Questions Before I Start

[rshol]

I'd like to try Zimbra, but I'm concerned that it will interfere with other software I have running on the server. The server I have is running my web pages using Apache 2, MySQL and Postnuke. Will Zimbra mess this installation up? Does it require a server all to itself?

Why must I disable firewalls prior to install? My server is connected to the web and I don't want it runnng without firewalls even for a moment. Would it not be just as easy to tell me what ports Zimbra uses and let me open those and leave the others closed? How can I set up firewalls later if I don't know what ports it uses? I looked through the Admin Guide and the only port I saw specifically mentioned was 7071 for web administration although I assume it uses the standards for POP, IMAP and SMTP connections. I also assume, based on another forum post that 7777 needs to be open.

Thanks.

[marcmac]

ZCS was designed for installation on a server alone, though this isn't really a hard and fast requirement.

One thing we do, to reduce the services that start/run as root, is map privileged (<1024) ports to non-privileged ports. We do this through iptables, which is where the firewall restrictions come from.

Here are the ports used:

smtp: 25 mapped to 7075
http: 80 mapped to 7070
pop3: 110 mapped to 7110
imap: 143 mapped to 7143
ldap: 389 mapped to 7389
https: 443 mapped to 7443
imaps: 993 mapped to 7993
pop3s:995 mapped to 7995

admin: 7071
control: 7777

The application services talk to each other on both the mapped and unmapped ports, unfortunately, so it's not possible to simply stop the mapping.

From what you've mentioned of your current installation, the two biggest problems will be mysql and http (apache). None of the software installed by zcs will remove your existing software.

We are not listening on a TCP socket for mysql (all traffic goes through a unix domain socket).

If you want to access the existing web server as well as the ZCS web client, you'll have to move one of them off of port 80.

So, one way to make this work may be:

1 - Install zcs. This will include the port mapping.
2 - Remove the 80->7070 mapping so that traffic to your existing web server will get through.
3 - verify that your firewall will pass traffic for all of the ports used by ZCS.
4 - modify /opt/zimbra/tomcat/conf/server.xml to remove the proxyPort attribute from the http connector on port 7070
5 - restart ZCS

I haven't tested this configuration, but it should work.

[rshol]

Thanks very much for the detailed information.

[soundmaster80]

i got that working but now how do i get the other/new port work working. do i just point the browser directly to 7070. or where do i configure the server for the login page. forgive my ignorance but i plan on using this with a CMS of future selection. thank you

[marcmac]

Quote:

Originally Posted by soundmaster80

i got that working but now how do i get the other/new port work working. do i just point the browser directly to 7070. or where do i configure the server for the login page. forgive my ignorance but i plan on using this with a CMS of future selection. thank you

If you've successfuly started the server on port 7070, and fixed the redirect in server.xml, then accessing the UI should be as simple as pointing your browser at:
http://<hostname>:7070/ (or https, if you're running in that mode)

[soundmaster80]

ok, i have it running on (ipaddress):7070. however it's still running also on port 80. how do i get it to completely change to 7070 or be able to change the port to whatever i want. i've read several things from changing the ports in /opt/zimbra/bin/zmiptables to changing /opt/zimbra/tomcat/webapps/zimbra/WEB-INF/web.xml and also changing the /opt/zimbra/tomcat/conf/server.xml.

currently i have:
1. commented out the first port so it looks like this:
my %MAPPING = (
#80 => 7070, # HTTP
443 => 7443, # HTTS
389 => 7389, # LDAP
25 => 7075, # SMTP
143 => 7143, # IMAP
993 => 7993, # IMAP - SSL
110 => 7110, # POP
995 => 7995, # POP - SSL
);

2. i have removed the proxyPort=80 from server.xml so it looks like this:

<Service name="Catalina">
<!-- user services connector, no SSL -->
<!-- HTTPBEGIN -->
<Connector port="7070"
enableLookups="false" redirectPort="443"
maxThreads="100" minSpareThreads="100" maxSpareThreads="100"/>
<!-- HTTPEND -->

3. i have restarted the services, and tested http://ADDRESS:7070 and i'm able to login. but as i said port 80 still is showing the login page and i'm also able to login there. i have started apache to test and my webpage isn't showing. thanks for any help in advance

[marcmac]

You'll see the 80->7070 mapping still active if you run (as root)
iptables -t nat -L

To turn this off, run (as root):
/opt/zimbra/bin/zmiptables -u
/opt/zimbra/bin/zmiptables -i

[adobrin]

Do you forsee any issues running the war application inside JBoss?

Is Apache used for anything beside an ajp hook to Tomcat?


Thanks.

[KevinH]

There are several .war files (service, zimbra, zimbraAdmin, etc). It may work but all the admin tools(start/stop/status) are setup to expect tomcat. You'd have to do some script hacking just to test this.