-
Terminates https connections and forwards plaintext http to backends
-
Offers STARTTLS encryption for smtp connections and forwards plaintext smtp to backend
-
Uses same certificates for both items above
-
Provides basic HTTP authentification for some backend services
-
Implements two mail_auth servers: one which forwards only non-authenticated SMTP connections to localhost:2525 backend, and another one which performs an HTTP Basic auth check against a list of username-password pairs. Note that this is the same file used for basic auth for webmail interface in the bullet point above.
-
Uses servers from above bullet point to forward SMTP and IMAP connections to backend servers (SMTP server should support XCLIENT command, IMAP server should support HAproxy PROXY protocol).
-
Failed SMTP/POP3/IMAP login attempts are logged to a separate file.
-
Optionally, serves some static sites
-
Replace "shpakovsky.ru" with your server name in
data/conf/nginx.conffile. -
Generate SSL keys and put them in
data/certdirectory. You can do it either manually, or use dehydrated container.
- (optionally) create
data/conf/servers.conffile (example provided) and add your servers there.
-
Add
data/passwd/mail.txtfile with encrypted passwords to access SquirrelMail. It's recommended to use passwd file from the dovecot container and Login Authentication SquirrelMail plugin to automate login process. While you could also have some separate username/password combination for extra security, in current configuration it would break authentication with IMAP clients. You can of course change the configuration to use different passwords for IMAP clients and webmail. -
Add
data/passwd/dyndns.txtfile with encrypted passwords to use DynDNS.