mail config auth_http
Maxim Dounin
mdounin at mdounin.ru
Wed Feb 18 03:23:47 MSK 2009
Hello!
On Wed, Feb 18, 2009 at 12:11:36AM +0100, Nginx Lova wrote:
> Hello
>
> Is there a way to do the following
>
> mail {
>
> auth_http auth.$HTTP_DOMAIN/auth/pop?;
> pop3_capabilities "TOP" "UIDL" "USER";
>
> server{
> listen 995;
> protocol pop3;
> proxy on;
>
> ssl on;
> ssl_certificate /dir/to/ssl.crt;
> ssl_certificate /dir/to/ssl.key;
> server_name mypop.somedomain.com;
> }
>
>
> }
>
> were $HTTP_DOMAIN is parsed front the user ?
No, auth_http doesn't support variables (and there are no plans).
You may try something like this though:
http {
...
server {
listen 127.0.0.1:8080;
...
location = /auth/proxy {
set $domain "default";
if ($http_auth_user ~ "@(.*)$") {
set $domain $1;
}
# note: requires resolver defined or
# upstream{} blocks for each possible hostname
proxy_pass http://auth.$domain/auth/pop;
}
}
}
mail {
auth_http 127.0.0.1:8080/auth/proxy;
...
}
This will effectively introduce proxy authentication service
within nginx http module (at the cost of some extra sockets used).
BTW, in general the above method (delegating dirty work to http
module) is recommended one if you want something non-trivial.
E.g. auth backend load balancing and failover can be done easily this
way.
Maxim Dounin
More information about the nginx
mailing list