PROXY protocol

Stephan Bosch stephan at rename-it.nl
Sat Aug 22 07:38:27 UTC 2015


Op 8/21/2015 om 1:31 PM schreef Nikolaos Milas:
> On 20/8/2015 11:09 μμ, Nikolaos Milas wrote:
>
>> As soon as I manage to re-build Dovecot with the latest snapshot,
>> I'll test it! 
>
> Hello,
>
> I've built dovecot with a today snapshot from hg
> (dovecot-2-2-9f815e781beb) and I am trying to enable haproxy.
>
> I configured as follows (lines added compared to initial config are
> marked with +):
>
>    service auth {
>    +  inet_listener {
>    +    haproxy = yes
>    +  }
>       unix_listener /var/spool/postfix/private/auth {
>         group = postfix
>         mode = 0660
>         user = postfix
>       }
>       unix_listener auth-master {
>         group = vmail
>         mode = 0660
>         user = vmail
>       }
>       user = root
>    }

Why are you putting this in the auth service? That makes no sense. This
needs to be put in the services that you want to enable the haproxy
protocol for. For pop and imap those are the login sevices pop3-login
and imap-login.

So, something like:

service imap-login {
  service_count = 1
  vsz_limit = 128 M
  inet_listener imap {
    haproxy = yes
    port = 143
    ssl = no
  }
}

Note that this will prevent normal clients from connecting to port 143,
since the server is expecting the PROXY header. It will drop the
connection if it is absent. If you need to retain normal client access,
e.g. for a webmail client, the haproxy listener can be put on a
different port.

Regards,

Stephan.






More information about the dovecot mailing list