[Dovecot] dovecot director terminate ssl ?
I plan on putting two dovecot directors in front of our backend dovecot pop/imap servers, instead of our current haproxy loadbalancing of the connections -- but how do we handle SSL in such a setup. Will all SSL be terminated on the directors automatically, and then proxyed plain text, or is there any configuration needed to achieve this ?
Does it matter that the directors are v2.0 while the backends are running v1.2 ?
-jf
Never mind -- I see now that this is working fine by default. SSL is terminated on the director, and connections are automatically proxyed in plain text.
Still wonder a little about v2.0 director vs. v1.2 backends, but doubt it should matter much..
Complete (single-node) director configuration, in case anybody else should be interested in running such a setup:
################################################################# # dovecot -n # 2.0.7: /usr/local/dovecot-2.0.7/etc/dovecot/dovecot.conf # OS: Linux 2.6.18-194.8.1.el5 x86_64 Red Hat Enterprise Linux Server release 5.5 (Tikanga) director_mail_servers = 192.168.42.28 192.168.42.29 director_servers = 127.0.0.1 passdb { args = proxy=y nopassword=y driver = static } service director { fifo_listener login/proxy-notify { mode = 0666 } inet_listener { port = 5515 } unix_listener director-userdb { mode = 0600 } unix_listener login/director { mode = 0666 } } service imap-login { executable = imap-login director } service pop3-login { executable = pop3-login director } ssl_cert = </etc/pki/tls/certs/server.crt ssl_key = </etc/pki/tls/private/server.key
#################################################################
-jf
participants (1)
-
Jan-Frode Myklebust