Nginx configuration
z-push-config-nginx package provides the basic /etc/nginx/sites-available/z-push.conf file which has to be edited in order Z-Push to work properly with nginx.
z-push.conf
server {
server_name localhost; # Put your server name
# Uncomment the following lines to enable SSL support if not configured yet
#listen 443 ssl;
#listen [::]:443 ssl;
#ssl on;
#ssl_certificate /path/to/ssl.crt; # Put in the correct path
#ssl_certificate_key /path/to/ssl.key; # Put in the correct path
# If you're using PHP-FPM uncomment the following lines.
#include fastcgi_params;
#fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param REQUEST_URI $1;
#fastcgi_param PHP_FLAG "magic_quotes_gpc=off \n register_globals=off \n magic_quotes_runtime=off \n short_open_tag=on";
#fastcgi_param PHP_VALUE "post_max_size=20M \n upload_max_filesize=20M \n max_execution_time=3660";
#fastcgi_param HTTP_PROXY ""; # Mitigate https://httpoxy.org/ vulnerabilities
#fastcgi_read_timeout 3660; # Z-Push Ping might run 3600s, but to be safe
location ~* /Microsoft-Server-ActiveSync {
alias /usr/share/z-push/index.php;
access_log /var/log/nginx/z-push-access.log;
error_log /var/log/nginx/z-push-error.log;
# Attachments ca 15MB max (since binary data needs to be base64 encoded in mine, which results in in about 33% overhead)
client_max_body_size 20m;
client_body_buffer_size 128k;
# Select one of the fastcgi_pass values or adapt to your configuration
#fastcgi_pass unix:/var/run/php5-fpm.sock; # for PHP 5.X Debian/Ubuntu
#fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; # for PHP 7.X Debian/Ubuntu
#fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; # usually RedHat and its derivatives
#fastcgi_pass 127.0.0.1:9000; # default php-fpm config
}
location ~* /AutoDiscover/AutoDiscover.xml {
alias /usr/share/z-push/autodiscover/autodiscover.php;
access_log /var/log/nginx/z-push-autodiscover-access.log;
error_log /var/log/nginx/z-push-autodiscover-error.log;
# Select one of the fastcgi_pass values or adapt to your configuration
#fastcgi_pass unix:/var/run/php5-fpm.sock; # for PHP 5.X Debian/Ubuntu
#fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; # for PHP 7.X Debian/Ubuntu
#fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; # usually RedHat and its derivatives
#fastcgi_pass 127.0.0.1:9000; # default php-fpm config
#fastcgi_index autodiscover.php;
}
}
server_name - replace localhost with your Z-Push server's name so that nginx is able to process requests to Z-Push.
Make sure that the lines for SSL support are not commented and enter the correct path for ssl_certificate and ssl_certificate_key. Always run Z-Push with SSL-enabled otherwise the requests and responses containing sensitive information will be transmitted in plain text over the internet.
If you running nginx with PHP-FPM uncomment include and fastcgi_* lines. The maximum runtime for Ping requests is 3540 seconds, so fastcgi_read_timeout should be higher than this value.
In location ~* /Microsoft-Server-ActiveSync and location ~* /AutoDiscover/AutoDiscover.xml blocks find the fastcgi_pass value matching your distribution and uncomment the appropriate line. It is not necessary to add /autodiscover/autodiscover.xml or /Autodiscover/Autodiscover.xml locations as the provided location configuration is case insensitive and will be able to handle those locations as well.
Adjust access_log and error_log paths for nginx logging if necessary. Note: Those locations are for nginx logs, not for Z-Push logs!
It shouldn't be necessary to change permissions for Z-Push state or log directory if you have installed Z-Push from repositories. z-push-common package creates a z-push group which is able to write to those directories.
If you have installed Z-Push from a source file and want to have the same permission schema as the repository installation, execute the following steps as root:
/usr/bin/getent group z-push > /dev/null || /usr/sbin/groupadd -r z-push
/usr/bin/getent passwd nginx > /dev/null && /usr/sbin/usermod -a -G z-push nginx
chown -Rh :z-push /var/log/z-push /var/lib/z-push /etc/z-push/z-push.conf.php /etc/z-push/policies.ini