Proposé par Agence IHDEM

Procédure d'installation de Zimbra Open Source avec l'interface fournie par Zextras, le tout sous Ubuntu en conteneur LXC avec Proxmox VE.

Etape n°1 | Téléchargement du template Ubuntu 18.04

Depuis l’interface de Proxmox VE, faite en sorte d’avoir disponible le template Ubuntu 18.04.

Ubuntu 18.04 lxc with privilège et nesting option

apt update
apt upgrade
apt install curl wget gawk
tar xvf zcs....
cd zcs..

Certificat SSL multi-domain

apt install certbot
su zimbra

Activer les ports pour le proxy des protocoles http, pop3, imap et l’espace d’administration

Tout d’abord, basculer sur le compre Zimbra afin d’executer les commandes suivantes :

su zimbra
/opt/zimbra/libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x https -H `zmhostname`
/opt/zimbra/libexec/zmproxyconfig -e -m -o -i 7143:143:7993:993 -p 7110:110:7995:995 -H `zmhostname`
/opt/zimbra/libexec/zmproxyconfig -e -m -H `zmhostname`


Enable reverse proxy

[zimbra@mail ~]# zmprov ms `zmhostname` zimbraMailReferMode reverse-proxied

After that enable memcached

[zimbra@mail ~]# zmprov ms `zmhostname` +zimbraServiceEnabled memcached

Enable redirect mode

Now, you will definitely want all your webmail traffic to go via https by default. But http must be enabled for certbot to work.

[zimbra@mail ~]# zmprov ms `zmhostname` zimbraReverseProxyMailMode redirect
[zimbra@mail ~]# exit


Install Certbot-Zimbra

First of all install certbot-zimbra. To download latest version execute the following command

[root@mail ~]# wget --content-disposition

Then install tar and extract the file with following command

[root@mail ~]# yum install tar -y
[root@mail ~]# tar xzf certbot-zimbra-0.7.11.tar.gz

After that, move the file to bin folder using following command.

[root@mail ~]# mv certbot-zimbra-0.7.11/ /usr/local/bin/

Go to bin folder

[root@mail ~]# cd /usr/local/bin

Deploy Certificate

The beauty of YetOpen is it can do everything for you, including deploying the certificate and restarting Zimbra. In contrast to other process where you have to do manually this process is automatic.

[root@mail bin]# ./ -n -c

After that answer the questions

[root@mail bin]# ./ -n -c
Checking for dependencies...
Detected Zimbra 8.8.15 on RHEL8_64
Using zmhostname to detect domain.
Using domain (as certificate DN)
Is this correct? yes
Detecting additional public service hostnames...

Apart from above usage, you can also do more with YetOpen script. Check out the official guide to learn more.

Renewal of Certificate YetOpen

YetOpen provides two ways to renew the certificate automatically, one through crontab and other through systemmd. Here, I have listed crontab method only.

Renewal using crontab

Edit the crontab using the command

[root@mail ~]# crontab -e

Then schedule the command below to renew the certificate, so that it doesn’t interfere in your working hours. This is because after certificate renewal zmcontrol will restart Zimbra, which takes one or two minutes (I hope you already know that)

# Replace /usr/bin/certbot with the location of your certbot binary, use this to find it: which certbot-auto certbot letsencrypt
12 5 * * * root /usr/bin/certbot renew --pre-hook "/usr/local/bin/ -p" --deploy-hook "/usr/local/bin/ -d"

Create DKIM for a domain

su zimbra

/opt/zimbra/libexec/zmdkimkeyutil -a -d

Install Zextra theme





Commentaire(s) sur cet article

  • img
    Rosalina Kelian
    19th May 2023 Reply

    Donec aliquam ex ut odio dictum, ut consequat leo interdum. Aenean nunc ipsum, blandit eu enim sed, facilisis convallis orci. Etiam commodo lectus quis vulputate tincidunt. Mauris tristique velit eu magna maximus condimentum.

  • img
    Arista Williamson
    15th May 2023 Reply

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim.

  • img
    Arista Williamson
    12th May 2023 Reply

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam.

Voulez-vous profiter de formations et tutoriels additionnels?

Devenez membre VIP pour profiter de formations avancées.