[jira] [Commented] (JAMES-3209) Auth Module to make James usable with Nginx mail proxy for TLS termination

Wed, 10 Jun 2020 16:04:24 -0700 


    [ 
https://issues.apache.org/jira/browse/JAMES-3209?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17132775#comment-17132775
 ] 

Ioan Eugen Stan commented on JAMES-3209:
----------------------------------------

how to create a SslContext from PEM. See comments as well. 
https://stackoverflow.com/questions/50025086/in-java-what-is-the-simplest-way-to-create-an-sslcontext-with-just-a-pem-file

The above + tls-channel should do the trick.

> Auth Module to make James usable with Nginx mail proxy for TLS termination 
> ---------------------------------------------------------------------------
>
>                 Key: JAMES-3209
>                 URL: https://issues.apache.org/jira/browse/JAMES-3209
>             Project: James Server
>          Issue Type: New Feature
>            Reporter: Ioan Eugen Stan
>            Priority: Major
>
> Apache James needs to be deployed with TLS encryption to ensure security of 
> emails during transport. 
> We could use Nginx as a mail proxy and use it for TLS termination. 
> However we need to implement an HTTP auth service for that to work. 
> This issue should cover work on making Nginx a valid mail proxy in front of 
> Apache James.
> References:
> https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/ 
> https://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#protocol
> == Context
> Unfortunately, Java has only the keystore for managing TLS certificates. This 
> is makes deploying TLS certificates hard for Apache James since the internet 
> does not use. keystore format. 
> We could use Nginx as a amil proxy. Nginx supports the certificate format 
> that all other tools use. (add format here - PKCS #XXX ). People know how to 
> setup Nginx with LetsEncrypt and benefit from free TLS certificates with 
> automatic renewal. 
> However we need an integration piece: the nginx auth service. It's an http 
> service that works only with headers. It should be simple to write and work 
> integrate.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to