Thousands of SSL certificates stalls new logins during reload - problem with Dovecot config process

Bartosz Kwitniewski zerg-dovecot at uid0.pl
Sun Sep 4 16:48:23 UTC 2022


On 04/09/2022 07:22, spi wrote:
> 
> 04.09.2022 01:01:16 Bartosz Kwitniewski <zerg-dovecot at uid0.pl>:
> 
> 
>> For now they are on the same machine, we have to write our own panel for clients to get more freedom in backend choices. I was looking into HAProxy for SSL termination, but it does not support STARTTLS.
>>
>> I'll try to look for workaround next week, but haven't used C for ages.
>>
>> Best regards,
>> --
>> Bartosz Kwitniewski
> 
> Nginx can be used as reverse proxy for dovecot to terminate tls and load balance. It can also be used to verify client certificates (access only with valid client certificate and route access to backend based on client certificate).
> 
> Cheers,
> spi

It seems that Nginx can actually support SMTP/IMAP/POP3 STARTTLS and 
PROXY protocol to backend. I have missed that, thank You.

Best regards,
--
Bartosz Kwitniewski


More information about the dovecot mailing list