Combine director and HAProxy for loadbalancig and failover
Steven Varco
dovecot.org at bbs.varco.ch
Sat Dec 5 19:02:36 EET 2020
Hi All
I’m trying to achive an active/active cluster with dovecot-director and HAProxy, as the director does not do health checks (loadblancing only) and I want both, loadblancing AND failover, where the latter is far more important to me (loadblancing I would just use as an addon and for curiosity, it is not really need in my setup).
However, I’m not sure if this combination can be used that way, as I found almost no documentation on this.
What I found is using either directory OR haproxy with dovecot, but not both.
So I guess, that the description here is intended to use without the director: https://wiki2.dovecot.org/HAProxy
This older list post is basically exaclty, what I’m trying to achive: https://dovecot.org/pipermail/dovecot/2015-July/101487.html
Clients --> Load Balancer(HAProxy) --> Dovecot Proxy(DP) --> Dovecot Director(DD) --> MS1 / MS2
As far as I understood, this would require to (statically) set a host= entry for each client which would give another single point of failure?
However reading the documentation: https://doc.dovecot.org/configuration_manual/haproxy/ assumes that this setup IS actually possible.
Unfortunately it does not describe how dovecot must be setup at this point.
So I assume since HAProxy is listening on port 1143 (for IMAP) and dovecot (with directror enabled) is listening on port 143, which is the main entry point for clients. So in this setup dovecot-director should first pass the mail traffic to HAProxy on port 1143 and then HAProxy passes it to the actual imap servers?
So how would the dovecot setup on the director servers look like and how on the dovecot imap mail servers?
My setup consist of each two machines: loadblancer (with HAProxy and dovecot-director) and dovecot imap servers.
Last but not least, I found documentation for „dovemon“, which, if I got that correctly, should replace the external tool „poolmon“: https://doc.dovecot.org/configuration_manual/dovemon/ - However, I could not find out where the configuration YAML file (/etc/dovecot/dovemon.config.yml) should get included in the main dovecot configuration. By default this file would not be included at all and therefore would have no effect…
thanks.
Steven
My setup:
LOADBALANCERS:
Currently one only running on: 10.0.2.26
haproxy: Exactly as: https://doc.dovecot.org/configuration_manual/haproxy/ where the backend servers line have been replaced with the mail servers.
dovecot -n
# 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.24 (124e06aa)
# OS: Linux 3.10.0-1127.19.1.el7.x86_64 x86_64 CentOS Linux release 7.8.2003 (Core)
# Hostname: lb01.example.com
auth_verbose = yes
director_mail_servers = 10.0.2.30 10.0.2.29
director_servers = 10.0.2.26
disable_plaintext_auth = no
first_valid_uid = 1000
haproxy_trusted_networks = 10.0.2.0/24
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = proxy=y ssl=any-cert nopassword=y
driver = static
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = imap pop3 lmtp sieve
service director {
fifo_listener login/proxy-notify {
mode = 0666
}
inet_listener {
port = 9090
}
unix_listener director-userdb {
mode = 0600
}
unix_listener login/director {
mode = 0666
}
}
service imap-login {
executable = imap-login director
inet_listener imap {
port = 143
}
inet_listener imap_haproxy {
haproxy = yes
port = 10143
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
service pop3-login {
executable = pop3-login director
}
ssl_cert = </etc/letsencrypt/live/mail-lb.tech-island.xyz/fullchain.pem
ssl_key = # hidden, use -P to show it
verbose_proctitle = yes
protocol lmtp {
auth_socket_path = director-userdb
mail_plugins = " sieve"
}
protocol lda {
mail_plugins = " sieve"
}
MAIL SERVERS:
mx01: 10.0.2.30
mx02: 10.0.2.29
dovecot -n
# 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.24 (124e06aa)
# OS: Linux 3.10.0-1127.19.1.el7.x86_64 x86_64 CentOS Linux release 7.8.2003 (Core)
# Hostname: mx01.example.com
auth_mechanisms = plain login
auth_verbose = yes
dict {
sqlquota = mysql:/etc/dovecot/dict-sqlquota.conf.ext
}
doveadm_password = # hidden, use -P to show it
doveadm_port = 14310
first_valid_uid = 1000
login_trusted_networks = 10.0.2.0/24
mail_location = maildir:~/Maildir
mail_plugins = quota notify replication
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
separator = /
type = private
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
mail_replica = tcp:10.0.2.29
quota = maildir:User quota
quota_exceeded_message = Quota exceeded, please go to http://www.tech-island.xyz/over_quota_help for instructions on how to fix this.
quota_rule2 = INBOX.Trash:storage=+100M
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Mailbox is full / Mailbox ist voll
quota_status_success = DUNNO
quota_warning = storage=90%% quota-warning 90 %u
quota_warning2 = -storage=90%% quota-warning below %u
sieve = file:~/sieve;active=~/.dovecot.sieve
}
postmaster_address = postmaster at tech-island.xyz
protocols = imap pop3 lmtp sieve
replication_dsync_parameters = -d -l 30 -U
service aggregator {
fifo_listener replication-notify-fifo {
user = vmail
}
unix_listener replication-notify {
user = vmail
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
user = vmail
}
}
service dict {
unix_listener dict {
user = vmail
}
}
service doveadm {
inet_listener {
port = 14310
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
inet_listener {
port = 14340
}
}
service quota-warning {
executable = script /usr/local/libexec/dovecot/quota-warning.sh
unix_listener quota-warning {
user = vmail
}
user = vmail
}
service replicator {
process_min_avail = 1
unix_listener replicator-doveadm {
mode = 0600
user = vmail
}
}
ssl = required
ssl_cert = </etc/ssl/acme/certs/mail.tech-island.xyz.chain.crt
ssl_key = # hidden, use -P to show it
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
verbose_proctitle = yes
protocol lmtp {
mail_plugins = quota notify replication sieve
}
protocol lda {
mail_plugins = quota notify replication sieve
}
protocol imap {
mail_max_userip_connections = 20
mail_plugins = quota notify replication imap_quota
}
--
https://steven.varco.ch/
More information about the dovecot
mailing list