How to make nginx mail auth connection persistent?
Prabhash Rathore
prabhashrathore at gmail.com
Wed May 17 05:32:55 UTC 2017
Hi Maxim,
As per your suggestion to use Proxy server for auth_http directive in mail
to enable keepalive connection, I recompiled my nginx with http and added
following http configuration.
http {
server {
server_name foo_server;
location / {
proxy_http_version 1.1;
proxy_pass http://hostname:port/auth.php;
}
}
}
Now in mail directive, I am trying to refer this server from auth_http as
follows but nginx does not recognize foo_server while start up. Could you
please let me know how I can point "auth_http" to a proxy server configured
in nginx config?
mail {
auth_http foo_server; # my server name from http config
}
Please let me know if this is not possible with just config chages then we
will try to look at code change options.
Thank you for your help in advance! Appreciate it!
Prabhash Rathore
On Tue, May 16, 2017 at 2:29 PM Prabhash Rathore <prabhashrathore at gmail.com>
wrote:
> Hi Maxim,
>
> Thank you for your response! Our Mail backend system receives millions of
> SMTP connection requests every day and for each connection request, we
> need to establish new connection with auth server and then tear it down
> which is an overhead on CPU and network. So we are looking on ways to use
> HTTP1.1 persistent connection so that we can save on our resources by
> reusing connections. I think it will be a nice feature to have in nginx? By
> the way, is there a reason why nginx auth_http does not support http 1.1?
>
> Based on your suggestion, I tried following configuration but this did not
> work. Nginx will not start complaining about unknown upstream and location
> directives.
>
> upstream tss {
> server host_name:port/smtp.php;
> keepalive 32;
> }
>
> location / {
> proxy_http_version 1.1;
> proxy_pass http://tss;
> }
>
> mail {
> # auth
> auth_http tss;
> }
>
> Could you please share sample proxy config which could be used to enable
> keepalive for auth_http?
>
> Thanks!
> Prabhash Rathore
>
>
> On Tue, May 16, 2017 at 11:26 AM Maxim Dounin <mdounin at mdounin.ru> wrote:
>
>> Hello!
>>
>> On Tue, May 16, 2017 at 06:18:27PM +0000, Prabhash Rathore wrote:
>>
>> > We are using nginx 1.7.3 as a reverse proxy for our Mail SMTP service.
>> For
>> > authentication of each SMTP connection, we have configured nginx to
>> connect
>> > with a http based service for authentication. Here is a snippet of our
>> > nginx config:
>> >
>> > mail {
>> > # auth_server
>> > auth_http auth_host:auth_port/authserver;
>> >
>> > # mail server
>> > server {
>> > protocol smtp;
>> > listen 25;
>> > proxy on;
>> > xclient on;
>> > timeout 15;
>> > starttls on;
>> > ... other configs...
>> > }
>> > }
>> >
>> > With above config, we notice that nginx closes the connection after
>> every
>> > auth request/response to Mail Authentication Server (auth_http
>> > auth_host:auth_port/authserver;) based on tcpdump analysis. We would
>> like
>> > to make this connection persistent so that we could reuse connection for
>> > multiple auth requests.
>> >
>> > I looked at nginx mail auth module documentation (
>> >
>> http://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#auth_http_header
>> > ) but I don't see any directive to make mail auth connection persistent.
>>
>> The auth_http module uses HTTP/1.0 and has no keepalive
>> connections support.
>>
>> If there are practical reasons why you want it to use keepalive, a
>> simple http proxy within the same nginx server will likely help.
>>
>> --
>> Maxim Dounin
>> http://nginx.org/
>> _______________________________________________
>> nginx-devel mailing list
>> nginx-devel at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20170517/d02be429/attachment-0001.html>
More information about the nginx-devel
mailing list