31
20.7 Legacy Series / Re: [Solved, RFC needed?] NGINX as IMAP reverse proxy
« on: October 27, 2020, 12:00:16 pm »
Thx! Gonna read this!
Roger
Roger
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
32
20.7 Legacy Series / Re: [Solved, RFC needed?] NGINX as IMAP reverse proxy
« on: October 27, 2020, 10:26:46 am »
does somewhere exist kind of rtfm for this?
Thx,
Ruggerio
Thx,
Ruggerio
33
20.7 Legacy Series / Re: NGINX as IMAP reverse proxy
« on: October 26, 2020, 01:09:34 pm »
not correct, what i wrote. i had an old server inside nginx, which did it wrong. changed it to right, now it works.
would be a cool change, having a checkbox in opnense or a selection under proxy protocol:
1) checkbox: use haproxy protocol
2) selection: instead of clicking the proxy protocol having the chose between standard or haproxy
In case of selecting haproxy, the enries in the services list (listen-part) shouldn't been placed, but still this one here: proxy_protocol on;
this would make perhaps much easier for mailservers. shall i file a CR on github? btw. this is tested with dovecot only. in my protocols i see now the external ips
Thx!
Ruggerio
would be a cool change, having a checkbox in opnense or a selection under proxy protocol:
1) checkbox: use haproxy protocol
2) selection: instead of clicking the proxy protocol having the chose between standard or haproxy
In case of selecting haproxy, the enries in the services list (listen-part) shouldn't been placed, but still this one here: proxy_protocol on;
this would make perhaps much easier for mailservers. shall i file a CR on github? btw. this is tested with dovecot only. in my protocols i see now the external ips
Thx!
Ruggerio
34
20.7 Legacy Series / Re: NGINX as IMAP reverse proxy
« on: October 26, 2020, 12:02:35 pm »
thx, fright, i changed to this:
Now, at least it hast the same behaviour as sending directly to Port 143 with data streaming - means, that there is not yet a transformation about the external ip. x-forwarded-for cannot be used in that use-case, right? I read, that imap usually needs ID, which needs a manual implementation for a mail-section. But in fact, the connection now is accepted also on port 10143 for the upstream-server, which was not the case before.
Code: [Select]
server {
listen 143;
listen [::]:143;
proxy_ssl off;
proxy_pass upstream3605708c54c0460ca656e8fbaeadabb9;
proxy_protocol on;
}
Now, at least it hast the same behaviour as sending directly to Port 143 with data streaming - means, that there is not yet a transformation about the external ip. x-forwarded-for cannot be used in that use-case, right? I read, that imap usually needs ID, which needs a manual implementation for a mail-section. But in fact, the connection now is accepted also on port 10143 for the upstream-server, which was not the case before.
35
20.7 Legacy Series / Re: NGINX as IMAP reverse proxy
« on: October 26, 2020, 10:49:31 am »
# servers
server {
listen 143 proxy_protocol;
listen [::]:143 proxy_protocol;
access_log /var/log/nginx/stream_d3e1b124-88e2-4744-9538-cceaf6f84ff1.access.log main;
error_log /var/log/nginx/stream_d3e1b124-88e2-4744-9538-cceaf6f84ff1.error.log info;
proxy_ssl off;
proxy_pass upstream3605708c54c0460ca656e8fbaeadabb9;
proxy_protocol on;
}
so, this should be correct?
server {
listen 143 proxy_protocol;
listen [::]:143 proxy_protocol;
access_log /var/log/nginx/stream_d3e1b124-88e2-4744-9538-cceaf6f84ff1.access.log main;
error_log /var/log/nginx/stream_d3e1b124-88e2-4744-9538-cceaf6f84ff1.error.log info;
proxy_ssl off;
proxy_pass upstream3605708c54c0460ca656e8fbaeadabb9;
proxy_protocol on;
}
so, this should be correct?
36
20.7 Legacy Series / Re: NGINX as IMAP reverse proxy
« on: October 26, 2020, 10:30:08 am »
Hi,
I tried with and without proxy protocol. in conf-files it's not inserted, if you don't click it in gui. without proxy-protocol, it works, i have the haproxy-config listening to 10143, which then dovecot returns:
Okt 26 10:28:08 stlucia dovecot[51]: imap-login: Error: haproxy: Client timed out (rip=192.168.3.1)
Okt 26 10:28:08 stlucia dovecot[51]: imap-login: Error: haproxy: Client timed out (rip=192.168.3.1)
Okt 26 10:28:08 stlucia dovecot[51]: imap-login: Error: haproxy: Client timed out (rip=192.168.3.1)
Okt 26 10:28:06 stlucia dovecot[51]: imap-login: Error: haproxy: Client timed out (rip=192.168.3.1)
Okt 26 10:28:06 stlucia dovecot[51]: imap-login: Error: haproxy: Client timed out (rip=192.168.3.1)
...still with the ip of the sense...
thx
ruggerio
I tried with and without proxy protocol. in conf-files it's not inserted, if you don't click it in gui. without proxy-protocol, it works, i have the haproxy-config listening to 10143, which then dovecot returns:
Okt 26 10:28:08 stlucia dovecot[51]: imap-login: Error: haproxy: Client timed out (rip=192.168.3.1)
Okt 26 10:28:08 stlucia dovecot[51]: imap-login: Error: haproxy: Client timed out (rip=192.168.3.1)
Okt 26 10:28:08 stlucia dovecot[51]: imap-login: Error: haproxy: Client timed out (rip=192.168.3.1)
Okt 26 10:28:06 stlucia dovecot[51]: imap-login: Error: haproxy: Client timed out (rip=192.168.3.1)
Okt 26 10:28:06 stlucia dovecot[51]: imap-login: Error: haproxy: Client timed out (rip=192.168.3.1)
...still with the ip of the sense...
thx
ruggerio
37
20.7 Legacy Series / Re: NGINX as IMAP reverse proxy
« on: October 25, 2020, 03:16:55 pm »
i have this already running on haproxy without any problem. In dovecot, you have to enter there 2 special lines for haproxy. of course, this is primarly seen for loadbalancing reasons.
haproxy_trusted_networks = 192.168.0.0/24,192.168.1.0/24
haproxy_timeout = 10s
main goal was having http/s on nginx, as there is a free of charge waf included.
For the reason, not having haproxy and nginx for the same, i try to change to nginx.
Ruggerio
haproxy_trusted_networks = 192.168.0.0/24,192.168.1.0/24
haproxy_timeout = 10s
main goal was having http/s on nginx, as there is a free of charge waf included.
For the reason, not having haproxy and nginx for the same, i try to change to nginx.
Ruggerio
38
20.7 Legacy Series / [Solved, RFC needed?] NGINX as IMAP reverse proxy
« on: October 25, 2020, 01:21:34 pm »
i got nginx at 80% as reverse proxy for dovecot running. 80% because i don't get the external ip of the client transferred to the mailserver.
if i enable proxy protocol, the connection will not be accepted. Does anybody have an idea? Eventually i was searching false, but google did not reply that much on imap on reverse proxy
all i would need is having the external ip in the logs of dovecot.
Thx,
Ruggerio
if i enable proxy protocol, the connection will not be accepted. Does anybody have an idea? Eventually i was searching false, but google did not reply that much on imap on reverse proxy
all i would need is having the external ip in the logs of dovecot.
Thx,
Ruggerio
39
20.7 Legacy Series / Re: Postfix not logging
« on: August 13, 2020, 05:35:49 pm »
updated, logging is there.
Roger
Roger
41
20.7 Legacy Series / Re: PCEngines APU2/APU3/APU4 running on 20.7
« on: August 04, 2020, 03:48:42 pm »
In short, i am on 20.7 with my apu4, it works (migrated - not a fresh install)
Ruggerio
Ruggerio
42
20.7 Legacy Series / Re: Suricata - Engine?
« on: August 04, 2020, 07:58:58 am »
ac? aho-corasick? Memory full, as in Ken Steele Variant. I just set IDP, no IPS.
No, it's a apu4 with a 4-core AMD Jaguar. Hyperscan in that case is no alternative.
Ruggerio
No, it's a apu4 with a 4-core AMD Jaguar. Hyperscan in that case is no alternative.
Ruggerio
43
20.7 Legacy Series / Suricata - Engine?
« on: August 03, 2020, 04:14:29 pm »
Hi,
When testing 20.7 from iso, i always used Aho Ken Steele, no problems with memory.
Now, in 20.7 Production, memory goes up nearly 70% for suricata and the system is swapping. This was not the case before. I changed for now to "reduced memory implementation", but still lots of memory used and swap.
thx!
Ruggerio
When testing 20.7 from iso, i always used Aho Ken Steele, no problems with memory.
Now, in 20.7 Production, memory goes up nearly 70% for suricata and the system is swapping. This was not the case before. I changed for now to "reduced memory implementation", but still lots of memory used and swap.
thx!
Ruggerio
44
20.7 Legacy Series / Re: Postfix not logging
« on: August 03, 2020, 09:56:58 am »Same here, But if I disable circular logs syslogd and syslog-ng stop and will not start.
I had the same issue and had to reboot one more time again. Then it worked.
45
20.7 Legacy Series / Re: Postfix not logging
« on: August 01, 2020, 11:21:16 am »
no prob. at least, there are logs in the shell. already extremly helpful.