[Dovecot] Dovecot 2.2. proxy_maybe and twice SSL connections
Evgeny Basov
ya.mwork at yandex.ru
Tue Feb 19 14:09:49 EET 2013
19.02.2013 12:54, Timo Sirainen пишет:
> Set login_trusted_networks so both servers trust each others. SSL
> isn't required then. Also the client's real IP address gets proxied to
> logs/etc then.
With login_trusted_networks I have very strange behavior.
On every of two servers are presented external IP (EIP1&2) and internal
IP (IIP1&2). Everyone are listened on all interfaces and trusted for
connections from internal network:
listen = *, ::
login_trusted_networks = IIP1 IIP2
Client connects on EIP1 and password_query returns
host=IIP2
Server1 proxed to IIP2, but it returns
Error: proxy(...): TTL reached zero - proxies appear to be looping?
I thought that algorithm of the proxy as follows:
Client connects to the EIP
Query returns IIP1 or IIP2
If one of them is local, then no need proxy, direct connection, else —
proxy to the remote IP.
As result we are get configuration with two replicated servers in
master-master mode. Replication via SSH will be only available between
remote SSH servers. If one of them fails then external cluster software
(like pacemaker) migrates EIP and IIP on the live host and all must be
fine. Replication with yourself will not work because SSH connection
fails. When the broken server will be repaired, IPs migrates back and
replication success.
More information about the dovecot
mailing list