mohammed90
commented
6 months ago What's your current config?
Closed di-rect closed 6 months ago
mohammed90
commented
6 months ago What's your current config?
di-rect
commented
6 months ago Actuallly the examples of the readme.
Https termination is what I'm doing like this at the moment (No L4 sadly) but for IMAP SSL tot non SSL is what seems to be more complex.
"http": {
"servers": {
"webserver": {
"listen": [
":443"
],
"routes": [
{
"match": [
{
"host": [
"mydomain.tld"
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "nginx:80"
}
]
}
]
}
]
}
],
"terminal": true
}
]
}
}
},
"layer4": {
"servers": {
"secure-imap": {
"listen": [
":993"
],
"routes": [
{
"handle": [
{
"handler": "tls"
},
{
"handler": "proxy",
"proxy_protocol": "v1",
"upstreams": [
{
"dial": [
"mailserver:143"
]
}
]
}
]
}
]
}
}
}
}@mohammed90 Any suggestion ?
mohammed90
commented
6 months ago @mohammed90 Any suggestion ?
Sorry, I got distracted. You're trying to proxy IMAP, which has specific requirements about its TLS termination. It doesn't like it when another server handles TLS in front of it. See:
di-rect
commented
6 months ago @mohammed90
OK no problem, thanks for your reply!
But why does the example here show 993 to 143 forward ? I have seen lots of issues with imap indeed, does the same go for SMTP ?
But is it true I don't see any example for SSL to non SSL (so actual termination) what I do in my example for http without using L4 app ?
mohammed90
commented
6 months ago why does the example here show 993 to 143 forward ?
It's just an example. I guess we didn't do the research I just did 🤷🏻♂️
does the same go for SMTP ?
I don't know for sure, but I assume yes. From prior research, email protocols tend to be finicky.
But is it true I don't see any example for SSL to non SSL (so actual termination) what I do in my example for http without using L4 app ?
It can be as simple as this:
{
"apps": {
"layer4": {
"servers": {
"tls_terminator": {
"listen": ["0.0.0.0:443"],
"routes": [
{
"handle": [
{
"handler": "tls"
},
{
"handler": "proxy",
"upstreams": [
{"dial": ["localhost:80"]}
]
}
]
}
]
}
}
}
}
}I believe this question has been answered, so I'll close the issue.
di-rect
commented
6 months ago I believe this question has been answered, so I'll close the issue.
Sorry for the delay; you can't always steer life :)
But you are right, the example is not that good and I think we made things clear; mailservers do need the certs themselves.
Happy Christmas!
Hi,
I have a very simple question:
Do you have an example that makes it possible to terminate SSL (443) on Caddy L4 and forward unencrypted to Non-SSL Caddy L4 http port 80?
I'm not able to get that working; proxy works fine.
Thanks!