On 22/8/2015 10:38 πμ, Stephan Bosch wrote:
Why are you putting this in the auth service? That makes no sense.
Sorry for my ignorance.
This needs to be put in the services that you want to enable the haproxy protocol for. For pop and imap those are the login sevices pop3-login and imap-login.
...
Note that this will prevent normal clients from connecting to port 143, since the server is expecting the PROXY header. It will drop the connection if it is absent. If you need to retain normal client access, e.g. for a webmail client, the haproxy listener can be put on a different port.
Thank you Stephan. Following your advice, I configured as follows:
service imap-login {
service_count = 1
vsz_limit = 128 M
inet_listener {
haproxy = yes
port = 23001
ssl = no
}
inet_listener {
haproxy = yes
port = 23003
ssl = yes
}
}
service pop3-login {
service_count = 1
vsz_limit = 128 M
inet_listener {
haproxy = yes
port = 23002
ssl = no
}
inet_listener {
haproxy = yes
port = 23004
ssl = yes
}
}...and everything seems to be working fine. Obviously, the proxy sends requests to different ports. For example, requests received by the proxy at port 993 are sent to dovecot's port 23003 etc.
If you think the config could be better/cleaner, I would appreciate your advice.
One final (I hope) question: I would like to see in dovecot logs which requests come from the proxy. Can we "stamp" log entries originating from different listeners with a configurable label?
Many thanks, Nick