[
https://issues.apache.org/jira/browse/JAMES-3209?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ioan Eugen Stan closed JAMES-3209.
----------------------------------
Resolution: Later
> Auth Module to make James usable with Nginx mail proxy for TLS termination
> ---------------------------------------------------------------------------
>
> Key: JAMES-3209
> URL: https://issues.apache.org/jira/browse/JAMES-3209
> Project: James Server
> Issue Type: New Feature
> Reporter: Ioan Eugen Stan
> Assignee: Ioan Eugen Stan
> Priority: Major
> Attachments: docker-compose.yaml, nginx.conf
>
>
> Apache James needs to be deployed with TLS encryption to ensure security of
> emails during transport.
> We could use Nginx as a mail proxy and use it for TLS termination.
> However we need to implement an HTTP auth service for that to work.
> This issue should cover work on making Nginx a valid mail proxy in front of
> Apache James.
> References:
> https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/
> https://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#protocol
> == Context
> Unfortunately, Java has only the keystore for managing TLS certificates. This
> is makes deploying TLS certificates hard for Apache James since the internet
> does not use. keystore format.
> We could use Nginx as a amil proxy. Nginx supports the certificate format
> that all other tools use. (add format here - PKCS #XXX ). People know how to
> setup Nginx with LetsEncrypt and benefit from free TLS certificates with
> automatic renewal.
> However we need an integration piece: the nginx auth service. It's an http
> service that works only with headers. It should be simple to write and work
> integrate.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
