On Sun, Jul 19, 2020 at 07:39:55AM -0400, bitquest25c wrote: Hi there,
> I have a single server with one Public IP and 10 domains. For each domain > I’d like to have a separate docker container as an email server (Postfix + > Dovecot). I’d like to achieve this with transparent TCP proxy with SNI > support. > > I'd like to route traffic from example.com on ports 587 & 143 to one > container and traffic for acme.com on ports 587 & 143 to a different > container, etc. Does the first example configuration at http://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html show what you want? And if not -- how will your tcp proxy know that some traffic to your-ip:your-port is intended for one.example.com instead of for two.example.com? > Should ports 587 & 143 be changed to 465 & 993 instead to achieve this? It sounds like you want your clients to speak protocol-over-ssl, using SNI. So you will want probably want smtps-on-465 and imaps-on-993, yes. So long as you control the clients, and can require them to use your configuration (SNI and these ports), it should work, In this design, nginx is not doing SSL-termination; each individual upstream service will do that. Good luck with it, f -- Francis Daly [email protected] _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
