I plan on putting two dovecot directors in front of our backend dovecot pop/imap servers, instead of our current haproxy loadbalancing of the connections -- but how do we handle SSL in such a setup. Will all SSL be terminated on the directors automatically, and then proxyed plain text, or is there any configuration needed to achieve this ? Does it matter that the directors are v2.0 while the backends are running v1.2 ? -jf
Never mind -- I see now that this is working fine by default. SSL
is terminated on the director, and connections are automatically
proxyed in plain text.
Still wonder a little about v2.0 director vs. v1.2 backends, but doubt it
should matter much..
Complete (single-node) director configuration, in case anybody else
should be interested in running such a setup:
#################################################################
# dovecot -n
# 2.0.7: /usr/local/dovecot-2.0.7/etc/dovecot/dovecot.conf
# OS: Linux 2.6.18-194.8.1.el5 x86_64 Red Hat Enterprise Linux Server release
5.5 (Tikanga)
director_mail_servers = 192.168.42.28 192.168.42.29
director_servers = 127.0.0.1
passdb {
args = proxy=y nopassword=y
driver = static
}
service director {
fifo_listener login/proxy-notify {
mode = 0666
}
inet_listener {
port = 5515
}
unix_listener director-userdb {
mode = 0600
}
unix_listener login/director {
mode = 0666
}
}
service imap-login {
executable = imap-login director
}
service pop3-login {
executable = pop3-login director
}
ssl_cert = </etc/pki/tls/certs/server.crt
ssl_key = </etc/pki/tls/private/server.key
#################################################################
-jf