diff --git a/conf/jetty/jetty-setuid.xml b/conf/jetty/jetty-setuid.xml
new file mode 100644
index 0000000..15c51a1
--- /dev/null
+++ b/conf/jetty/jetty-setuid.xml
@@ -0,0 +1,123 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 23
+ zimbra
+ zimbra
+
+
+
+ 65536
+ 65536
+
+
+
+
+
+
+
diff --git a/conf/jetty/jetty.xml b/conf/jetty/jetty.xml
new file mode 100644
index 0000000..8470a97
--- /dev/null
+++ b/conf/jetty/jetty.xml
@@ -0,0 +1,870 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 1
+ 250
+ 10000
+ false
+
+
+
+ -
+
+
+
+
+
+ 7070
+ 60000
+
+
+
+
+
+ /etc/keystore
+ zimbra
+ zimbra
+
+ true
+
+
+
+ - TLSv1
+ - TLSv1.1
+ - TLSv1.2
+
+
+
+
+ - SSL_RSA_WITH_DES_CBC_SHA
+ - SSL_DHE_RSA_WITH_DES_CBC_SHA
+ - SSL_DHE_DSS_WITH_DES_CBC_SHA
+ - SSL_RSA_EXPORT_WITH_RC4_40_MD5
+ - SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
+ - SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
+ - SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
+
+
+
+
+
+
+ -
+
+ http/1.1
+
+
+ -
+
+
+
+
+
+ 7443
+ 60000
+
+
+
+
+
+ /etc/keystore
+ zimbra
+ zimbra
+
+
+
+
+
+ - SSL_RSA_WITH_DES_CBC_SHA
+ - SSL_DHE_RSA_WITH_DES_CBC_SHA
+ - SSL_DHE_DSS_WITH_DES_CBC_SHA
+ - SSL_RSA_EXPORT_WITH_RC4_40_MD5
+ - SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
+ - SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
+ - SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
+
+
+ true
+ false
+
+
+
+
+
+
+ -
+
+ http/1.1
+
+
+ -
+
+
+
+
+
+ 9443
+ 60000
+
+
+
+
+
+
+
+
+ -
+
+ http/1.1
+
+
+ -
+
+
+
+
+
+ 7071
+ 60000
+
+
+
+
+
+
+
+
+ -
+
+ http/1.1
+
+
+ -
+
+
+
+
+
+
+ 7073
+ 60000
+
+
+
+
+
+
+
+
+ -
+
+ http/1.1
+
+
+ -
+
+
+
+
+
+ 7072
+ 60000
+
+
+
+
+
+
+
+
+
+ true
+ false
+ requestedPath
+
+
+ -
+
+ REQUEST
+
+
+ -
+
+ ASYNC
+
+
+ -
+
+ ERROR
+
+
+ -
+
+ FORWARD
+
+
+
+
+
+
+
+
+
+
+
+
+
+ /Microsoft-Server-ActiveSync/*
+ /service/extension/zimbrasync
+
+
+
+
+
+
+ /ews/Exchange.asmx/*
+ /service/extension/zimbraews
+
+
+
+
+
+
+ /EWS/Exchange.asmx/*
+ /service/extension/zimbraews
+
+
+
+
+
+
+ /principals/*
+ /service/dav/principals
+
+
+
+
+
+
+ /dav/*
+ /service/dav/home
+
+
+
+
+
+
+ /.well-known/*
+ /service/.well-known
+
+
+
+
+
+
+ /home/*
+ /service/home/
+
+
+
+
+
+
+ /octopus/*
+ /service/octopus/
+
+
+
+
+
+
+ /shf/*
+ /service/shf/
+
+
+
+
+
+
+ /user/*
+ /service/user/
+
+
+
+
+
+
+ /certauth/*
+ /service/certauth
+
+
+
+
+
+
+ /spnegoauth/*
+ /service/spnego
+
+
+
+
+
+
+ /zimbra/home/*
+ /service/home
+
+
+
+
+
+
+ /zimbra/user/*
+ /service/user
+
+
+
+
+
+
+ /autodiscover/*
+ /service/autodiscover
+
+
+
+
+
+
+ /Autodiscover/*
+ /service/autodiscover
+
+
+
+
+
+
+ /AutoDiscover/*
+ /service/autodiscover
+
+
+
+
+
+
+
+ 9443
+ ^(/service/certauth)(/|/(.*))?$
+ 403
+ errResourceNotAllowedOnPort
+
+
+
+
+
+
+
+ /service/*
+ /service
+ true
+
+
+
+
+
+
+ /spnego/*
+ /spnego
+ true
+
+
+
+
+
+
+ /zimlet/*
+ /zimlet
+ true
+
+
+
+
+
+
+ /zimbraAdmin/*
+ /zimbraAdmin
+ true
+
+
+
+
+
+
+ /zimbra/*
+ /
+ true
+
+
+
+
+
+
+
+ /*
+ /
+
+
+
+
+
+
+
+ -
+
+
+ -
+
+
+ -
+
+
+
+
+
+
+
+
+
+
+ - org.eclipse.jetty.webapp.WebInfConfiguration
+ - org.eclipse.jetty.webapp.WebXmlConfiguration
+ - org.eclipse.jetty.webapp.MetaInfConfiguration
+ - org.eclipse.jetty.webapp.FragmentConfiguration
+ - org.eclipse.jetty.plus.webapp.EnvConfiguration
+ - org.eclipse.jetty.plus.webapp.PlusConfiguration
+ - org.eclipse.jetty.annotations.AnnotationConfiguration
+ - org.eclipse.jetty.webapp.JettyWebXmlConfiguration
+
+
+
+
+ - /webapps/zimlet
+ - /../zimlets-deployed
+
+
+
+
+
+
+ org.eclipse.jetty.server.webapp.ContainerIncludeJarPattern
+ .*/.*jsp-api-[^/]*\.jar$|.*/.*jsp-[^/]*\.jar$|.*/.*taglibs[^/]*\.jar$
+
+
+
+
+
+
+
+
+ org.eclipse.jetty.webapp.systemClasses
+
+
+ - java.
+ - javax.
+ - org.xml.
+ - org.w3c.
+ - org.apache.commons.logging.
+ - org.eclipse.jetty.continuation.
+ - org.eclipse.jetty.jndi.
+ - org.eclipse.jetty.plus.jaas.
+ - org.eclipse.jetty.websocket.
+ - org.eclipse.jetty.servlet.
+ - org.eclipse.jetty.servlets.
+ - org.eclipse.jetty.server.
+ - org.eclipse.jetty.io.
+ - org.eclipse.jetty.http.
+ - org.eclipse.jetty.security.
+ - org.eclipse.jetty.util.
+
+
+
+
+
+ org.eclipse.jetty.webapp.serverClasses
+
+
+ - -org.eclipse.jetty.continuation.
+ - -org.eclipse.jetty.jndi.
+ - -org.eclipse.jetty.plus.jass.
+ - -org.eclipse.jetty.websocket.
+ - -org.eclipse.jetty.servlet.
+ - -org.eclipse.jetty.servlets.
+ - -org.eclipse.jetty.server.
+ - -org.eclipse.jetty.io.
+ - -org.eclipse.jetty.http.
+ - -org.eclipse.jetty.security.
+ - -org.eclipse.jetty.util.
+ - -org.eclipse.jetty.apache.
+ - org.eclipse.jetty.
+
+
+
+
+
+ org.eclipse.jetty.server.Request.maxFormContentSize
+ 200000
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 2000
+ 90
+ 5
+ 4
+
+
+
+ 10000
+ 65
+
+
+
+
+ [
+
+
+ /../log/access_log.yyyy_mm_dd
+ dd/MMM/yyyy:HH:mm:ss Z
+ 30
+ true
+ true
+ yyyy-MM-dd
+ true
+ true
+
+
+ ]
+
+
+
+
+ - GET
+ - POST
+
+
+
+
+
+
+
+
+
+ [
+
+ ]
+ [
+
+ ]
+ [
+
+ ]
+ [
+
+ ]
+ [
+
+ ]
+
+
diff --git a/conf/jetty/jetty.xml.production b/conf/jetty/jetty.xml.production
new file mode 100644
index 0000000..3a74b48
--- /dev/null
+++ b/conf/jetty/jetty.xml.production
@@ -0,0 +1,959 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 10
+ %%zimbraHttpNumThreads%%
+ %%zimbraHttpThreadPoolMaxIdleTimeMillis%%
+ false
+
+
+
+ -
+
+
+
+
+
+ %%zimbraMailBindAddress%%
+ %%zimbraMailPort%%
+ %%zimbraHttpConnectorMaxIdleTimeMillis%%
+
+
+
+ %%comment VAR:zimbraMailMode,
+
+ %%
+
+
+
+
+ -
+
+
+
+
+
+ localhost
+ %%zimbraMailPort%%
+ %%zimbraHttpConnectorMaxIdleTimeMillis%%
+
+
+
+ %%comment VAR:zimbraMailLocalBind,
+
+
+ /etc/keystore
+ @@mailboxd_keystore_password@@
+ @@mailboxd_keystore_password@@
+
+ %%zimbraMailboxdSSLRenegotiationAllowed%%
+ %%
+
+
+ %%zimbraMailboxdSSLProtocolsXML%%
+
+
+ %%comment VAR:zimbraMailboxdSSLProtocolsXML,
+
+
+ %%zimbraSSLExcludeCipherSuitesXML%%
+
+
+ %%
+
+
+ %%zimbraSSLIncludeCipherSuitesXML%%
+
+
+ %%comment VAR:zimbraSSLIncludeCipherSuitesXML,
+
+
+
+ ,https,redirect,mixed,both%%
+
+
+
+
+
+ -
+
+ http/1.1
+
+
+ -
+
+
+
+
+
+ %%zimbraMailSSLBindAddress%%
+ %%zimbraMailSSLPort%%
+ %%zimbraHttpConnectorMaxIdleTimeMillis%%
+
+
+
+ %%comment VAR:zimbraMailMode,
+
+
+ ,Disabled%%
+
+ /etc/keystore
+ @@mailboxd_keystore_password@@
+ @@mailboxd_keystore_password@@
+ @@client_ssl_truststore@@
+ @@client_ssl_truststore_password@@
+
+
+
+ %%zimbraSSLExcludeCipherSuitesXML%%
+
+
+ %%contains VAR:zimbraMailSSLClientCertMode WantClientAuth^ true^ false%%
+ %%contains VAR:zimbraMailSSLClientCertMode NeedClientAuth^ true^ false%%
+
+
+
+
+
+
+ -
+
+ http/1.1
+
+
+ -
+
+
+
+
+
+ %%zimbraMailSSLClientCertBindAddress%%
+ %%zimbraMailSSLClientCertPort%%
+ %%zimbraHttpConnectorMaxIdleTimeMillis%%
+
+
+
+
+ %%uncomment VAR:zimbraMailSSLClientCertMode,
+
+
+
+
+
+
+
+
+
+ -
+
+ http/1.1
+
+
+ -
+
+
+
+
+
+ %%zimbraAdminBindAddress%%
+ %%zimbraAdminPort%%
+ 0
+
+
+
+
+
+
+
+
+ -
+
+ http/1.1
+
+
+ -
+
+
+
+
+
+ %%zimbraMtaAuthBindAddress%%
+ %%zimbraMtaAuthPort%%
+ 0
+
+
+
+
+ %%
+
+
+
+
+ -
+
+ http/1.1
+
+
+ -
+
+
+
+
+
+ localhost
+ %%zimbraAdminPort%%
+ 0
+
+
+
+ %%comment VAR:zimbraAdminLocalBind,
+
+
+
+
+
+
+
+ -
+
+ http/1.1
+
+
+ -
+
+
+
+
+
+ %%zimbraExtensionBindAddress%%
+ %%zimbraExtensionBindPort%%
+ %%zimbraHttpConnectorMaxIdleTimeMillis%%
+
+
+
+
+
+
+
+
+
+ true
+ false
+ requestedPath
+
+
+ -
+
+ REQUEST
+
+
+ -
+
+ ASYNC
+
+
+ -
+
+ ERROR
+
+
+ -
+
+ FORWARD
+
+
+
+
+
+
+
+
+
+ /Microsoft-Server-ActiveSync/*
+ /service/extension/zimbrasync
+
+
+
+
+
+
+ /ews/Exchange.asmx/*
+ /service/extension/zimbraews
+
+
+
+
+
+
+ /EWS/Exchange.asmx/*
+ /service/extension/zimbraews
+
+
+
+
+
+
+ /principals/*
+ /service/dav/principals
+
+
+
+
+
+
+ /dav/*
+ /service/dav/home
+
+
+
+
+
+
+ /.well-known/*
+ /service/.well-known
+
+
+
+
+
+
+ /home/*
+ /service/home/
+
+
+
+
+
+
+ /octopus/*
+ /service/octopus/
+
+
+
+
+
+
+ /shf/*
+ /service/shf/
+
+
+
+
+
+
+ /user/*
+ /service/user/
+
+
+
+
+
+
+ /certauth/*
+ /service/certauth
+
+
+
+
+
+
+ /spnegoauth/*
+ /service/spnego
+
+
+
+
+
+
+ %%zimbraMailURL%%/service/spnego/*
+ /service/spnego
+
+
+
+
+
+
+ %%zimbraMailURL%%/home/*
+ /service/home
+
+
+
+
+
+
+ %%zimbraMailURL%%/user/*
+ /service/user
+
+
+
+
+
+
+ /autodiscover/*
+ /service/autodiscover
+
+
+
+
+
+
+ /Autodiscover/*
+ /service/autodiscover
+
+
+
+
+
+
+ /AutoDiscover/*
+ /service/autodiscover
+
+
+
+
+ ,Disabled%%
+
+
+
+ %%zimbraMailSSLClientCertPort%%
+ ^(/service/certauth)(/|/(.*))?$
+ 403
+ errResourceNotAllowedOnPort
+
+
+
+ %%uncomment VAR:zimbraMailSSLClientCertMode,
+
+
+
+
+ /service/*
+ /service
+ true
+
+
+
+
+
+
+ /spnego/*
+ /spnego
+ true
+
+
+
+
+
+
+ /zimlet/*
+ /zimlet
+ true
+
+
+
+
+
+
+ %%zimbraAdminURL%%/*
+ %%zimbraAdminURL%%
+ true
+
+
+
+
+
+
+ %%zimbraMailURL%%/*
+ %%zimbraMailURL%%
+ true
+
+
+
+
+
+
+
+ /*
+ %%zimbraMailURL%%
+
+
+
+
+
+
+
+ -
+
+
+ -
+
+
+ -
+
+
+
+
+
+
+
+
+
+
+ - org.eclipse.jetty.webapp.WebInfConfiguration
+ - org.eclipse.jetty.webapp.WebXmlConfiguration
+ - org.eclipse.jetty.webapp.MetaInfConfiguration
+ - org.eclipse.jetty.webapp.FragmentConfiguration
+ - org.eclipse.jetty.plus.webapp.EnvConfiguration
+ - org.eclipse.jetty.plus.webapp.PlusConfiguration
+ - org.eclipse.jetty.annotations.AnnotationConfiguration
+ - org.eclipse.jetty.webapp.JettyWebXmlConfiguration
+
+
+ %%
+
+ - /webapps/zimlet
+ - /../zimlets-deployed
+
+
+
+
+
+ org.eclipse.jetty.server.webapp.ContainerIncludeJarPattern
+ .*/.*jsp-api-[^/]*\.jar$|.*/.*jsp-[^/]*\.jar$|.*/.*taglibs[^/]*\.jar$
+
+
+
+
+
+
+
+
+ org.eclipse.jetty.webapp.systemClasses
+
+
+ - java.
+ - javax.
+ - org.xml.
+ - org.w3c.
+ - org.apache.commons.logging.
+ - org.eclipse.jetty.continuation.
+ - org.eclipse.jetty.jndi.
+ - org.eclipse.jetty.plus.jaas.
+ - org.eclipse.jetty.websocket.
+ - org.eclipse.jetty.servlet.
+ - org.eclipse.jetty.servlets.
+ - org.eclipse.jetty.server.
+ - org.eclipse.jetty.io.
+ - org.eclipse.jetty.http.
+ - org.eclipse.jetty.security.
+ - org.eclipse.jetty.util.
+
+
+
+
+
+ org.eclipse.jetty.webapp.serverClasses
+
+
+ - -org.eclipse.jetty.continuation.
+ - -org.eclipse.jetty.jndi.
+ - -org.eclipse.jetty.plus.jass.
+ - -org.eclipse.jetty.websocket.
+ - -org.eclipse.jetty.servlet.
+ - -org.eclipse.jetty.servlets.
+ - -org.eclipse.jetty.server.
+ - -org.eclipse.jetty.io.
+ - -org.eclipse.jetty.http.
+ - -org.eclipse.jetty.security.
+ - -org.eclipse.jetty.util.
+ - -org.eclipse.jetty.apache.
+ - org.eclipse.jetty.
+
+
+
+
+
+ org.eclipse.jetty.server.Request.maxFormContentSize
+ %%zimbraHttpMaxFormContentSize%%
+
+
+
+
+
+
+
+
+
+
+ %%
+
+
+
+ Spnego Authentication Realm
+ /etc/spnego.properties
+
+
+
+
+
+
+ %%comment VAR:zimbraSpnegoAuthEnabled,
+
+ %%
+
+
+
+ 2000
+ 90
+ 5
+ 4
+ 10000
+ 65
+
+ [
+
+
+ /../log/access_log.yyyy_mm_dd
+ dd/MMM/yyyy:HH:mm:ss Z
+ 30
+ true
+ true
+ yyyy-MM-dd
+ true
+ true
+
+
+ ]
+
+ %%
+
+
+
+ - GET
+ - POST
+
+
+
+
+ %%comment VAR:zimbraHttpCompressionEnabled,
+
+ %%
+
+
+
+ [
+
+ ]
+ %%comment VAR:zimbraMailMode,
+
+ %%
+ [
+
+ ]
+ %%comment VAR:zimbraMailLocalBind,
+
+ ,https,redirect,mixed,both%%
+ [
+
+ ]
+ %%comment VAR:zimbraMailMode,
+
+ ,Disabled%%
+ [
+
+ ]
+ %%uncomment VAR:zimbraMailSSLClientCertMode,
+
+ [
+
+ ]
+ %%
+ [
+
+ ]
+ %%comment VAR:zimbraAdminLocalBind,
+
diff --git a/conf/jetty/jettyrc b/conf/jetty/jettyrc
new file mode 100644
index 0000000..8dd62a1
--- /dev/null
+++ b/conf/jetty/jettyrc
@@ -0,0 +1,5 @@
+JAVA_OPTIONS="-DSTART=${JETTY_HOME}/etc/start.config -DSTOP.PORT=7867 -DSTOP.KEY=stop -Dzimbra.config=/opt/zimbra/conf/localconfig.xml -Djava.library.path=/opt/zimbra/lib -Djava.endorsed.dirs=${JETTY_HOME}/common/endorsed"
+JETTY_CONSOLE=/opt/zimbra/log/jetty.out
+JETTY_RUN=/opt/zimbra/log
+JETTY_ARGS=" --module=zimbra,server,servlet,servlets,jsp,jstl,jmx,resources,websocket,ext,plus,rewrite,monitor,continuation,webapp jetty.home=${JETTY_HOME} jetty.base=${JETTY_HOME}"
+CONFIGS="etc/jetty.xml"
diff --git a/conf/jetty/log4j.properties b/conf/jetty/log4j.properties
new file mode 100644
index 0000000..fb4299e
--- /dev/null
+++ b/conf/jetty/log4j.properties
@@ -0,0 +1,11 @@
+# This file is used for jetty logging before service webapp is loaded when
+# log4j switches to the log4j.properties file in /opt/zimbra/conf.
+
+log4j.threshhold=OFF
+
+log4j.rootLogger=INFO,CONSOLE
+
+# CONSOLE is set to be a ConsoleAppender which outputs to System.out.
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=%-4r %-5p [%t] %c{1} - %m%n
diff --git a/conf/jetty/log4j.properties.production b/conf/jetty/log4j.properties.production
new file mode 100644
index 0000000..fb4299e
--- /dev/null
+++ b/conf/jetty/log4j.properties.production
@@ -0,0 +1,11 @@
+# This file is used for jetty logging before service webapp is loaded when
+# log4j switches to the log4j.properties file in /opt/zimbra/conf.
+
+log4j.threshhold=OFF
+
+log4j.rootLogger=INFO,CONSOLE
+
+# CONSOLE is set to be a ConsoleAppender which outputs to System.out.
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=%-4r %-5p [%t] %c{1} - %m%n
diff --git a/conf/jetty/modules/deploy.mod b/conf/jetty/modules/deploy.mod
new file mode 100644
index 0000000..d478386
--- /dev/null
+++ b/conf/jetty/modules/deploy.mod
@@ -0,0 +1,16 @@
+#
+# Deploy Feature
+#
+
+[depend]
+webapp
+
+[lib]
+lib/jetty-deploy-${jetty.version}.jar
+
+#[files]
+#webapps/
+
+#[xml]
+#etc/jetty-deploy.xml
+
diff --git a/conf/jetty/modules/npn/npn-1.7.0_51.mod b/conf/jetty/modules/npn/npn-1.7.0_51.mod
new file mode 100644
index 0000000..a067626
--- /dev/null
+++ b/conf/jetty/modules/npn/npn-1.7.0_51.mod
@@ -0,0 +1,9 @@
+[name]
+npn-boot
+
+[files]
+http://central.maven.org/maven2/org/mortbay/jetty/npn/npn-boot/1.1.6.v20130911/npn-boot-1.1.6.v20130911.jar:lib/npn/npn-boot-1.1.6.v20130911.jar
+
+[ini-template]
+--exec
+-Xbootclasspath/p:lib/npn/npn-boot-1.1.6.v20130911.jar
diff --git a/conf/jetty/modules/rewrite.mod b/conf/jetty/modules/rewrite.mod
new file mode 100644
index 0000000..6f4611f
--- /dev/null
+++ b/conf/jetty/modules/rewrite.mod
@@ -0,0 +1,14 @@
+
+#
+# Jetty Rewrite module
+#
+
+[depend]
+server
+
+[lib]
+lib/jetty-rewrite-${jetty.version}.jar
+
+#[xml]
+#etc/jetty-rewrite.xml
+
diff --git a/conf/jetty/modules/setuid.mod.in b/conf/jetty/modules/setuid.mod.in
new file mode 100644
index 0000000..8c6a96a
--- /dev/null
+++ b/conf/jetty/modules/setuid.mod.in
@@ -0,0 +1,46 @@
+#
+# Set UID Feature
+#
+
+[depend]
+server
+
+[lib]
+lib/setuid/jetty-setuid-java-1.0.3.jar
+
+[xml]
+etc/jetty-setuid.xml
+
+[ini-template]
+zimbraLmtpBindAddress=%%zimbraLmtpBindAddress%%
+zimbraLmtpBindPort=%%zimbraLmtpBindPort%%
+zimbraLmtpServerEnabled=%%truefalse VAR:zimbraLmtpServerEnabled%%
+
+zimbraPop3ServerEnabled=%%truefalse VAR:zimbraPop3ServerEnabled%%
+zimbraPop3BindAddress=%%zimbraPop3BindAddress%%
+zimbraPop3BindPort=%%zimbraPop3BindPort%%
+
+zimbraPop3SSLServerEnabled=%%truefalse VAR:zimbraPop3SSLServerEnabled%%
+zimbraPop3SSLBindAddress=%%zimbraPop3SSLBindAddress%%
+zimbraPop3SSLBindPort=%%zimbraPop3SSLBindPort%%
+
+zimbraImapServerEnabled=%%truefalse VAR:zimbraImapServerEnabled%%
+zimbraImapBindAddress=%%zimbraImapBindAddress%%
+zimbraImapBindPort=%%zimbraImapBindPort%%
+
+zimbraImapSSLServerEnabled=%%truefalse VAR:zimbraImapSSLServerEnabled%%
+zimbraImapSSLBindAddress=%%zimbraImapSSLBindAddress%%
+zimbraImapSSLBindPort=%%zimbraImapSSLBindPort%%
+
+zimbraSSLExcludeCipherSuites=%%zimbraSSLExcludeCipherSuites%%
+zimbraSSLIncludeCipherSuites=%%zimbraSSLIncludeCipherSuites%%
+zimbraMailboxdSSLProtocols=%%zimbraMailboxdSSLProtocols%%
+
+nio_imap_enabled=%%truefalse LOCAL:nio_imap_enabled%%
+
+mailboxd_keystore=@@mailboxd_keystore@@
+mailboxd_keystore_password=@@mailboxd_keystore_password@@
+mailboxd_truststore_password=@@mailboxd_truststore_password@@
+
+zimbra_uid=@@zimbra_uid@@
+zimbra_gid=@@zimbra_gid@@
diff --git a/conf/jetty/modules/zimbra.mod b/conf/jetty/modules/zimbra.mod
new file mode 100644
index 0000000..5b1b3f1
--- /dev/null
+++ b/conf/jetty/modules/zimbra.mod
@@ -0,0 +1,7 @@
+#
+# Zimbra module
+#
+
+[lib]
+common/lib/*.jar
+
diff --git a/conf/jetty/monitor.mod b/conf/jetty/monitor.mod
new file mode 100644
index 0000000..d35cd34
--- /dev/null
+++ b/conf/jetty/monitor.mod
@@ -0,0 +1,13 @@
+#
+# Jetty Monitor module
+#
+
+[depend]
+server
+client
+
+[lib]
+lib/monitor/jetty-monitor-${jetty.version}.jar
+
+#[xml]
+#etc/jetty-monitor.xml
diff --git a/conf/jetty/spnego/etc/krb5.ini b/conf/jetty/spnego/etc/krb5.ini
new file mode 100644
index 0000000..f315db6
--- /dev/null
+++ b/conf/jetty/spnego/etc/krb5.ini
@@ -0,0 +1,18 @@
+[libdefaults]
+default_realm = %%zimbraSpnegoAuthRealm%%
+default_keytab_name = FILE:/opt/zimbra/data/mailboxd/spnego/jetty.keytab
+default_tkt_enctypes = rc4-hmac,des-cbc-md4,des-cbc-crc
+default_tgs_enctypes = rc4-hmac,des-cbc-md4,des-cbc-crc
+
+
+[realms]
+%%zimbraSpnegoAuthRealm%% = {
+ default_domain = %%zimbraSpnegoAuthRealm%%
+}
+
+[domain_realm]
+.local = %%zimbraSpnegoAuthRealm%%
+
+[appdefaults]
+autologin = true
+forwardable=true
diff --git a/conf/jetty/spnego/etc/spnego.conf b/conf/jetty/spnego/etc/spnego.conf
new file mode 100644
index 0000000..cb912e9
--- /dev/null
+++ b/conf/jetty/spnego/etc/spnego.conf
@@ -0,0 +1,19 @@
+com.sun.security.jgss.initiate {
+ com.sun.security.auth.module.Krb5LoginModule required
+ principal="%%zimbraSpnegoAuthPrincipal%%"
+ useKeyTab=true
+ keyTab="/opt/zimbra/data/mailboxd/spnego/jetty.keytab"
+ storeKey=true
+ debug=true
+ isInitiator=false;
+};
+
+com.sun.security.jgss.accept {
+ com.sun.security.auth.module.Krb5LoginModule required
+ principal="%%zimbraSpnegoAuthPrincipal%%"
+ useKeyTab=true
+ keyTab="/opt/zimbra/data/mailboxd/spnego/jetty.keytab"
+ storeKey=true
+ debug=true
+ isInitiator=false;
+};
diff --git a/conf/jetty/spnego/etc/spnego.properties b/conf/jetty/spnego/etc/spnego.properties
new file mode 100644
index 0000000..c7cdd67
--- /dev/null
+++ b/conf/jetty/spnego/etc/spnego.properties
@@ -0,0 +1,7 @@
+targetName = %%zimbraSpnegoAuthTargetName%%
+# populateRoleData = true
+# ldapUrl =
+# ldapLoginName =
+# ldapLoginPassword =
+# ldapSearchBase =
+# ldapContextFactory = com.sun.jndi.ldap.LdapCtxFactory
diff --git a/conf/jetty/start.d/setuid.ini.in b/conf/jetty/start.d/setuid.ini.in
new file mode 100644
index 0000000..45a2620
--- /dev/null
+++ b/conf/jetty/start.d/setuid.ini.in
@@ -0,0 +1,32 @@
+zimbraLmtpBindAddress=%%zimbraLmtpBindAddress%%
+zimbraLmtpBindPort=%%zimbraLmtpBindPort%%
+zimbraLmtpServerEnabled=%%truefalse VAR:zimbraLmtpServerEnabled%%
+
+zimbraPop3ServerEnabled=%%truefalse VAR:zimbraPop3ServerEnabled%%
+zimbraPop3BindAddress=%%zimbraPop3BindAddress%%
+zimbraPop3BindPort=%%zimbraPop3BindPort%%
+
+zimbraPop3SSLServerEnabled=%%truefalse VAR:zimbraPop3SSLServerEnabled%%
+zimbraPop3SSLBindAddress=%%zimbraPop3SSLBindAddress%%
+zimbraPop3SSLBindPort=%%zimbraPop3SSLBindPort%%
+
+zimbraImapServerEnabled=%%truefalse VAR:zimbraImapServerEnabled%%
+zimbraImapBindAddress=%%zimbraImapBindAddress%%
+zimbraImapBindPort=%%zimbraImapBindPort%%
+
+zimbraImapSSLServerEnabled=%%truefalse VAR:zimbraImapSSLServerEnabled%%
+zimbraImapSSLBindAddress=%%zimbraImapSSLBindAddress%%
+zimbraImapSSLBindPort=%%zimbraImapSSLBindPort%%
+
+zimbraSSLExcludeCipherSuites=%%zimbraSSLExcludeCipherSuites%%
+zimbraSSLIncludeCipherSuites=%%zimbraSSLIncludeCipherSuites%%
+zimbraMailboxdSSLProtocols=%%zimbraMailboxdSSLProtocols%%
+
+nio_imap_enabled=%%truefalse LOCAL:nio_imap_enabled%%
+
+mailboxd_keystore=@@mailboxd_keystore@@
+mailboxd_keystore_password=@@mailboxd_keystore_password@@
+mailboxd_truststore_password=@@mailboxd_truststore_password@@
+
+zimbra_uid=@@zimbra_uid@@
+zimbra_gid=@@zimbra_gid@@
diff --git a/conf/jetty/webdefault.xml b/conf/jetty/webdefault.xml
new file mode 100644
index 0000000..52bf039
--- /dev/null
+++ b/conf/jetty/webdefault.xml
@@ -0,0 +1,519 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Default web.xml file.
+ This file is applied to a Web application before it's own WEB_INF/web.xml file
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ default
+ org.eclipse.jetty.servlet.DefaultServlet
+
+ acceptRanges
+ true
+
+
+ dirAllowed
+ false
+
+
+ redirectWelcome
+ false
+
+
+ maxCacheSize
+ 4000000
+
+
+ maxCachedFileSize
+ 254000
+
+
+ maxCachedFiles
+ 1000
+
+
+ cacheType
+ both
+
+
+ gzip
+ true
+
+
+ useFileMappedBuffer
+ false
+
+
+ 0
+
+
+ default /
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 5
+
+
+
+
+
+
+
+
+
+
+ art
+ image/x-jg
+
+
+ aim
+ application/x-aim
+
+
+ abs
+ audio/x-mpeg
+
+
+ avx
+ video/x-rad-screenplay
+
+
+ body
+ text/html
+
+
+ dib
+ image/bmp
+
+
+ htc
+ text/x-component
+
+
+ jad
+ text/vnd.sun.j2me.app-descriptor
+
+
+ jsf
+ text/plain
+
+
+ jspf
+ text/plain
+
+
+ m3u
+ audio/x-mpegurl
+
+
+ manifest
+ text/cache-manifest
+
+
+ mp1
+ audio/x-mpeg
+
+
+ mpega
+ audio/x-mpeg
+
+
+ mpv2
+ video/mpeg2
+
+
+ pct
+ image/pict
+
+
+ pict
+ image/pict
+
+
+ pls
+ audio/x-scpls
+
+
+ pnt
+ image/x-macpaint
+
+
+ pps
+ application/vnd.ms-powerpoint
+
+
+ psd
+ image/x-photoshop
+
+
+ qti
+ image/x-quicktime
+
+
+ qtif
+ image/x-quicktime
+
+
+ shtml
+ text/x-server-parsed-html
+
+
+ smf
+ audio/x-midi
+
+
+ svgz
+ image/svg
+
+
+ ulw
+ audio/basic
+
+
+ vsd
+ application/x-visio
+
+
+ Z
+ application/x-compress
+
+
+ zgz
+ text/javascript
+
+
+ dmg
+ application/octet-stream
+
+
+
+ index.html
+ index.htm
+ index.jsp
+
+
+
+
+ arISO-8859-6
+ beISO-8859-5
+ bgISO-8859-5
+ caISO-8859-1
+ csISO-8859-2
+ daISO-8859-1
+ deISO-8859-1
+ elISO-8859-7
+ enISO-8859-1
+ esISO-8859-1
+ etISO-8859-1
+ fiISO-8859-1
+ frISO-8859-1
+ hrISO-8859-2
+ huISO-8859-2
+ isISO-8859-1
+ itISO-8859-1
+ iwISO-8859-8
+ jaShift_JIS
+ koEUC-KR
+ ltISO-8859-2
+ lvISO-8859-2
+ mkISO-8859-5
+ nlISO-8859-1
+ noISO-8859-1
+ plISO-8859-2
+ ptISO-8859-1
+ roISO-8859-2
+ ruISO-8859-5
+ shISO-8859-5
+ skISO-8859-2
+ slISO-8859-2
+ sqISO-8859-2
+ srISO-8859-5
+ svISO-8859-1
+ trISO-8859-9
+ ukISO-8859-5
+ zhGB2312
+ zh_TWBig5
+
+
+
+
+ Disable TRACE
+ /
+ TRACE
+
+
+
+
+
+
diff --git a/conf/jetty/webdefault.xml.production b/conf/jetty/webdefault.xml.production
new file mode 100644
index 0000000..b2538b3
--- /dev/null
+++ b/conf/jetty/webdefault.xml.production
@@ -0,0 +1,540 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Default web.xml file.
+ This file is applied to a Web application before it's own WEB_INF/web.xml file
+
+
+
+
+
+
+
+
+
+ org.eclipse.jetty.webapp.NoTLDJarPattern
+ start.jar|ant-.*\.jar|dojo-.*\.jar|jetty-.*\.jar|jsp-api-.*\.jar|junit-.*\.jar|servlet-api-.*\.jar|dnsns\.jar|rt\.jar|jsse\.jar|tools\.jar|sunpkcs11\.jar|sunjce_provider\.jar|xerces.*\.jar
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ default
+ org.eclipse.jetty.servlet.DefaultServlet
+
+ acceptRanges
+ true
+
+
+ dirAllowed
+ false
+
+
+ redirectWelcome
+ false
+
+
+ maxCacheSize
+ 4000000
+
+
+ maxCachedFileSize
+ 254000
+
+
+ maxCachedFiles
+ 1000
+
+
+ cacheType
+ both
+
+
+ gzip
+ true
+
+
+ useFileMappedBuffer
+ true
+
+
+ 0
+
+
+ default /
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 5
+
+
+
+
+
+
+
+
+
+
+ art
+ image/x-jg
+
+
+ aim
+ application/x-aim
+
+
+ abs
+ audio/x-mpeg
+
+
+ avx
+ video/x-rad-screenplay
+
+
+ body
+ text/html
+
+
+ dib
+ image/bmp
+
+
+ htc
+ text/x-component
+
+
+ jad
+ text/vnd.sun.j2me.app-descriptor
+
+
+ jsf
+ text/plain
+
+
+ jspf
+ text/plain
+
+
+ m3u
+ audio/x-mpegurl
+
+
+ mp1
+ audio/x-mpeg
+
+
+ mpega
+ audio/x-mpeg
+
+
+ mpv2
+ video/mpeg2
+
+
+ pct
+ image/pict
+
+
+ pict
+ image/pict
+
+
+ pls
+ audio/x-scpls
+
+
+ pnt
+ image/x-macpaint
+
+
+ pps
+ application/vnd.ms-powerpoint
+
+
+ psd
+ image/x-photoshop
+
+
+ qti
+ image/x-quicktime
+
+
+ qtif
+ image/x-quicktime
+
+
+ shtml
+ text/x-server-parsed-html
+
+
+ smf
+ audio/x-midi
+
+
+ svgz
+ image/svg
+
+
+ ulw
+ audio/basic
+
+
+ js
+ application/x-javascript
+
+
+ vbs
+ application/x-vbs
+
+
+ vsd
+ application/x-visio
+
+
+ Z
+ application/x-compress
+
+
+ zgz
+ text/javascript
+
+
+ dmg
+ application/octet-stream
+
+
+
+
+ index.html
+ index.htm
+ index.jsp
+
+
+
+
+ arISO-8859-6
+ beISO-8859-5
+ bgISO-8859-5
+ caISO-8859-1
+ csISO-8859-2
+ daISO-8859-1
+ deISO-8859-1
+ elISO-8859-7
+ enISO-8859-1
+ esISO-8859-1
+ etISO-8859-1
+ fiISO-8859-1
+ frISO-8859-1
+ hrISO-8859-2
+ huISO-8859-2
+ isISO-8859-1
+ itISO-8859-1
+ iwISO-8859-8
+ jaShift_JIS
+ koEUC-KR
+ ltISO-8859-2
+ lvISO-8859-2
+ mkISO-8859-5
+ nlISO-8859-1
+ noISO-8859-1
+ plISO-8859-2
+ ptISO-8859-1
+ roISO-8859-2
+ ruISO-8859-5
+ shISO-8859-5
+ skISO-8859-2
+ slISO-8859-2
+ sqISO-8859-2
+ srISO-8859-5
+ svISO-8859-1
+ trISO-8859-9
+ ukISO-8859-5
+ zhGB2312
+ zh_TWBig5
+
+
+
+
+ Disable TRACE
+ /
+ TRACE
+
+
+
+
+
+
diff --git a/conf/jetty/zimbra.policy.example b/conf/jetty/zimbra.policy.example
new file mode 100644
index 0000000..d3a8bd6
--- /dev/null
+++ b/conf/jetty/zimbra.policy.example
@@ -0,0 +1,56 @@
+grant {
+//grant all code-level permissions
+ permission java.lang.RuntimePermission "*";
+ permission java.security.SecurityPermission "*";
+ permission java.net.NetPermission "*";
+ permission javax.management.MBeanServerPermission "*";
+ permission javax.management.MBeanPermission "*", "*";
+ permission javax.management.MBeanTrustPermission "*";
+ permission java.lang.management.ManagementPermission "control";
+ permission java.lang.management.ManagementPermission "monitor";
+ permission java.util.logging.LoggingPermission "control";
+ permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+ permission java.net.SocketPermission "*", "accept,resolve,listen,connect";
+ permission java.util.PropertyPermission "*", "read,write";
+ permission javax.net.ssl.SSLPermission "*";
+
+//Jetty internals
+ permission java.io.FilePermission "${jetty.home}/-", "read";
+ permission java.io.FilePermission "${jetty.home}/work/-", "read,write,delete";
+ permission java.io.FilePermission "etc/-", "read";
+ permission java.io.FilePermission "null", "read";
+
+//suppress spurious ACE from jetty startup file exists checks
+ permission java.io.FilePermission "/usr/share/java/ant.jar", "read";
+ permission java.io.FilePermission "", "read";
+
+//Java internals
+ permission java.io.FilePermission "${java.home}/-", "read";
+ permission java.io.FilePermission "${java.io.tmpdir}/-", "read,write,delete";
+//Mac Java install needs a bunch of possible paths; these are checked by JSP compiler and may or may not really exist but ACE will be fatal
+ permission java.io.FilePermission "/Library/Java/-", "read";
+ permission java.io.FilePermission "/System/Library/Java/-", "read";
+ permission java.io.FilePermission "/System/Library/Frameworks/JavaVM.framework/-", "read";
+ permission java.io.FilePermission "/Users/-", "read";
+
+//Zimbra internals
+ permission java.io.FilePermission "${zimbra.home}/conf/-", "read";
+ permission java.io.FilePermission "${zimbra.home}/-", "read";
+ permission java.io.FilePermission "im/-", "read"; //IM module in HELIX
+
+//Zimbra data
+ permission java.io.FilePermission "${zimbra.home}/log", "read,write,delete";
+ permission java.io.FilePermission "${zimbra.home}/log/-", "read,write,delete";
+ permission java.io.FilePermission "${zimbra.home}/zmstat", "read, write, delete";
+ permission java.io.FilePermission "${zimbra.home}/zmstat/-", "read, write, delete";
+ permission java.io.FilePermission "${zimbra.home}/store", "read, write, delete";
+ permission java.io.FilePermission "${zimbra.home}/store/-", "read, write, delete";
+ permission java.io.FilePermission "${zimbra.home}/index", "read, write, delete";
+ permission java.io.FilePermission "${zimbra.home}/index/-", "read, write, delete";
+ permission java.io.FilePermission "${zimbra.home}/data", "read, write, delete";
+ permission java.io.FilePermission "${zimbra.home}/data/-", "read, write, delete";
+ permission java.io.FilePermission "${zimbra.home}/redolog", "read, write, delete";
+ permission java.io.FilePermission "${zimbra.home}/redolog/-", "read, write, delete";
+ permission java.io.FilePermission "${zimbra.home}/zimlets-deployed/-", "read, write, delete";
+
+};