Can I set a different certificate per listen port?
Kees van Vloten
keesvanvloten at gmail.com
Thu Apr 28 08:01:00 UTC 2022
Op 28-04-2022 om 07:30 schreef Aki Tuomi:
>> On 27/04/2022 22:14 Kees van Vloten <keesvanvloten at gmail.com> wrote:
>>
>>
>> Hi all,
>>
>> I am trying to setup dovecot to listen to imaps on the local network and
>> through haproxy from the internet.
>>
>> service imap-login {
>> inet_listener imaps {
>> port = 993
>> ssl = yes
>> }
>> inet_listener imaps_haproxy {
>> haproxy = yes
>> port = 10993
>> ssl = yes
>> }
>> }
>>
>> Obviously the dns-name on the internet connection (10993) is different
>> than on the lan (993).
>>
>> In the docs
>> (https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/)
>> I found multiple options, but unfortunately none of those have the
>> option to distinguish per listen port.
>>
>> Is there a way to setup two different certificates for the two listeners?
>>
>> - Kees
> Hi!
>
> Currently port is not supported. What we usually recommend here is that you use haproxy to distribute connections to different local IP addresses and use
>
> local 127.0.0.5/32 {
> ssl_cert=</path
> ssl_key=</path
> }
>
> Aki
Hi Aki,
Would it then look like this?
Internet -> haproxy on dmz-server -> haproxy on mailserver -> dovecot on
127.0.0.5
- Kees
More information about the dovecot
mailing list