10,606
社区成员
发帖
与我相关
我的任务
分享nginx做邮件系统的负载均衡,无法使用pop3+ssl连接后端邮件服务器
如题,我的nginx配置就是常规的pop+ssl配置,没有做太多的设置,认证使用的也是网络上的php认证文件例子,只是端口是995,使用wireshark抓包发现nginx与后端邮件服务器进行了tcp三次握手,之后没有发送clent hello数据包,邮件服务器等待一段时间后超时断开连接,请教各位大虾是不是我nginx哪里没有配置或者php认证文件没有设置正确?
nginx.conf
#user nobody;
worker_processes 1;
error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
}
mail {
auth_http 192.168.1.121:80/auth.php;
pop3_capabilities "TOP" "USER";
imap_capabilities "IMAP4rev1" "UIDPLUS";
server {
listen 110;
protocol pop3;
proxy on;
starttls on;
ssl_certificate 1.crt;
ssl_certificate_key 1.key;
}
server {
listen 25;
protocol smtp;
proxy on;
xclient off;
}
server
{
listen 995;
protocol pop3;
proxy on;
ssl on;
ssl_certificate 1.crt;
ssl_certificate_key 1.key;
}
}
auth.php
<?php
/**
* @see xiabaibai.net
*/
if(!isset($_SERVER ["HTTP_AUTH_USER"] ) || ! isset($_SERVER ["HTTP_AUTH_PASS"] )) {
fail(0);
}
$username = $_SERVER ["HTTP_AUTH_USER"];
$userpass = $_SERVER ["HTTP_AUTH_PASS"];
$protocol = $_SERVER ["HTTP_AUTH_PROTOCOL"];
$protocol = "pop3";
$backend_port = 995;
list($uid, $domain) = explode("@", $username);
$auth = authuser($username, $userpass);
if(!$auth) fail (-2);
$popserver = "192.168.1.220";
pass($popserver, $backend_port);
//自定义认证,sql查询或者api
function authuser($user, $pass) {
return true;
}
function fail($code) {
switch($code){
case 0: header("Auth-Status: Parameter lost"); break;
case -1: header("Auth-Status: No Back-end Server"); break;
case -2: header("Auth-Status: Invalid login or password" ); break;
}
exit();
}
function pass($server, $port) {
header("Auth-Status: OK" );
header("Auth-Server: $server" );
header("Auth-Port: $port" );
exit();
}
?>
nginx.conf
#user nobody;
worker_processes 1;
error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
}
mail {
auth_http 192.168.1.121:80/auth.php;
pop3_capabilities "TOP" "USER";
imap_capabilities "IMAP4rev1" "UIDPLUS";
server {
listen 110;
protocol pop3;
proxy on;
starttls on;
ssl_certificate 1.crt;
ssl_certificate_key 1.key;
}
server {
listen 25;
protocol smtp;
proxy on;
xclient off;
}
server
{
listen 995;
protocol pop3;
proxy on;
ssl on;
ssl_certificate 1.crt;
ssl_certificate_key 1.key;
}
}
auth.php
<?php
/**
* @see xiabaibai.net
*/
if(!isset($_SERVER ["HTTP_AUTH_USER"] ) || ! isset($_SERVER ["HTTP_AUTH_PASS"] )) {
fail(0);
}
$username = $_SERVER ["HTTP_AUTH_USER"];
$userpass = $_SERVER ["HTTP_AUTH_PASS"];
$protocol = $_SERVER ["HTTP_AUTH_PROTOCOL"];
$protocol = "pop3";
$backend_port = 995;
list($uid, $domain) = explode("@", $username);
$auth = authuser($username, $userpass);
if(!$auth) fail (-2);
$popserver = "192.168.1.220";
pass($popserver, $backend_port);
//自定义认证,sql查询或者api
function authuser($user, $pass) {
return true;
}
function fail($code) {
switch($code){
case 0: header("Auth-Status: Parameter lost"); break;
case -1: header("Auth-Status: No Back-end Server"); break;
case -2: header("Auth-Status: Invalid login or password" ); break;
}
exit();
}
function pass($server, $port) {
header("Auth-Status: OK" );
header("Auth-Server: $server" );
header("Auth-Port: $port" );
exit();
}
?>
...全文
请发表友善的回复…
发表回复
