Forum: NGINX mail config auth_http

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
37ffa5245cf7b33e467cd1b9a4788040?d=identicon&s=25 Nginx Lova (ilovenginx)
on 2009-02-18 00:11
Hello

Is there a way to do the following

mail {

  auth_http auth.$HTTP_DOMAIN/auth/pop?;
        pop3_capabilities "TOP" "UIDL" "USER";

  server{
    listen 995;
    protocol pop3;
                proxy on;

    ssl on;
    ssl_certificate /dir/to/ssl.crt;
    ssl_certificate /dir/to/ssl.key;
  server_name mypop.somedomain.com;
  }


}

were $HTTP_DOMAIN is parsed front the user ?


Cheers
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2009-02-18 01:34
(Received via mailing list)
Hello!

On Wed, Feb 18, 2009 at 12:11:36AM +0100, Nginx Lova wrote:

>     listen 995;
> }
>
> were $HTTP_DOMAIN is parsed front the user ?

No, auth_http doesn't support variables (and there are no plans).
You may try something like this though:

http {
    ...
    server {
        listen 127.0.0.1:8080;
        ...
        location = /auth/proxy {
            set $domain "default";

            if ($http_auth_user ~ "@(.*)$") {
                set $domain $1;
            }

            # note: requires resolver defined or
            # upstream{} blocks for each possible hostname

            proxy_pass http://auth.$domain/auth/pop;
        }
    }
}

mail {
    auth_http 127.0.0.1:8080/auth/proxy;
    ...
}

This will effectively introduce proxy authentication service
within nginx http module (at the cost of some extra sockets used).

BTW, in general the above method (delegating dirty work to http
module) is recommended one if you want something non-trivial.
E.g. auth backend load balancing and failover can be done easily this
way.

Maxim Dounin
This topic is locked and can not be replied to.