Op 28-04-2022 om 07:30 schreef Aki Tuomi:
On 27/04/2022 22:14 Kees van Vloten keesvanvloten@gmail.com wrote:
Hi all,
I am trying to setup dovecot to listen to imaps on the local network and through haproxy from the internet.
service imap-login { inet_listener imaps { port = 993 ssl = yes } inet_listener imaps_haproxy { haproxy = yes port = 10993 ssl = yes } }
Obviously the dns-name on the internet connection (10993) is different than on the lan (993).
In the docs (https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/) I found multiple options, but unfortunately none of those have the option to distinguish per listen port.
Is there a way to setup two different certificates for the two listeners?
- Kees Hi!
Currently port is not supported. What we usually recommend here is that you use haproxy to distribute connections to different local IP addresses and use
local 127.0.0.5/32 { ssl_cert=
Aki
Hi Aki,
Would it then look like this?
Internet -> haproxy on dmz-server -> haproxy on mailserver -> dovecot on 127.0.0.5
- Kees