This is Guide to install Zimbra and SSL Config on Centos 7 By Default Centos run postfix, so we need to disable that very first # systemctl stop postfix # systemctl disable postfix then set a hostname After the reboot, set the hostname of your server, in my case I am setting it as “mail.linuxtechi.com” # hostnamectl set-hostname "mail.usefuleverything.com" # yum install -y nano Add the following lines in /etc/hosts file, 192.168.0.108 mail.usefuleverything.com Install Zimbra dependencies using yum Run the below command to install Zimbra / ZCS dependencies # yum install unzip net-tools sysstat openssh-clients perl-core libaio nmap-ncat wget -y wget command to download the latest version of ZCS 8.8.10 from the terminal, Platform Download 64-bit Red Hat Enterprise Linux 6 64bit x86 (MD5) (SHA 256) CentOS 6 64bit x86 (MD5) (SHA 256) Oracle Linux 6 64bit x86 (MD5) (SHA 256) Red Hat Enterprise Linux 7 64bit x86 (MD5) (SHA 256) CentOS 7 64bit x86 (MD5) (SHA 256) Oracle Linux 7 64bit x86 (MD5) (SHA 256) Ubuntu 14.04 LTS 64bit x86 (MD5) (SHA 256) Ubuntu 16.04 LTS 64bit x86 (MD5) (SHA 256) Ubuntu 18.04 LTS 64bit x86 (MD5) (SHA 256) BETA # wget https://files.zimbra.com/downloads/8.8.12_GA/zcs-8.8.12_GA_3794.RHEL7_64.20190329045002.tgz --no-check-certificate Install Zimbra / ZCS 8.8.12 Extract the downloaded tgz file of ZCS 8.8.10 using the beneath tar command # tar zxpvf zcs-8.8.12_GA_3794.RHEL7_64.20190329045002.tgz # cd zcs-8.8.12_GA_3794.RHEL7_64.20190329045002 # ./install.sh # firewall-cmd --permanent --add-port={25,80,110,143,443,465,587,993,995,5222,5223,9071,7071}/tcp # firewall-cmd --reload Now Config the SSL No Login via SSH nano /opt/zimbra/conf/nginx/templates/nginx.conf.web.https.default.template after "# HTTPS Proxy Default Configuration " Paste include ${core.includes}/${core.cprefix}.lets.conf; now create /opt/zimbra/conf/nginx/includes/nginx.conf.lets.conf server { listen 80 default_server; server_name _; access_log off; location ^~ /.well-known/acme-challenge { root /opt/zimbra/data/nginx/html; } location / { rewrite ^/(.*) https://$host$request_uri permanent; } } server { listen 80; server_name mail.usefuleverything.com; # Your Site NAme access_log off; root /opt/zimbra/data/nginx/html; index index.html index.htm; location ^~ /.well-known/acme-challenge { root /opt/zimbra/data/nginx/html; } location / { try_files $uri $uri/ =404; } } #su zimbra # zmcontrol stop # zmcontrol start # exit Install certboat # yum install -y epel-release # yum install -y certbot # wget https://github.com/YetOpen/certbot-zimbra/archive/master.zip # unzip master.zip # cd certbot-zimbra-master/ # cp -av certbot_zimbra.sh /usr/local/bin/ certbot_zimbra.sh -n -H mail.usefuleverything.com there will be an error (due to script error) Preparing certificates for deployment. /usr/local/bin/certbot_zimbra.sh: line 325: [: too many arguments go to # cd /opt/zimbra/ssl/letsencrypt/ and see everything is there # ls -alh total 12K dr-xr-x---. 2 zimbra root 65 Jun 28 08:51 . drwxr-xr-x. 8 zimbra zimbra 167 Jun 28 08:51 .. -rw-r-----. 1 zimbra root 1.9K Jun 28 08:51 cert.pem -rw-------. 1 zimbra root 1.7K Jun 28 08:51 privkey.pem -rw-r-----. 1 root root 2.8K Jun 28 08:51 zimbra_chain.pem [root@mail letsencrypt]# change the zimbra_chain.pem ownership chown zimbra:root zimbra_chain.pem Then Run $ /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem There will be an error so just make an selfcert in zimbra then restart zimbra services # zmcontrol stop # zmcontrol start then # cp "privkey.pem" "/opt/zimbra/ssl/zimbra/commercial/commercial.key" then # /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem zimbra_chain.pem then restart zimbra services # zmcontrol stop # zmcontrol start Move lets.conf in nginx mv /opt/zimbra/conf/nginx/includes/nginx.conf.lets.conf /opt/zimbra/conf/nginx/includes/nginx.conf.lets.conf.bak add following to new /opt/zimbra/conf/nginx/includes/nginx.conf.lets.conf server { listen 80 default_server; listen [::]:80 default_server; server_name _; return 301 https://$host$request_uri; } then restart zimbra services # zmcontrol stop # zmcontrol start zimbra mail server centos 7 zimbra mail server centos 6 install zimbra mail server centos 6.5 zimbra mail server configuration in centos step by step pdf zimbra mail server download for centos 7 zimbra mail server installation on centos zimbra mail server configuration in centos 6 free download zimbra mail server for centos zimbra mail server installation and configuration in centos zimbra mail server installation guide centos step by step zimbra mail server configuration in centos 7 step by step pdf zimbra mail server configuration centos 7 how to configure zimbra mail server in centos 6.5 cara install zimbra mail server di centos cài đặt zimbra mail server trên centos install zimbra mail server centos 6 download zimbra mail server for centos 6 konfigurasi zimbra mail server di centos konfigurasi zimbra mail server di centos 7 membuat mail server zimbra di centos zimbra mail server download for centos zimbra mail server for centos 7 download zimbra mail server for centos 7 how to remove zimbra mail server from centos 7 how to remove zimbra mail server from centos 6 how to install zimbra mail server on centos 7 how to uninstall zimbra mail server on centos how to configure zimbra mail server in centos zimbra mail server install centos 7 zimbra mail server installation in centos 6.5 zimbra mail server installation in centos zimbra mail server kurulumu centos zimbra mail server on centos 7 zimbra mail server installation on centos 7 how to install zimbra mail server on centos 6.5 how to install and configure zimbra mail server on centos 7 how to install and configure zimbra mail server on centos 6 install & configure zimbra open source mail server on centos steps to install zimbra mail server on centos how to install and configure zimbra mail server on centos 7 step by step zimbra mail server configuration zimbra mail server installation in centos 7 zimbra mail server installation in ubuntu 18.04 zimbra mail server login zimbra mail server download zimbra mail server price zimbra mail server features zimbra mail server backup zimbra mail server adalah zimbra mail server admin console zimbra mail server alternative zimbra mail server architecture zimbra mail server amreli zimbra mail server administration guide zimbra mail server appliance zimbra mail server address zimbra mail server administration zimbra mail server behind firewall zimbra mail server blacklist zimbra mail server book zimbra mail server configuration backup zimbra mail server step by step installation zimbra mail server 32 bit zimbra open source mail server backup zimbra mail server installation guide step by step zimbra mail server commands zimbra mail server clustering zimbra mail server cost zimbra mail server download for linux free zimbra mail server docker zimbra mail server documentation zimbra mail server database zimbra mail server down zimbra mail server deployment zimbra mail server details zimbra mail server error uploading file zimbra mail server exploit zimbra mail server error zimbra mail exchange server zimbra mail queues server error encountered zimbra mail server vs microsoft exchange zimbra external mail server zimbra mail server free download zimbra mail server for centos 7 zimbra mail server failover zimbra mail server for ubuntu zimbra mail server for windows 7 zimbra mail server for windows 10 zimbra mail server installation guide pdf zimbra mail server installation guide centos step by step zimbra mail server configuration guide pdf zimbra mail server user guide mail server zimbra sesto san giovanni zimbra mail server hacked zimbra mail server hosting zimbra mail server hardware requirements zimbra mail server high availability zimbra mail server hardening zimbra mail server ha zimbra smtp server hostname how zimbra mail server works how to zimbra mail server how to configure zimbra mail server zimbra mail server installation zimbra mail server installation in ubuntu zimbra mail server installation in windows zimbra mail server iso zimbra mail server jobs jasa instalasi zimbra mail server training zimbra mail server jakarta zimbra mail server kurulumu zimbra mail server kurulumu ubuntu konfigurasi zimbra mail server di ubuntu kelebihan zimbra mail server konfigurasi zimbra mail server di debian konfigurasi zimbra mail server di centos konfigurasi zimbra mail server di debian 8 konfigurasi zimbra mail server konfigurasi zimbra mail server di centos 7 zimbra mail server logs zimbra mail server license zimbra mail server latest version zimbra mail server linux zimbra mail server ldap zimbra mail server configuration linux zimbra mail server installation in linux zimbra mail server minimum requirements zimbra mail server management zimbra mail server migration zimbra mail server manual zimbra mail server monitoring zimbra mail server migration to office 365 zimbra mail server name zimbra mail server not working zimbra mail server not starting zimbra mail server nedir zimbra smtp server name zimbra mail server port number zimbra change mail server name ntpc zimbra mail server zimbra move mail to new server zimbra mail server on centos 7 zimbra mail server on ubuntu 16.04 zimbra mail server outlook configuration zimbra mail server on windows zimbra mail server outlook zimbra mail server ovf zimbra mail server ova zimbra mail server on ubuntu 14.04 zimbra mail server os zimbra mail server prerequisites zimbra mail server pros and cons zimbra mail server pdf zimbra mail server presentation zimbra mail server pop3 zimbra mail server package zimbra mail server problem zimbra mail server queue zimbra mail server review zimbra mail server renew certificate zimbra mail server restart command zimbra mail server replication zimbra mail server redundancy install zimbra mail server zimbra mail server roles zimbra mail server setup zimbra mail server settings zimbra mail server spam control zimbra mail server system requirements zimbra mail server support in india zimbra mail server service restart zimbra mail server sending spam zimbra mail server support zimbra mail server tutorial zimbra mail server training zimbra mail server tutorial pdf zimbra mail server troubleshooting zimbra mail server timezone zimbra mail cannot connect to server alternative to zimbra mail server zimbra mail server update zimbra mail server ubuntu 16.04 zimbra mail server ubuntu 14.04 zimbra mail server unseen.is install zimbra mail server ubuntu 18.04 setup zimbra mail server ubuntu 16.04 configure zimbra mail server ubuntu install zimbra mail server ubuntu 14.04 install zimbra mail server ubuntu 12.04 zimbra mail server versions zimbra mail server very slow zimbra mail server vmware zimbra mail server virtualbox kerio mail server vs zimbra virtual host zimbra mail server mail server veran br zimbra zimbra mail server windows zimbra mail server wiki zimbra mail server configuration in windows zimbra xmission com mail server settings zimbra mail server youtube zimbra mail server configuration in centos 6.5 step by step zimbra mail server configuration in centos 6 download zimbra mail server for centos 6 install zimbra mail server centos 6 zimbra mail server centos 7


This is Guide to install Zimbra and SSL Config on Centos 7






By Default Centos run postfix, so we need to disable that very first



# systemctl stop postfix
# systemctl disable postfix



Then set a hostname



After the reboot, set the hostname of your server
if you going to use this mail server for multiple mail domains please insert those as well


# hostnamectl set-hostname "mail.usefuleverything.com"

# yum install -y nano


Add the following lines in  /etc/hosts file,

192.168.0.108 mail.usefuleverything.com

Install Zimbra dependencies using yum

Run the below command to install Zimbra / ZCS dependencies

# yum install unzip net-tools sysstat openssh-clients perl-core libaio nmap-ncat wget -y


wget command to download the latest version of ZCS 8.8.12 from the terminal,
PlatformDownload 64-bit
Red Hat Enterprise Linux 664bit x86 (MD5) (SHA 256)
CentOS 664bit x86 (MD5) (SHA 256)
Oracle Linux 664bit x86 (MD5) (SHA 256)
Red Hat Enterprise Linux 764bit x86 (MD5) (SHA 256)
CentOS 764bit x86 (MD5) (SHA 256)
Oracle Linux 764bit x86 (MD5) (SHA 256)
Ubuntu 14.04 LTS64bit x86 (MD5) (SHA 256)
Ubuntu 16.04 LTS64bit x86 (MD5) (SHA 256)
Ubuntu 18.04 LTS64bit x86 (MD5) (SHA 256BETA


# wget https://files.zimbra.com/downloads/8.8.12_GA/zcs-8.8.12_GA_3794.RHEL7_64.20190329045002.tgz --no-check-certificate



Install Zimbra / ZCS 8.8.12

Extract the downloaded tgz file of  ZCS 8.8.10 using the beneath tar command


# tar zxpvf zcs-8.8.12_GA_3794.RHEL7_64.20190329045002.tgz

# cd zcs-8.8.12_GA_3794.RHEL7_64.20190329045002

# ./install.sh




# firewall-cmd --permanent --add-port={25,80,110,143,443,465,587,993,995,5222,5223,9071,7071,7025}/tcp
# firewall-cmd --reload



Now Config the SSL



Now Login via SSH as root


Install certboat

# yum install -y epel-release
# yum install -y certbot
# certbot certonly
Then enter required details to generate ssl

then go to /etc/letsencrypt/live/$domain
then copy to zimbra folder
mkdir /opt/zimbra/ssl/lets
cp * /opt/zimbra/ssl/lets/
cd /opt/zimbra/ssl/lets/
Make sure to give ownership to zimbra user
chown zimbra:root *
then switch to zimbra 
# su zimbra
nano chain.pem
Your chain.pem should look like: add this below code
-----BEGIN CERTIFICATE-----

YOURCHAIN

-----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ -----END CERTIFICATE-----
then check 
# /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem
# cp "privkey.pem" "/opt/zimbra/ssl/zimbra/commercial/commercial.key"
# /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem 

then restart zimbra services



# zmcontrol  stop
# zmcontrol  start



Following for additional Domains

Configuring the IP address per domain

  • 1. Add the new domain, in this case example.com. Set zimbraVirtualHostName to mail.example.com and zimbraVirtualIPAddress to 1.2.3.4. Make sure the zimbraVirtualHostName is set to the name which will be used to access the domain (URL) and the SSL certificate is signed for the same name.
 zmprov md example.com zimbraVirtualHostName mail.example.com zimbraVirtualIPAddress 1.2.3.4
NOTE: If the server is behind a firewall and NAT'ed with an external address, make sure external requests for "mail.example.com" hit the aliased IP address and not the actual local IP address of server.

Verifying and Preparing the Certificates

We have three files received from the CA. The server (domain) certificate, two chain certs. And we have existing key file (which was used to generate the csr)
1. Save the example.com certificate, key and chain files to a directory /tmp/example.com. You can receive single or multiple chain certs from your CA. Here we have two chain certs from the CA. i.e. example.com.root.crt and example.com.intermediate.crt.
 ls /tmp/example.com
 example.com.key
 example.com.crt
 example.com.root.crt
 example.com.intermediate.crt
2. Add the chain certs to a single file called example.com_ca.crt
 cat example.com.root.crt example.com.intermediate.crt >> example.com_ca.crt
3. Confirm if the key and certificate matches and chain certs completes the trust.
 /opt/zimbra/bin/zmcertmgr verifycrt comm /tmp/example.com/example.com.key /tmp/example.com/example.com.crt /tmp/example.com/example.com_ca.crt
  • Check the output, it should say something like this. If not, make sure you have correct key and chain cert files.
 ** Verifying example.com.crt against example.com.key
 Certificate (example.com.crt) and private key (example.com.key) match.
 Valid Certificate: example.com.crt: OK

Deploying the Certificate on domain

1. Add the domain certificate and chain files to a single file called example.com.bundle
 cat example.com.crt example.com_ca.crt >> example.com.bundle
2. Run following to save the certificates and key in ldap database.
 /opt/zimbra/libexec/zmdomaincertmgr savecrt example.com example.com.bundle example.com.key
  • The syntax is:
 /opt/zimbra/libexec/zmdomaincertmgr savecrt <domainname> <certificate with chain certs> <keyfile>
3. Run following to deploy the domain certificate. This will save the certificate and key as /opt/zimbra/conf/domaincerts/example.com
 /opt/zimbra/libexec/zmdomaincertmgr deploycrts
4. Make sure the example.com is resolving to its local IP address from Zimbra host. Or make an similar entry in /etc/hosts file.
 1.2.3.4      example.com

Proxy Check

Run these commands on proxy hosts.
  • zimbraReverseProxyGenConfigPerVirtualHostname should be set to TRUE in server and global config.
 zmprov gs `zmhostname` zimbraReverseProxyGenConfigPerVirtualHostname
 zmprov gacf zimbraReverseProxyGenConfigPerVirtualHostname
Use these command to set it to TRUE.
 zmprov ms `zmhostname` zimbraReverseProxyGenConfigPerVirtualHostname TRUE
 zmprov mcf zimbraReverseProxyGenConfigPerVirtualHostname TRUE

Re-write and restart Proxy

  • Restart the proxy to re-write the changes to proxy config
 zmproxyctl restart
  • Once the restart is successfull, try to access the domain using the URL which is set in "zimbraVirtualHostName" over https. And check the certificate loaded in the browser. In this case the URL will be https://example.com





Backup Script for Zimbra



Installation



# yum install epel-release -y
# yum install parallel wget httpie sqlite3 git -y




Download the latest package with the BETA tag in "Release" section, or git clone the development branch:
git clone -b 1.2-version https://github.com/lucascbeyeler/zmbackup.git



# cd zmbackup
# chmod +x install.sh
# ./install.sh
# su - zimbra
$ zmbackup -v
  zmbackup version: 1.2.3

Taking Full Backup


$ zmbackup -f
















Manusha

Manusha Amal

මගේ තියන අත්දැකීම් මේ බ්ලොග් එක කියවන ඔබට පේනවනේ, ඉතින් ඔයාලට ගැටළුවක් අවොත් මාව Contact කරගන්න පුළුවන්.

Post A Comment:

0 comments:

දිරියක් වෙන්න අදහස් පෙළක් දාන්න