Dovecot SSL Cert Problem

@aaraya1516 wrote:

I'm trying to loadbalance a few dovecot instances and the SSL cert being shown to the users is the dovecot server's not the HAproxy version. The documentation for this is sparse and scattered, so I couldn't make a perfect setup that gave valid ssl certs. Does each dovecot server need to have a cert with the haproxy domain for this to work?

Here's my config:

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
        ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
        ssl-default-bind-options no-sslv3

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

listen webForward
        bind :443 ssl crt /etc/ssl/private/certprivkey.pem no-sslv3
        #mode tcp 
        reqadd X-Forwarded-Proto:\ https
        default_backend www-backend

backend www-backend
        redirect scheme https if !{ ssl_fc }
        #mode tcp
        balance roundrobin
        stick-table type ip size 200k expire 30m
        stick on src
        server s1 6x.xxx.xx.xxx:443

listen dovecot-imap
        bind :993 
        mode tcp
        #option ssl-hello-chk
        option http-keep-alive
        balance first
        tcp-check connect port 993
        tcp-check expect string *\ OK
        stick-table type ip size 200k expire 15m
        stick on src
        timeout server 1m
        timeout connect 1m
        timeout client 5m
        server s1 10.0.0.1:10993 send-proxy-v2
        server s2 10.0.0.2:10993 send-proxy-v2

Posts: 4

Participants: 2

Read full topic

Dovecot SSL Cert Problem

Trending Articles

RAMAYAMPET Mandal Sarpanch | Upa-Sarpanch | Ward member Mobile Numbers Medak...

लड़कियां सेक्स के दौरान क्यों करती है उह! आह!लड़कियां सेक्स के दौरान क्यों करती...

Neem Baba Extra Questions Answer Class 6 English Poorvi

Throw Back: 4×4 — Sikilitele (Ft Castro) Prod by JQ

Rajasthan Board 10th Result 2016 Roll No wise & Name Wise

Lowe faces four theft charges

Practice Sheet of Right form of verbs for HSC Students

Mafia, Murder & Mayhem In The Motor City: Detroit Mob Hit Timeline (1937-2007)

The 10 Tennessee Cities With The Largest Black Population For 2021

Materials Around Us Class 6 Worksheet Science Chapter 6

デスクトップヒープの枯渇

Best Suvichar in Hindi |बेस्ट सुविचार |शुभ विचार हिंदी में

Kanulanu Thaake Lyrics and translation | Manam (2014)

Korean Sex Porn Videos: XXX Videos & Free Porn Movies

Teen Shot In Miami Drive-By Dies From Injuries

Download: IQ Muzatasha feat Shy D & Pmj – Ulesi NiFertilizer Yamavuto

Mahakal Attitude Status

Property developer set up cannabis factory to help pay off debts...

♡

KB: How to troubleshoot issues when adding a Hyper-V host in System Center...