Forum: NGINX Problems with PHP authentication imap/smtp proxy

2974d09ac2541e892966b762aad84943?d=identicon&s=25 cybermass (Guest)
on 2014-04-13 21:26
(Received via mailing list)
I managed to write my php auth script but still having problems
authenticating.
Also this is what I see in the logs:
[error] 22014#0: *3234 recv() failed (111: Connection refused) while in
http
auth state, client: back.end.ip server: 0.0.0.0:993, login:
"user@domain.com"

Also do I call this script with the following auth_http line? I never
see
anything listening on 9000. Where is this 9000 coming from? I just see
everyone using it:

auth_http  127.0.0.1:9000/mail/auth.php;

------------
auth.php

<?php
$db = new PDO('mysql:host=back.end.ip;dbname=server;charset=utf8',
'user',
'password');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);

if (!isset($_SERVER["HTTP_AUTH_USER"] ) ||
!isset($_SERVER["HTTP_AUTH_PASS"]
)) {
  fail();
}
$username = $_SERVER["HTTP_AUTH_USER"] ;
$userpass = $_SERVER["HTTP_AUTH_PASS"] ;
$protocol = $_SERVER["HTTP_AUTH_PROTOCOL"] ;


$backend_port = "";
if ($protocol == "imap") {
  $backend_port = 993;
}
if ($protocol == "smtp") {
  $backend_port = 25;
}
// nginx likes ip address so if your
// application gives back hostname, convert it to ip address here
$backend_ip = "back.end.ip";
// Authenticate the user or fail
if (!authuser($username,$userpass)) {
  fail();
  exit;
}
// Get the server for this user if we have reached so far
$userserver = getmailserver($username);

// Get the ip address of the server
// We are assuming that your backend returns hostname
// We try to get the ip else return what we got back

$server_ip = (isset($backend_ip[$userserver]))?$backend_ip[$userserver]
:$userserver;
// Pass!
pass($server_ip, $backend_port);

//END


function authuser($user,$pass) {
    global $db;
    $stmt = $db->prepare("SELECT password FROM users WHERE email=:email
LIMIT 1");
    $stmt->bindValue(':email',$username,PDO::PARAM_STR);
    $stmt->execute();
    $dbpass = $stmt->fetchColumn();
    return ($dbpass === $pass);
}


function getmailserver($user) {
    return $backend_ip;
  }
}

function fail(){
  header("Auth-Status: Invalid login or password");
  exit;
}

function pass($server,$port) {
  header("Auth-Status: OK");
  header("Auth-Server: $server");
  header("Auth-Port: $port");
  exit;
}
?>

========================================================
nginx.conf (my http section is fine as I use it for my backend apache)

mail {
  server_name  mx1.domain.com;
  #auth_http  unix:/path/socket:/cgi-bin/auth;
  auth_http  127.0.0.1:9000/mail/auth.php;

  proxy     on;

  ssl_prefer_server_ciphers  on;
  ssl_protocols              TLSv1 SSLv3;
  ssl_ciphers                HIGH:!ADH:!MD5:@STRENGTH;
  ssl_session_cache          shared:TLSSL:16m;
  ssl_session_timeout        10m;
  ssl_certificate            ssl/ug-mail.crt;
  ssl_certificate_key        ssl/private/ug-mail.key;

  imap_capabilities "IMAP4rev1 UIDPLUS";
  smtp_capabilities "PIPELINING 8BITMIME DSN";



#  smtp_auth plain login;
#  imap_auth plain login;

  server {
    listen 25;
    protocol smtp;
    timeout 120000;
  }

  server {
    listen 8825;
    protocol smtp;
    starttls on;
  }

  server {
    listen 993;
    protocol imap;
    ssl on;
  }
}

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,249256,249256#msg-249256
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2014-04-14 13:06
(Received via mailing list)
Hello!

On Sun, Apr 13, 2014 at 03:25:35PM -0400, cybermass wrote:

>
> auth_http  127.0.0.1:9000/mail/auth.php;

It's just a random port number, which is expected to be used by
a HTTP server which is capable of running your auth script.

--
Maxim Dounin
http://nginx.org/
88c0dae13d60c5a245b6fd5d7da643b3?d=identicon&s=25 Shawn Za (shawn82)
on 2014-04-14 19:47
Im still not able to call this script. Is there something I need to
define in the http { section for php? I have not done that. I tried
adding another server { block inside the http block to listen to
127.0.0.1:9000 but still cant call my php script. nginx does not know
how to use php. I do have php5-fpm installed and running. Any help would
be appreciated. I just need to be able to use my auth.php with
auth_http. Thanks.
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.