Recommended Services
Supported Scripts
DebianLinuxMail ServersRedHatZimbra

How to Run Zimbra on Both HTTP and HTTPS

Zimbra mail server configured to run on both HTTP and HTTPS using zmproxyconfig and zmtlsctl commands
IAMEM HOSTING HOST
 February 2, 2016 No Comments

By default, a Zimbra installation restricts access to the Admin Portal and Zimbra Webmail to HTTPS only. In certain environments — such as internal networks, development setups, or during SSL migration — you may need Zimbra to accept both HTTP and HTTPS connections simultaneously. This guide walks you through exactly how to do that using the built-in Zimbra CLI tools.

Prerequisites

  • Zimbra Collaboration Suite 8.x or later installed on CentOS / Debian / Ubuntu
  • Root or sudo access to the server
  • Zimbra services currently running (zmcontrol status should show all services up)

Step 1: Disable SSL Upstream Proxy

First, disable the ProxySSLUpstream setting. This tells the Zimbra reverse proxy (Nginx) to stop forcing SSL for upstream communication, which is required before switching to dual-mode:

zmprov ms `zmhostname` zimbraReverseProxySSLToUpstreamEnabled FALSE

Step 2: Reconfigure the Zimbra Nginx Proxy

Reconfigure the Zimbra Nginx reverse proxy to listen on both standard HTTP (port 80/8080) and HTTPS (port 443/8443) simultaneously. The -x both flag enables dual-mode and the port mapping 8080:80:8443:443 maps the internal proxy ports to the public-facing ports:

/opt/zimbra/libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both -H `zmhostname`

Step 3: Set Zimbra Mail Mode to Both HTTP and HTTPS

Now configure Zimbra’s mail mode and reverse proxy mail mode to accept both protocols. Run all three commands in sequence:

zmtlsctl both
zmprov ms `zmhostname` zimbraReverseProxyMailMode both
zmprov ms `zmhostname` zimbraMailMode both

Note: zmtlsctl both must be run as the zimbra system user. If you are logged in as root, prefix the command with su zimbra -c as shown in the restart step below.

Step 4: Restart the Zimbra Service

Restart all Zimbra services to apply the changes:

su zimbra -c "zmcontrol restart"

The restart process takes approximately 1–3 minutes. Once complete, verify that services are running:

su zimbra -c "zmcontrol status"

Verification

After the restart, confirm that Zimbra is accessible on both protocols:

  • HTTP Webmail: http://your-zimbra-domain.com
  • HTTPS Webmail: https://your-zimbra-domain.com
  • HTTP Admin: http://your-zimbra-domain.com:7071
  • HTTPS Admin: https://your-zimbra-domain.com:7071

If a service fails to start, check the Zimbra logs at /opt/zimbra/log/ — specifically nginx.log and mailbox.log — for error messages.