: Put Jetty behind nginx
It makes perfect sense! Thank you
I just checked a few publicly available Zimbra servers with Shodan and it seems pretty common (or they just have a smart WAF or built the webserver from source - which I don't think so).
Now I need to figure out which Zimbra settings I should change.
Tbh it would be easier to just config Jetty and Nginx by their own configs but I'm afraid those wouldn't hold agains the next updates.
I just checked a few publicly available Zimbra servers with Shodan and it seems pretty common (or they just have a smart WAF or built the webserver from source - which I don't think so).
Now I need to figure out which Zimbra settings I should change.
Tbh it would be easier to just config Jetty and Nginx by their own configs but I'm afraid those wouldn't hold agains the next updates.