Hi all, I have been using this howto for setting up my nginx proxy: https://www.howtoforge.com/reverse-proxy-for-https-ssh-and-mysql-mariadb-using-nginx/ All has been working smoothly, I am having an issue of setting up a stream conf file for my email server The email server is located at 192.168.1.111, and I have been trying to create a stream conf file for ports 25, 587, & 993. Currently those ports are directly behind router. When I do create a conf file, I lose connection to the email server. All servers are Ubuntu22LTS I currently do have a http proxy ports 80/443 to the email server for the cert renewals Any assisitance would be greatly appreciated
So you have a working configuration? The only difference would be that the additional configuration shall use another IP and other ports? The "currently those ports are behind router" is it different with the other setup or firewall? Where do the packets stop coming through, have you done a tcpdump analysis? Have you stumbled across https://github.com/ltcbuzy/Configuring-NGINX-as-a-Mail-Proxy-Server ?
Hi Thank you for getting back to me, Yes the email server works correctly directly behind the router, with ports 25, 587, 993 yes same email server IP and ports would be behind proxy, instead of router Going to go look at that github url and see if it helps
I see your responses do not match my intended question. Maybe one could help you adopt your current reverse proxy configuration based on what you have configured ( working ) already, as it seems you struggle on that. Knowing more about the relations of the network / web / mail / router would greatly help to understand your setup better.
Oh Ok Sorry, ztk.me, didn't understand your questions. Let me try this way, this is my current working configuration: Mailserver: 192.168.1.111, Ubuntu20LTS. Ports Open 25, 587, 993 behind router. Ports open 80,443 behind proxy Proxyserver: 192.68.1.110, Ubuntu22LTS, Nginx, Letsencrypt. Would like ports 25, 587, 993 to go behind proxy. Would like to create a nginx conf file that will do this. I don't know what I need. Thank you
I see, I was wondering if you, maybe, had a web and a mailserver with different location and implicit different possible issues why things may not work for you. But as it seems to be all on one server, the adoption should be working. As you followed the above mentioned howte, have you looked at Using per service configurations ? It describes how one would be able to proxy other services aswell. There is an example given for database with a port of 3306, basically it does not need to be one file per service, this is just for better practice/maintenance. I never had this use case, so I never tried it - so I got to rely a little on the mentioned caveats for anything that uses TLS, like Imap. Probably the easiest way anyway would be to just use HaProxy in TCP mode, for which I could give you a working example. Another caveat when proxying MTA traffic is, as the nature of things, your Mail-Server ( as your webserver aswell ) receive the connection from your proxy. So it looks like your proxy wants to deliver a mail for outlook.com For postfix a solution would be postscreen_upstream_proxy_protocol=haproxy when using the haproxy protocol.
