On 05/12/2020 14:41 Richard Mader dovecot@mader.dev wrote:
How can I setup Dovecot director in a NAT like environment?
My mailservers are running within docker and one of them behind a router, so the IP that dovecot binds to does not match the IP that other mailservers have to use to connect to them.
Since when running director the servers connect to each other, I'd guess I'd have to set the external IP of the servers in the "director_servers". If I do that I'm unable to start the director nodes since they cannnot find out which of the addresses is their own. I had a quick peek at the sourcecode and director detects its own address by trying to bind to all of the addresses. Since we're behind a NAT, that will of course fail for its external IP.
You can't run it behind NAT.
When I set the local address or localhost in the "director_servers" directive, then the director nodes are able to start but they are denied when connecting to other nodes. When using the NAT-internal IP I've got the following error:
Error: Remote director thinks it's someone else (connected to <other-directors-external-ip>:9090, remote says it's <other-directors-internal-ip>:9090) When using localhost/127.0.0.1 then I get: Info: Connecting to <other-directors-external-ip>:9090 (as 127.0.0.1): Alone in director ring - trying to connect to others Error: connect(<other-directors-external-ip>:9090) failed: Invalid argument
Is it somehow possible to tell director which of the addresses within "director_servers" is its own address, that it then advertises to other servers, instead of trying figuring that out itself by trying to bind to all ip-addresses on startup? Kafka e.g. has the "advertised.listeners" property to set a custom host to announce to clients and to other Kafka nodes.
If there is not such a property or any other workaround, I might consider implementing this into director myself. Although I might need some help getting started since this is my first time contributing to a non Scala/Java or Typescript/NodeJS Project. So far I've discovered that Github seems to be the official repo and is not just a mirror and I was able to compile it on my machine. Now I've got questions such as, where can I find the binaries that I've just compiled and whats the best way to get them running locally and to test my changes, where are unit tests located, ...?
Thank you for your offer, but we have no real desire to enhance directors to work behind NAT. They are not intended to be used like that. You need to fix your network infrastructure instead.
Also, GitHub is actually a mirror, and not the official repo. The official repo is not accessible to the public internet, but we accept pull requests there.
Best Regards, Richard
Kind regards, Aki Tuomi