Exchange ActiveSync for Zimbra Open Source Edition (Nginx Custom)

Posted by

This article was inspired by Stefan Seidel’s writing here: https://www.stefanseidel.info/Z-Push_on_Zimbra_8 . On previous article about Exchange ActiveSync for Zimbra Open Source Edition, I used Jetty with some modification. The Jetty custom need more effort if I do a patch or upgrade. I must adjust the Jetty file again to support Exchange ActiveSync. If you want to use Jetty custom, please follow this guidance: https://imanudin.net/2019/08/30/exchange-activesync-for-zimbra-open-source-edition/

When I use Nginx custom and do update patch/upgrade, I only need to customize Zimbra Nginx.

This guide has been tested on Ubuntu 20.04 with Zimbra 8.8.15 and Rocky Linux 8 with Zimbra 10. I am using Z-Push version 2.7.0 and Z-Push Zimbra Backend version 71.

# Ubuntu

Install dependencies

sudo apt -y install php php-cli php-soap php-mbstring php-curl php-fpm php-intl git

Modify php-fpm

vi /etc/php/7.4/fpm/pool.d/www.conf

Adjust line below as follows

listen = 127.0.0.1:9000

Enable and restart php-fpm

systemctl enable --now php7.4-fpm.service
systemctl restart php7.4-fpm.service

Create Z-Push directory

sudo mkdir /var/lib/z-push /var/log/z-push
sudo chmod 755 /var/lib/z-push /var/log/z-push
chown www-data.www-data /var/lib/z-push /var/log/z-push

Clone Z-Push + Z-Push Zimbra Backend

cd /opt/
git clone https://github.com/imanudin11/zimbra-zpush.git z-push

Note: I use Asia/Jakarta as my Timezone. Please open /opt/z-push/config.php and adjust/change Asia/Jakarta to your Timezone

Modify Template

vi /opt/zimbra/conf/nginx/templates/nginx.conf.web.https.default.template

Find line “location ^~ /Microsoft-Server-ActiveSync” and add below line before line “For audit”

# Z-Push start
include /opt/z-push/nginx-zpush.conf;
# Z-Push end

So, the final line looks like this

        # Proxy to Zimbra Upstream
        proxy_pass          ${web.upstream.target};
        proxy_read_timeout  ${web.upstream.polling.timeout};
        proxy_buffering     off;    

        # Z-Push start
        include /opt/z-push/nginx-zpush.conf;
        # Z-Push end

        # For audit
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Save and restart Zimbra Proxy

su - zimbra -c 'zmproxyctl restart'

# CentOS/Rocky Linux

Install dependencies

sudo yum install php-cli php-soap php-process php-mbstring php-fpm php-curl php-json php-intl git -y

Modify php-fpm

vi /etc/php-fpm.d/www.conf

Adjust line below as follows

listen = 127.0.0.1:9000

Enable and restart php-fpm

systemctl enable --now php-fpm.service 
systemctl restart php-fpm.service

Create Z-Push directory

sudo mkdir /var/lib/z-push /var/log/z-push
sudo chmod 755 /var/lib/z-push /var/log/z-push
chown apache.apache /var/lib/z-push /var/log/z-push

Clone Z-Push + Z-Push Zimbra Backend

cd /opt/
git clone https://github.com/imanudin11/zimbra-zpush.git z-push

Note: I use Asia/Jakarta as my Timezone. Please open /opt/z-push/config.php and adjust/change Asia/Jakarta to your Timezone

Modify Template

vi /opt/zimbra/conf/nginx/templates/nginx.conf.web.https.default.template

Find line “location ^~ /Microsoft-Server-ActiveSync” and add below line before line “For audit”

# Z-Push start
include /opt/z-push/nginx-zpush.conf;
# Z-Push end

So, the final line looks like this

        # Proxy to Zimbra Upstream
        proxy_pass          ${web.upstream.target};
        proxy_read_timeout  ${web.upstream.polling.timeout};
        proxy_buffering     off;    

        # Z-Push start
        include /opt/z-push/nginx-zpush.conf;
        # Z-Push end

        # For audit
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Save and restart Zimbra Proxy

su - zimbra -c 'zmproxyctl restart'

# Testing

Please access https://ip-of-zimbra/Microsoft-Server-ActiveSync from your browser. Log in with your Zimbra account. If it works, you can see the output as below. Or you can configure your mail apps on mobile devices and ensure choose Exchange/ActiveSync

Good Luck 🙂

18 comments

  1. HI. I tried your guide with ubuntu 20.04.06 and Zimbra 9 FOSS and everything works. IT DOES NOT WORK with ubuntu 20.04.06 and zimbra 10 FOSS. The proxy fails reporting that the port is already in use. Is there a way to apply zpush on ubuntu 20 + zimbra 10?

      1. root@mail:~# ss -atpn | grep -iE ’80|443′
        LISTEN 0 10 127.0.0.1:53 0.0.0.0:* users:((“named”,pid=1066,fd=82),(“named”,pid=1066,fd=81),(“named”,pid=1066,fd=80),(“named”,pid=1066,fd=79),(“named”,pid=1066,fd=78),(“named”,pid=1066,fd=77),(“named”,pid=1066,fd=76),(“named”,pid=1066,fd=75),(“named”,pid=1066,fd=74))
        LISTEN 0 50 0.0.0.0:8443 0.0.0.0:* users:((“java”,pid=3863,fd=146))
        LISTEN 0 4096 127.0.0.1:10663 0.0.0.0:* users:((“zmlogger: zmrrd”,pid=3680,fd=3))
        LISTEN 0 50 127.0.0.1:8080 0.0.0.0:* users:((“java”,pid=3863,fd=145))
        ESTAB 0 0 192.168.0.20:39380 192.168.0.20:389 users:((“java”,pid=1500,fd=156))
        ESTAB 0 0 192.168.0.20:389 192.168.0.20:39380 users:((“slapd”,pid=1429,fd=13))
        LISTEN 0 511 *:7780 *:* users:((“httpd”,pid=4891,fd=4),(“httpd”,pid=4882,fd=4),(“httpd”,pid=4881,fd=4),(“httpd”,pid=4870,fd=4))
        LISTEN 0 511 *:80 *:* users:((“apache2”,pid=1291,fd=4),(“apache2”,pid=1290,fd=4),(“apache2”,pid=1289,fd=4),(“apache2”,pid=1288,fd=4),(“apache2”,pid=1287,fd=4),(“apache2”,pid=1284,fd=4))
        root@mail:~# netstat -atpn | grep -iE ’80|443′
        tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 3863/java
        tcp 0 0 127.0.0.1:10663 0.0.0.0:* LISTEN 3680/zmlogger: zmrr
        tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 3863/java
        tcp 0 0 192.168.0.20:39380 192.168.0.20:389 ESTABLISHED 1500/java
        tcp 0 0 192.168.0.20:389 192.168.0.20:39380 ESTABLISHED 1429/slapd
        tcp6 0 0 :::7780 :::* LISTEN 4870/httpd
        tcp6 0 0 :::80 :::* LISTEN 1284/apache2

        1. Hi,
          There is apache2 service that running. Please disable and stop that service. From the result, port 443 is not listen. Please run the following command

          zmprov ms $(zmhostname) zimbraReverseProxyMailMode https
          zmproxyctl restart
          
  2. correction. even with 9 it no longer works after a reboot. “Failed to start LSB: Zimbra mail service” Proxy in not running

  3. Does not work with Ubuntu 10 and Zimbra 10.
    31/10/2023 09:48:31 [340230] [ERROR] [] Zimbra->SoapRequest(): ERROR: curl_exec – (60) SSL: no alternative certificate subject name matches target host name ‘127.0.0.1’
    31/10/2023 09:48:31 [340230] [ERROR] [] Zimbra->Logon(): END Logon – Proxy Error { connected = false }
    31/10/2023 09:48:31 [340230] [FATAL] [] Exception: (ServiceUnavailableException) – Access denied. Proxy unable to reach user mailbox server

      1. Does not work either.
        extensions – unable to find handler for extension: system failure: Extension HTTP handler not found at /zimbrasync

          1. What should I try again??? I administer 2 Zimbra servers and this method does not wotk on either of those. One server is freshly installed Ubuntu 20, another one is an old machine with Ubuntu 16 upgraded to 18 and then to 20. Please help!

  4. Can you please help? Do I need any extra package, or should it work with standard Ubuntu 20 and Zimbra 9/10 installation?
    Thabk you in advance.

  5. Microsoft-Server-ActiveSync] [] extensions – unable to find handler for extension: system failure: Extension HTTP handler not found at /zimbrasync
    From today´s tests…
    Please help

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.