Op 28-04-2022 om 07:30 schreef Aki Tuomi:
On 27/04/2022 22:14 Kees van Vloten <keesvanvlo...@gmail.com> wrote:
Hi all,
I am trying to setup dovecot to listen to imaps on the local network and
through haproxy from the internet.
service imap-login {
inet_listener imaps {
port = 993
ssl = yes
}
inet_listener imaps_haproxy {
haproxy = yes
port = 10993
ssl = yes
}
}
Obviously the dns-name on the internet connection (10993) is different
than on the lan (993).
In the docs
(https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/)
I found multiple options, but unfortunately none of those have the
option to distinguish per listen port.
Is there a way to setup two different certificates for the two listeners?
- Kees
Hi!
Currently port is not supported. What we usually recommend here is that you use
haproxy to distribute connections to different local IP addresses and use
local 127.0.0.5/32 {
ssl_cert=</path
ssl_key=</path
}
Aki
Hi Aki,
Would it then look like this?
Internet -> haproxy on dmz-server -> haproxy on mailserver -> dovecot on
127.0.0.5
- Kees
