On 03.06.2016 16:00, KT Walrus wrote:
btw, what is the reasong for NGINX proxy anyway? Since dovecot proxy can do this for you too. I want to do authentication using the IP that the IMAP client used to connect to the IMAP server. That is, I have 50 IPs, one for each state my users live in, so the users can only connect to the IMAP server using the domain name where their account is hosted (e.g., va.example.com http://va.example.com/ for accounts in Virginia or ca.example.com http://ca.example.com/ for accounts in California). I figured it was fairly simple to have NGINX listen on the different IPs for the different IMAP servers and do the authentication based on the server IP that was used by the IMAP client and then route the request to the proper Dovecot backend.
I actually plan on using HAProxy to listen on each of the IPs and then proxy to an NGINX mail proxy listening on different ports (one for each proxied IP). NGINX would then have mail server sections for each port that invokes a PHP script passing in the domain name associated with the port (e.g., va.example.com http://va.example.com/). The PHP script would then use this domain name along with the user/password supplied by the mail client to do the auth check and backend dovecot server selection.
The only problem I see with using HAProxy and NGINX mail proxy is I think I will lose the client IP so the Dovecot logs won’t show this IP.
Dovecot supports real IP forwarding with HAproxy.
http://wiki2.dovecot.org/HAProxy
Aki