How to make nginx mail auth connection persistent?

Prabhash Rathore prabhashrathore at gmail.com
Tue May 16 21:29:26 UTC 2017 

Hi Maxim,

Thank you for your response! Our Mail backend system receives millions of
SMTP connection requests every day  and for each connection request, we
need to establish new connection with auth server and then tear it down
which is an overhead on CPU and network. So we are looking on ways to use
HTTP1.1 persistent connection so that we can save on our resources by
reusing connections. I think it will be a nice feature to have in nginx? By
the way, is there a reason why nginx auth_http does not support http 1.1?

Based on your suggestion, I tried following configuration but this did not
work. Nginx will not start complaining about  unknown upstream and location
directives.

upstream tss {
       server host_name:port/smtp.php;
       keepalive 32;
}

location / {
       proxy_http_version 1.1;
       proxy_pass http://tss;
}

mail {
    # auth
    auth_http tss;
}

Could you please share sample proxy config which could be used to enable
keepalive for auth_http?

Thanks!
Prabhash Rathore


On Tue, May 16, 2017 at 11:26 AM Maxim Dounin <mdounin at mdounin.ru> wrote:

> Hello!
>
> On Tue, May 16, 2017 at 06:18:27PM +0000, Prabhash Rathore wrote:
>
> > We are using nginx 1.7.3 as a reverse proxy for our Mail SMTP service.
> For
> > authentication of each SMTP connection, we have configured nginx to
> connect
> > with a http based service for authentication. Here is a snippet of our
> > nginx config:
> >
> > mail {
> >     # auth_server
> >     auth_http auth_host:auth_port/authserver;
> >
> >     # mail server
> >     server {
> >         protocol                 smtp;
> >         listen                   25;
> >         proxy                    on;
> >         xclient                  on;
> >         timeout                  15;
> >         starttls                 on;
> >         ... other configs...
> >     }
> > }
> >
> > With above config, we notice that nginx closes the connection after every
> > auth request/response to Mail Authentication Server (auth_http
> > auth_host:auth_port/authserver;) based on tcpdump analysis. We would like
> > to make this connection persistent so that we could reuse connection for
> > multiple auth requests.
> >
> > I looked at nginx mail auth module documentation (
> >
> http://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#auth_http_header
> > ) but I don't see any directive to make mail auth connection persistent.
>
> The auth_http module uses HTTP/1.0 and has no keepalive
> connections support.
>
> If there are practical reasons why you want it to use keepalive, a
> simple http proxy within the same nginx server will likely help.
>
> --
> Maxim Dounin
> http://nginx.org/
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20170516/f297facb/attachment.html>

More information about the nginx-devel mailing list