A sample nginx + php-fpm pool config for Kolab 3. Roundcube web client will be accessible from "https://mail.example.net", Kolab web administration from "https://mail.example.net/kolab-webadmin". Attempt to set all php variables using "fastcgi_param PHP_VALUE" resulted in strange behaviour, so they're set in php-fpm pools. Please note that sligh…

nginx.kolab3.conf

# http part, may want to move that to nginx.conf, but will work here also
fastcgi_cache_path /var/lib/nginx/fastcgi/ levels=1:2 keys_zone=kolab3.example.net:16m max_size=256m inactive=1d;
fastcgi_temp_path /var/lib/nginx/fastcgi/temp 1 2;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header http_500;

server {
    listen 80; 
    server_name kolab3.example.net;
    rewrite ^ https://$server_name$request_uri permanent;  # enforce https
}
server {
    listen          443 ssl;
    server_name	.kolab3.example.net;

    access_log      /var/log/nginx/access_kolab3.example.net_ssl.log;
    error_log       /var/log/nginx/error_kolab3.example.net_ssl.log;

    ssl                  on;
    ssl_certificate      /etc/ssl/certs/ssl-cert-snakeoil.pem;       # dummy certificate, please create your own
    ssl_certificate_key  /etc/ssl/private/ssl-cert-snakeoil.key;     # dummy certificate key, please create your own

    #-------------------------------------------------
    # cache settings
    #-------------------------------------------------
    open_file_cache max=1024 inactive=1m; 
    open_file_cache_valid    90s; 
    open_file_cache_min_uses 2;

    #-------------------------------------------------
    # Common Fastcgi settings
    #-------------------------------------------------
    fastcgi_param HTTPS on;
    fastcgi_keep_conn on;
    fastcgi_cache kolab3.example.net;
    fastcgi_cache_valid 200 302 304 10m;
    fastcgi_cache_valid 301 1h;
    fastcgi_cache_min_uses 2;
    fastcgi_buffers 256 4k;
    fastcgi_busy_buffers_size 8k;
    fastcgi_temp_file_write_size 8k;

    #-------------------------------------------------
    # roundcube mail
    #-------------------------------------------------
    location / {
        index index.php;
        root  /usr/share/roundcubemail;
        client_max_body_size 30M; # set maximum upload size for mail attachments

        # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
        location ~ ^/(README(.md)?|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
            deny all;
        }
        location ~ ^/(bin|SQL|config|logs)/ {
            deny all;
        }
	location ~^/program/(include|lib|localization|steps)/ {
	    deny all;
	}
        location ~ /\. {
            deny all;
            access_log off;
            log_not_found off;
        }

        # enable php
        location ~ \.php$ {
            include fastcgi_params;
    	    fastcgi_split_path_info ^(.+\.php)(/.*)$;
            fastcgi_pass unix:/var/run/php5-roundcube.sock;
            fastcgi_param SCRIPT_FILENAME $request_filename;
        }
    }

    #-------------------------------------------------
    # kolab web administration panel
    #-------------------------------------------------
    location /kolab-webadmin {
        index index.php;
        alias /usr/share/kolab-webadmin/public_html;
        try_files $uri $uri/ @kolab-wapapi;

        # enable php
        location ~ \.php$ {
            include fastcgi_params;
            fastcgi_pass unix:/var/run/php5-wap.sock;
            fastcgi_param SCRIPT_FILENAME $request_filename;
	    # Without this, PHPSESSION is replaced by webadmin-api X-Session-Token
    	    fastcgi_param PHP_VALUE "session.auto_start=0
    	    session.use_cookies=0";
    	    fastcgi_pass_header X-Session-Token;
        }
    }
    # kolab-webadmin api
    location @kolab-wapapi {
        rewrite ^/kolab-webadmin/api/(.*)\.(.*)$ /kolab-webadmin/api/index.php?service=$1&method=$2 last;
    }

    #-------------------------------------------------
    # Kolab syncroton ActiveSync
    #-------------------------------------------------
    location /Microsoft-Server-ActiveSync {
        alias  /usr/share/kolab-syncroton/index.php;

        client_max_body_size 30M; # set maximum upload size for mail attachments

        include fastcgi_params;
        fastcgi_index index.php;
        fastcgi_pass unix:/var/run/php5-syncroton.sock;
        fastcgi_param SCRIPT_FILENAME /usr/share/kolab-syncroton/index.php;
    }

    #-------------------------------------------------
    # Kolab freebusy
    #-------------------------------------------------
    location /freebusy {
        alias  /usr/share/kolab-freebusy/public_html/index.php;

        include fastcgi_params;
        fastcgi_index index.php;
        fastcgi_pass unix:/var/run/php5-freebusy.sock;
        fastcgi_param SCRIPT_FILENAME /usr/share/kolab-freebusy/public_html/index.php;
    }
}

php5-fpm_pool.d_kolab-freebusy.conf

[kolab-freebusy]
user = www-data
group = www-data
listen = /var/run/php5-freebusy.sock
pm = dynamic
pm.max_children = 40
pm.start_servers = 15
pm.min_spare_servers = 10
pm.max_spare_servers = 20
chdir = /

php5-fpm_pool.d_kolab-syncroton.conf

[kolab-syncroton]
user = www-data
group = www-data
listen = /var/run/php5-syncroton.sock
pm = dynamic
pm.max_children = 40
pm.start_servers = 15
pm.min_spare_servers = 10
pm.max_spare_servers = 20
chdir = /

php5-fpm_pool.d_kolab-wap.conf

[kolab-wap]
user = www-data
group = www-data
listen = /var/run/php5-wap.sock
pm = dynamic
pm.max_children = 40
pm.start_servers = 15
pm.min_spare_servers = 10
pm.max_spare_servers = 20
chdir = /

php5-fpm_pool.d_roundcube.conf

[roundcubemail]
user = www-data
group = www-data
listen = /var/run/php5-roundcube.sock
pm = dynamic
pm.max_children = 40
pm.start_servers = 15
pm.min_spare_servers = 10
pm.max_spare_servers = 20
chdir = /
# Derived from .htaccess of roundcube
php_flag[display_errors] = Off
php_flag[log_errors] = On

php_value[upload_max_filesize] = 30M
php_value[post_max_size] = 30M

php_flag[zlib.output_compression] = Off
php_flag[magic_quotes_gpc] = Off
php_flag[magic_quotes_runtime] = Off
php_flag[zend.ze1_compatibility_mode] = Off
php_flag[suhosin.session.encrypt] = Off

php_flag[session.auto_start] = Off
php_value[session.gc_maxlifetime] = 21600
php_value[session.gc_divisor] = 500
php_value[session.gc_probability] = 1

# http://bugs.php.net/bug.php?id=30766
php_value[mbstring.func_overload] = 0

ActiveSync needs the suhosin encryption bypass too

php_flag[suhosin.session.encrypt] = Off

in

php5-fpm_pool.d_kolab-syncroton.conf

Hi, I'm pretty keen to try this one on a Debian Wheezy. Can you please let me know what've you used for initial Kolab setup ? I assume you haven't used the default setup-kolab ?

Thank you.

on the php5-fpm conf files, i was getting permission denied errors

https://stackoverflow.com/questions/23443398/nginx-error-connect-to-php5-fpm-sock-failed-13-permission-denied/23487409#23487409

so added these lines to the conf files
listen.owner = www-data
listen.group = www-data
listen.mode = 0660

This basically works good for me, but I noticed that my iphone don't automatically detect new mails in idle state. If I check for new mails manually, they arrive at my iphone.

If I switch back to the apache, everything works like charm.

The following errors occur in the nginx error.log:

[error] 5211#0: *79 upstream timed out (110: Connection timed out) while reading response header from upstream, client: xx.xx.xx.xx, server: domain.com, request: "POST /Microsoft-Server-ActiveSync?User=mail@domain.com&DeviceId=ApplF99ATZEZFFG8&DeviceType=iPhone&Cmd=Ping HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-syncroton.sock", host: "domain.com"

works nicely on debian with a few minor changes:
had to change the php conf files according to quiricada

also the nginx documentation http://nginx.org/en/docs/http/converting_rewrite_rules.html recommends using 301 redirect instead of rewrite

return 301 https://$server_name$request_uri;