Welcome! Log In Create A New Profile

Advanced

Internal Server Error messages nginx proxy POP/IMAP/SMTP

March 11, 2015 03:16PM
Hi, my name is Ricardo,

I'm here to ask for help about an implementation of pop3/imap and smtp proxy functionality with nginx, i want to implement a "cluster" with those functionalities.

Consideration
- All nodes/machines are virtualized (VM).
- All nodes/machines are configured with 600MB of RAM memory.
- All nodes/machines are based on 64 bits CentOS 7 distro.
- Nginx version included into CentOS 7, nginx-1.6.2-4.el7.x86_64


Scenario

My scenario is as follows:

- 1 Server as proxy with IMAP/POP/IMAPS/POP3S/SMTP and SMTPS enabled. This will be proxy-n1.ine.mx with IP address 192.168.122.170.
- 1 Server as DNS with name master.ife.org.mx. This is the dns server for the solution, the IP address for this host is 192.168.122.85
- 1 Server as LDAP with name ldap.ife.org.mx. This is the "directory server" for my users. The IP address assigned to this host is 192.168.122.30
- 2 Mail servers with postfix configured. The name for the firs node is correo-n1.ine.mx with IP address 192.168.122.98 and The name for the second node is correo-n2.ine.mx with IP address 192.168.122.78. Both of them with postfix 2.10 and dovecot 2.2.10 with SMTP/SMTPS POP3/POPS3 and IMAP/IMAPS enabled.
- 1 client with Windows 7 Starter with Outlook. The objective of this VM is to connect to the proxy solution an function and to get a normal functionality. (I would like to mention, that this is the first phase/stange)


Goal

- This first phase is stablish email flow functionality with authenticated mechanism with one proxy server and one email server.

Done Activities

- The proxy nodes has been configured to support IMAP/POP/IMAPS/POP3S/SMTP and SMTPS, I paste the configuration for better understanding:

-------------------------------- /etc/nginx/nginx.conf --------------------------------
user nginx;
worker_processes 1;
worker_rlimit_nofile 65535;

error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log debug;
error_log /var/log/nginx/error.log notice;
error_log /var/log/nginx/error.log info;
error_log /var/log/nginx/error.log error;

pid /run/nginx.pid;

events {
worker_connections 10240;
debug_connection 192.168.122.0/24;
multi_accept on;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

proxy_buffering on;
proxy_buffer_size 8k;
proxy_buffers 2048 8k;
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
#gzip on;
index index.html index.htm;
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
server_name localhost;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
location / {
index index.html index.htm index.php;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
}
mail {
server_name proxy-n1.ine.mx;
# apache external backend
auth_http 192.168.122.170:80/correo-proxy-auth/index.php;
xclient on;
proxy on;
proxy_pass_error_message on;
imap_auth plain login cram-md5;
pop3_auth plain apop cram-md5;
smtp_auth plain login cram-md5;
imap_capabilities "IMAP4" "IMAP4rev1" "UIDPLUS" "IDLE" "LITERAL +" "QUOTA";
pop3_capabilities "LAST" "TOP" "USER" "PIPELINING" "UIDL";
smtp_capabilities "PIPELINING" "SIZE 10240000" "VRFY" "ETRN" "ENHANCEDSTATUSCODES" "8BITMIME" "DSN";
ssl_session_cache shared:MAIL:10m;
ssl_certificate /etc/nginx/ssl_keys/cert_primario.cer;
ssl_certificate_key /etc/nginx/ssl_keys/www-key.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;

server {
listen 143;
protocol imap;
starttls on;
auth_http_header X-Auth-Port 143;
auth_http_header User-Agent "Nginx POP3/IMAP4 proxy";
}

server {
protocol pop3;
listen 110;
starttls on;
pop3_auth plain;
auth_http_header X-Auth-Port 110;
auth_http_header User-Agent "Nginx POP3/IMAP4 proxy";
}

server {
listen 993;
ssl on;
protocol imap;
auth_http_header X-Auth-Port 993;
auth_http_header User-Agent "Nginx POP3/IMAP4 proxy";
}

server {
protocol pop3;
listen 995;
ssl on;
pop3_auth plain;
auth_http_header X-Auth-Port 995;
auth_http_header User-Agent "Nginx POP3/IMAP4 proxy";
}
server {
listen 25;
protocol smtp;
auth_http_header X-Auth-Port 25;
auth_http_header User-Agent "Nginx SMTP/SMTPS proxy";
timeout 12000;
}

server {
listen 465;
protocol smtp;
auth_http_header X-Auth-Port 465;
auth_http_header User-Agent "Nginx SMTP/SMTPS proxy";
ssl on;
}

server {
listen 587;
protocol smtp;
auth_http_header X-Auth-Port 587;
auth_http_header User-Agent "Nginx SMTP/SMTPS proxy";
starttls on;
}
}
-------------------------------- end file /etc/nginx/nginx.conf --------------------------------


- Auth logic has been written: i wrote all the logic for the auth process, this is specified into the mail module from nginx:

auth_http 192.168.122.170:80/correo-proxy-auth/index.php;

-------------------------------- /usr/share/nginx/html/correo-proxy-auth/index.php --------------------------------
The content of index.php script is as follows:

<?php
include './class/connect.php';
include './class/auth.php';
include './class/serverEmail.php';
$a=new Auth();
$e=new EmailConnect();
// based on the examples provided on ngnix wiki
// @_http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
$user=$_SERVER["HTTP_AUTH_USER"];
$password=$_SERVER["HTTP_AUTH_PASS"];
$protocol=$_SERVER["HTTP_AUTH_PROTOCOL"]; // This is the protocol being proxied
$auth=$_SERVER['HTTP_AUTH_METHOD']; // The authentication mechanism
$salt=$_SERVER['HTTP_AUTH_SALT']; // Need the salt to encrypt the cleartext password, used for some authentication mechanisms
$attempt=$_SERVER['HTTP_AUTH_LOGIN_ATTEMPT']; // The number of attempts needs to be an integer
$ipclient=$_SERVER['HTTP_CLIENT_IP']; // It's the IP number from users client.
$hostname=$_SERVER['HTTP_CLIENT_HOST']; // It's the hostname from users client.
$maxattempts=3;

#$user="ricardo.carrillo";
#$password="r3dh4t";
#$protocol="imap";
#$auth="plain";

if (isset($user) || isset($password)) {
if(!$a->authUser($user,$password)){
// set message just in case if the provided password or user are wrong.
$a->setFail();
}else{
// set the server configuration and redireting to it.
$getMailHost = $e->getMailHost($user);
$getProtocol = $e->getProtocol($protocol);
$getMailServ = $e->getMailServer($user);
#print "$getMailHost $getProtocol $getMailServ $user $password\
$e->setStatusPass($getMailServ,$getProtocol,$user,$password);
}
}else{
// set message just in case if the provided password or login are wrong.
$a->setFail();
}
?>
-------------------------------- end file /usr/share/nginx/html/correo-proxy-auth/index.php --------------------------------

This scripts just return the data to being passed to ngnix headers.

a) I get the mailhost from the ldap user (mailhost: correo-n1.ine.mx)
$getMailHost = $e->getMailHost($user);
b) I get the email protocol to being proxied.
$getProtocol = $e->getProtocol($protocol);
c) I get the mail server assigned to my ldap user (i get this from the ldap.ife.org.mx)
$getMailServ = $e->getMailServer($user);
#print "$getMailHost $getProtocol $getMailServ $user $password
d) I pass the data above got it to generate ngnix headers
$e->setStatusPass($getMailServ,$getProtocol,$user,$password);

- I have activated debuggin mode into nginx but it does not work as expected, I could not
The problem

At the moment to sign with the Windows machine with outlook to the proxy-n1.ine.mx node, I always get a message into the logs as follows:

2015/03/11 10:59:21 [debug] 1983#0: *8 http fastcgi header: "Status: 500 Internal Server Error" and i do not see any connections to my correo-n1.ine.mx, just see connections to the proxy-n1.ine.mx node.

I have searched on the web and not many solutios are provided, but the few solutions found are related to the "auth process problem" and that's it. Today i found that the "Status: 500 Internal Server error" are generated for the next causes:

1, Hard disk space is full
2, Nginx configuration file errorsĀ  (tuning -open files, limits.conf etc.-, concurrency settings, etc. etc.)
3. Auth process (own auth module)

Another logs that i see into my logs are as follows:

a) Resource temporarily unavailable

2015/03/11 10:59:21 [debug] 1983#0: *8 recv() not ready (11: Resource temporarily unavailable)
2015/03/11 10:59:21 [debug] 1983#0: *8 recv() not ready (11: Resource temporarily unavailable)
2015/03/11 10:59:21 [debug] 1983#0: *8 recv() not ready (11: Resource temporarily unavailable)
2015/03/11 10:59:21 [debug] 1983#0: *8 recv() not ready (11: Resource temporarily unavailable)

I guess those debug messages refers to if i have a load balancing configuration or something like that,

b) auth http server <IP>:80 did not send server or port while in http auth state, client: <ip-client>, server: <ip-server>:25, login: "<login>"

2015/03/11 09:38:49 [error] 3399#0: *30 auth http server 192.168.122.170:80 did not send server or port while in http auth state, client: 192.168.122.1, server: 0.0.0.0:25, login: "ricardo.carrillo"
2015/03/11 09:38:49 [error] 3399#0: *30 auth http server 192.168.122.170:80 did not send server or port while in http auth state, client: 192.168.122.1, server: 0.0.0.0:25, login: "ricardo.carrillo"

According to the "Mastering Nginx" book from Dimitri Aivaliotis, this error is caused by "the authentication query is not successfully answered for any reason" (page 62)

I quote a pharagraph from the book:

"If the authentication query is not successfully answered for any reason, the
connection is terminated. NGINX doesn't know to which upstream the client
should be proxied, and thereby closes the connection with an Internal server
error with the protocol-specific response code."

But does not offer any solution or clue to solve that.


For all the above, i ask for your help, I have already searched and spend a lot of time to solve the problem, but I could not do my email solutions works.

Could you help me to solve this problem?

Regars
Ricardo Carrillo.

P.D: Sorry for the format, , but the forum system does not support html or any post formatted setting.
Subject Author Posted

Internal Server Error messages nginx proxy POP/IMAP/SMTP

dominus.ceo March 11, 2015 03:16PM

Re: Internal Server Error messages nginx proxy POP/IMAP/SMTP

Francis Daly March 11, 2015 06:46PM

Re: Internal Server Error messages nginx proxy POP/IMAP/SMTP

dominus.ceo March 11, 2015 07:24PM

Re: Internal Server Error messages nginx proxy POP/IMAP/SMTP

Francis Daly March 12, 2015 04:10AM

Re: Internal Server Error messages nginx proxy POP/IMAP/SMTP

dominus.ceo March 12, 2015 03:03PM

Re: Internal Server Error messages nginx proxy POP/IMAP/SMTP

dominus.ceo March 12, 2015 07:25PM

Re: Internal Server Error messages nginx proxy POP/IMAP/SMTP

Francis Daly March 12, 2015 08:40PM

Re: Internal Server Error messages nginx proxy POP/IMAP/SMTP

dominus.ceo March 12, 2015 09:54PM

Re: Internal Server Error messages nginx proxy POP/IMAP/SMTP

dominus.ceo March 12, 2015 10:07PM

Re: Internal Server Error messages nginx proxy POP/IMAP/SMTP

dominus.ceo March 13, 2015 10:15AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 72
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready