Ioan Eugen Stan created JAMES-3209:
--------------------------------------
Summary: Auth Module to make James usable with Nginx mail proxy
for TLS termination
Key: JAMES-3209
URL: https://issues.apache.org/jira/browse/JAMES-3209
Project: James Server
Issue Type: New Feature
Reporter: Ioan Eugen Stan
Apache James needs to be deployed with TLS encryption to ensure security of
emails during transport.
We could use Nginx as a mail proxy and use it for TLS termination.
However we need to implement an HTTP auth service for that to work.
This issue should cover work on making Nginx a valid mail proxy in front of
Apache James.
References:
https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/
https://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#protocol
== Context
Unfortunately, Java has only the keystore for managing TLS certificates. This
is makes deploying TLS certificates hard for Apache James since the internet
does not use. keystore format.
We could use Nginx as a amil proxy. Nginx supports the certificate format that
all other tools use. (add format here - PKCS #XXX ). People know how to setup
Nginx with LetsEncrypt and benefit from free TLS certificates with automatic
renewal.
However we need an integration piece: the nginx auth service. It's an http
service that works only with headers. It should be simple to write and work
integrate.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
