(Updated: June 8, 2013. I’ve updated this post to clarify based on some questions I’ve received).
For the clueless, ActiveSync is the protocol that allows you to sync your Mail, Calendar, Contacts, and Tasks with your messaging provider. Your two options to have an ActiveSync server is through a cloud solution (e.g Gmail, Outook.com, etc.) or running your own Exchange Server. Licensing Exchange will set you back $708 plus $68/user.
Or, you could roll your own ActiveSync server for free using Zimbra and Z-Push… (this is more fun anyway).
Here’s how to set up https on webmail and activesync on Zimbra sharing the same IP. You need an “mx” server that acts as a proxy to your web server. So on your internal DNS mx.example.com/activesync.example.com should resolve to your MX server, and mail.example.com resolves to your Zimbra server. On external DNS everything needs to resolve to your MX server, and it will handle activesync and also act as a proxy server to Zimbra’s webmail (for SNI capable browsers).
1. Install two 64-bit Ubuntu 12.04 LTS servers. Name one MX (this is your mail relay server and ActiveSync and Webmail Proxy Server) and the other one Mail (this is your Zimbra mail server).
On the Mail Server
2. Install Zimbra on your Mail server.
Create a user and make sure you can login as a user to webmail on this server before proceeding.
On the Mail Relay Server
3. Setup LAMP on the MX…
tasksel (then select lamp)
3. Get Signed Certificates for mail.example.com and activesync.example.com
4. Enable Mod SSL and Mod Proxy
4. Follow the instructions here for setting up Z-Push on HTTPS: http://vwiki.co.uk/Z-Push_v2_with_Zimbra
Make sure you can connect to ActiveSync, I haven’t figured out how to get autodiscover working so you’ll have to put the servername in manually. After you get Z-Push working with a mobile device, go on to the next step…
5. Setup SNI on Apache2 so that you can host Webmail and ActiveSync/Z-Push from the same external IP.
The idea is hopefully any browsers you use to access webmail will be new enough to support SNI so you can use Apache on the MX server to route ActiveSync and Webmail requests based on the subdomain they hit. Z-Push is set as the default virtualhost so it will work with all mobile devices whether or not they support SNI.
Just make your /etc/apache2/sites-available/default-ssl look something like this:
<IfModule mod_ssl.c> # you may need to set the below value to off SSLStrictSNIVHostCheck on <VirtualHost *:443> ServerAdmin firstname.lastname@example.org # Indexes + Directory Root. DirectoryIndex index.php DocumentRoot /var/www/z-push/ #DocumentRoot /var/www/ Alias /Microsoft-Server-ActiveSync /var/www/z-push/index.php <Directory /> AllowOverride All </Directory> php_flag magic_quotes_gpc off php_flag register_globals off php_flag magic_quotes_runtime off php_flag short_open_tag on # Logfiles ErrorLog /var/log/apache2/z-push/error.log CustomLog /var/log/apache2/z-push/access.log combined # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # Server Certificate: SSLCertificateFile /etc/apache2/ssl/activesync.example.com.crt # Server Private Key: SSLCertificateKeyFile /etc/apache2/ssl/activesync.example.com.key # Server Certificate Chain: SSLCertificateChainFile /etc/apache2/ssl/chain.crt # Certificate Authority (CA): SSLCACertificateFile /etc/apache2/ssl/ca.crt </VirtualHost> <VirtualHost *:443> DocumentRoot /var/www ServerName mail.example.com ServerAdmin email@example.com # Indexes + Directory RoNoneot. DirectoryIndex index.html index.php ProxyPreserveHost On SSLProxyENgine On ProxyVia full <proxy> Order deny,allow Allow from all </proxy> # 10.0.0.2 should be the IP of your Zimbra server... ProxyPass / https://10.0.0.2/ ProxyPassReverse / https://10.0.0.2/ SSLEngine on # Server Certificate: SSLCertificateFile /etc/apache2/ssl/mail.example.com.crt # Server Private Key: SSLCertificateKeyFile /etc/apache2/ssl/mail.example.com.key # Server Certificate Chain: SSLCertificateChainFile /etc/apache2/ssl/chain.crt # Certificate Authority (CA): SSLCACertificateFile /etc/apache2/ssl/ca.crt </VirtualHost> </IfModule>
6. Test SNI
Now, if you access https://mail.example.com it should serve up Zimbra’s webmail via proxy, and https://mx.example.com or https://activesync.example.com should provide ActiveSync via Z-Push.