Emmanuel:
>Nginx is mainly a buffering HTTP proxy/reverse proxy and/or a HTTP TLS
>termination endpoint or raw N to 1 TCP proxy. ...
Nginx can also act very good as a mere TCP proxy with proxy protocol. I am not
terminating TLS on my VPS except for public websites served directly by the VPS.
Le 21/12/2023 à 10:03, Joachim Lindenberg via Postfix-users a écrit :
Emmanuel,
please read the thread
https://www.mail-archive.com/postfix-users@postfix.org/msg100852.html from the
beginning. SOCKS5 was already considered as an alternative to proxy protocol.
If you want to bash nginx then
Emmanuel,
please read the thread
https://www.mail-archive.com/postfix-users@postfix.org/msg100852.html from the
beginning. SOCKS5 was already considered as an alternative to proxy protocol.
If you want to bash nginx then please provide some substance. I am running
multiple instances of web
Le 20/12/2023 à 21:25, Joachim Lindenberg via Postfix-users a écrit :
Emmanuel :
That's crazy, If you're able to run a dedicated proxy instance, you're able to
run an outboud postfix instance too: the perfect proxy software for
smtp/postfix is postfix.
Otherwise it means that you're trying to
Emmanuel :
>That's crazy, If you're able to run a dedicated proxy instance, you're able to
>run an outboud postfix instance too: the perfect proxy software for
>smtp/postfix is postfix.
>Otherwise it means that you're trying to solve your use-case at the wrong
>level and that should be dealt at
Le 20/12/2023 à 20:53, Joachim Lindenberg via Postfix-users a écrit :
Wietse:
Obviously, nginx will not know the Postfix SMTP client protocol stage, and the
nginx settings will have to match the largest
Postfix timeouts to avoid persistent mail delivery problems with some sites.
Settings
Wietse:
>Obviously, nginx will not know the Postfix SMTP client protocol stage, and the
>nginx settings will have to match the largest
>Postfix timeouts to avoid persistent mail delivery problems with some sites.
>Settings optimal for Postfix may conflict with 'web' proxy usage.
There is no need
Wietse:
>A Postfix implementation will have to work for other use cases,
>too. It would be good to know how nginx in forward proxy mode
>handles or ignores client address and port info, now and in the
>forseeable future.
Joachim Lindenberg via Postfix-users:
> I double checked documentation at
>
>A Postfix implementation will have to work for other use cases, too. It would
>be good to know how nginx in forward proxy mode handles or >ignores client
>address and port info, now and in the forseeable future.
I double checked documentation at
Wietse Venema via Postfix-users wrote in
<4svjy117ywzj...@spike.porcupine.org>:
...
|I expect that a SOCKS5 client would not use much code, compared to
|the code that was needed with HaProxy.
Gaetan Bisson (former ArchLinux, a very smart math professor
Tahiti) has written a small LD_PRELOAD
Wietse
> This means that nginx ignores the source port in the proxy protocol.
> Is that documented somewhere?
Joachim Lindenberg:
> It does not ignore it, the variable exists. My configuration doesn't
> use it for outbound, as plenty of ports are in used, and dynamic
> is ok for the use case.
>This means that nginx ignores the source port in the proxy protocol.
>Is that documented somewhere?
It does not ignore it, the variable exists. My configuration doesn´t use it for
outbound, as plenty of ports are in used, and dynamic is ok for the use case.
Does postfix have a dependency on the
Joachim Lindenberg via Postfix-users:
> >Is there a technical spec of that protocol? Does it look in any
> way like HaProxy protocol version 1 or 2? What are the source IP
> address and port?
> https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#:~:text=Enables%20the%20PROXY%20protocol
>
>Is there a technical spec of that protocol? Does it look in any way like
>HaProxy protocol version 1 or 2? What are the source IP address and port?
https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#:~:text=Enables%20the%20PROXY%20protocol
links to the expected suspect (HaProxy)...
Joachim Lindenberg via Postfix-users:
> >How is this used to connect to an arbitrary destination on the Internet?
>
> This is probably nginx implementation specific, but one can configure a
> stream proxy as follows:
>
> stream {
> server {
> listen 10.200.200.1:12345
>How is this used to connect to an arbitrary destination on the Internet?
This is probably nginx implementation specific, but one can configure a stream
proxy as follows:
stream {
server {
listen 10.200.200.1:12345 proxy_protocol;
proxy_bind [$proxy_protocol_addr];
Joachim Lindenberg via Postfix-users:
> I'd like to challenge that. (HA) Proxy protocol essentially implies
> to connect to another configured address and then prepend a string
> with connection info to the TCP stream.
Indeed. The (HA) proxy accepts a connection from an arbitrary client
IP
Hello Wietse,
maybe I should tell I am using nginx for all my inbound proxy protocol needs
(HA is via multiple addresses in DNS), and my email test service uses proxy
protocol outbound as well. Before I picked proxy protocol for that use case I
checked SOCKS or HTTP proxies but perceived the
Wietse;
> inside Postfix -reverse haproxy-> remote MTAs in the Internet
> That is currently not implemented, and no design exists.
Joachim Lindenberg via Postfix-users:
> Hello Wietse,
> Yes, exactly, no second instance. Ok, implies I haven't overlooked
> something. Is this an option you are
), backup or just trust in your provider.
Thanks,
Joachim
-Ursprüngliche Nachricht-
Von: Wietse Venema via Postfix-users
Gesendet: Montag, 18. Dezember 2023 13:31
An: Postfix users
Betreff: [pfx] Re: Postfix using proxy protocol outbound?
Did you mean instead of
inside Postix -> outs
Did you mean instead of
inside Postix -> outside Postfix -> remote MTAs in the Internet
Use
inside Postfix -reverse haproxy-> remote MTAs in the Internet
Theat is currently not implemented, and no design exists.
Wietse
___
21 matches
Mail list logo