[jira] [Commented] (JAMES-3209) Auth Module to make James usable with Nginx mail proxy for TLS termination

Thu, 11 Jun 2020 05:58:01 -0700 


    [ 
https://issues.apache.org/jira/browse/JAMES-3209?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17133237#comment-17133237
 ] 

David Leangen commented on JAMES-3209:
--------------------------------------

Just attached my docker-compose.yaml file and nginx.conf file.

Have been trying various things, but so far no success. For some reason the 
auth call never makes it to my auth server. I just get this:
{code:java}
nginx-proxy_1  | 2020/06/11 12:51:24 [error] 29#29: *1 recv() failed (111: 
Connection refused) while in http auth state, client: 172.28.0.1, server: 
0.0.0.0:993, login: "[email protected]"{code}
 

> Auth Module to make James usable with Nginx mail proxy for TLS termination 
> ---------------------------------------------------------------------------
>
>                 Key: JAMES-3209
>                 URL: https://issues.apache.org/jira/browse/JAMES-3209
>             Project: James Server
>          Issue Type: New Feature
>            Reporter: Ioan Eugen Stan
>            Priority: Major
>         Attachments: docker-compose.yaml, nginx.conf
>
>
> Apache James needs to be deployed with TLS encryption to ensure security of 
> emails during transport. 
> We could use Nginx as a mail proxy and use it for TLS termination. 
> However we need to implement an HTTP auth service for that to work. 
> This issue should cover work on making Nginx a valid mail proxy in front of 
> Apache James.
> References:
> https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/ 
> https://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#protocol
> == Context
> Unfortunately, Java has only the keystore for managing TLS certificates. This 
> is makes deploying TLS certificates hard for Apache James since the internet 
> does not use. keystore format. 
> We could use Nginx as a amil proxy. Nginx supports the certificate format 
> that all other tools use. (add format here - PKCS #XXX ). People know how to 
> setup Nginx with LetsEncrypt and benefit from free TLS certificates with 
> automatic renewal. 
> However we need an integration piece: the nginx auth service. It's an http 
> service that works only with headers. It should be simple to write and work 
> integrate.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to