Welcome! Log In Create A New Profile


Re: IMAP Proxy with TLS Upstream Configuration

Maxim Dounin
January 06, 2024 09:30PM

On Sat, Jan 06, 2024 at 11:03:47AM -0800, Jeff Kletsky wrote:

> I believe I have properly configured nginx v1.24.0 (open source) for
> IMAP proxy on FreeBSD 14.0. I am, however, unable to establish a TLS
> connection to the upstream server.
> I have confirmed that I can connect to the proxy with TLS and that the
> auth server is called. The auth server returns the expected Auth-Server
> and Auth-Port. The upstream server is on a remote host with Dovecot
> running TLS on the standard port of 993. I can see the TCP handshake
> between the proxy and Dovecot on both machines, but nginx does not proceed.
> It eventually returns "* BAD internal server error" with the error log
> indicating a timeout


> I have confirmed using openssl s_client that the connection can be made
> from the host running nginx to the host at the expected IP address and port.
> Looking at the source, I did not see an option in the auth-header
> parsing related to using TLS upstream.
> Is there a way to use TLS for the IMAP upstream natively (without
> needing to configure a port with STARTTLS)?

Backend IMAP servers are expected to be plain text, not SSL/TLS.
Neither IMAPS nor IMAP with STARTTLS are supported for upstream

If you want to use SSL/TLS connections between nginx and backend
servers, consider configuring stream{} proxying on the same nginx
instance with "proxy_ssl on;" to handle SSL/TLS with the backend
servers for you, see http://nginx.org/r/proxy_ssl for details.

Maxim Dounin
nginx mailing list
Subject Author Posted

IMAP Proxy with TLS Upstream Configuration

Jeff Kletsky January 06, 2024 02:06PM

Re: IMAP Proxy with TLS Upstream Configuration

Maxim Dounin January 06, 2024 09:30PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 336
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready