====== upstreamによるメールproxy ======
===== このページについて =====
[[serverapps:nginx:mailproxy|mailモジュールを使ったsmtp proxy]]に挫折したため、streamを利用してみます。
==== 注意 ====
※アプリケーション層より下でProxyされるため、Nginx側でSSLを設定できません。
===== Proxy側 =====
==== /usr/local/etc/nginx/nginx.conf ====
stream {
proxy_protocol on;
#-- smtp ------------------------------------------
upstream smtp {
server SMTPSERVER:25;
}
server {
listen {ProxyIP}:25;
error_log /var/log/nginx/smtp-error.log error;
proxy_pass smtp;
}
#-- smtp isubmissionport----------------------------
upstream smtp_submission {
server SMTPSERVER:587;
}
server {
listen {ProxyIP}:587;
error_log /var/log/nginx/smtp-error.log error;
proxy_pass smtp_submission;
}
#-- imap ------------------------------------------
upstream imap {
server SMTPSERVER:143;
}
server {
listen {ProxyIP}:143;
error_log /var/log/nginx/imap-error.log error;
proxy_pass imap;
}
#-- pop3 ------------------------------------------
upstream pop3 {
server SMTPSERVER:110;
}
server {
listen {ProxyIP}:110;
error_log /var/log/nginx/pop3-error.log error;
proxy_pass pop3;
}
}
===== メールサーバ側 =====
==== /usr/local/etc/postfix/main.cf ====
smtpd_upstream_proxy_protocol = haproxy
==== /usr/local/etc/dovecot/local.conf ====
haproxy_trusted_networks = {Proxy IP}
==== /usr/local/etc/dovecot/conf.d/10-master.conf ====
service imap-login {
inet_listener imap {
#port = 143
haproxy = yes
}
}
service pop3-login {
inet_listener pop3 {
#port = 110
haproxy = yes
}
}
===== 参考 =====
[[https://www.nginx.com/resources/admin-guide/tcp-load-balancing/|NGINX LOAD BALANCING – TCP AND UDP LOAD BALANCER]]
[[https://tipstricks.itmatrix.eu/tcp-load-balancing-for-email-servers-with-nginx/|TCP Load balancing email/web servers with NginX]]
[[https://wiki2.dovecot.org/HAProxy|dovecot haproxy]]
[[http://www.postfix.org/postconf.5.html#smtpd_upstream_proxy_protocol| smtpd_upstream_proxy_protocol]]
[[http://tech.mercari.com/entry/2016/08/17/170114|nginxによるTCPロードバランサー]]