Mail reverse proxy?


(Etique57) #1

Hello,

Just joined the caddy bandwagon :slight_smile:

Coming from an apache2-based reverse proxy setup, I’m just impressed by how much simpler and leaner the Caddyfile is !!

Anyway, I’m just wondering, is there a way setup a reverse proxy for mail protocols, like NGINX feature? I would like my caddy setup to be the only frontal reverse proxy exposed.

I guess the answer is no for now at least :slight_smile:

Thanks!


(Matthew Fay) #2

Hi @etique57, welcome to the Caddy community!

Looks like the net server type for Caddy is capable of proxying TCP/UDP to another host, and it seems it can also do it with TLS:

https://caddyserver.com/docs/net


(Etique57) #3

Thanks a lot!

that seems to do the trick indeed.

That said, I tried to do it using a docker image from Caddy (abiosoft), but I run into the following problem:

Not sure if related to the docker image or my misuse of caddy itself.

Thanks!


(Matthew Fay) #4

To clarify, it worked with a binary from caddyserver.com, but abiosoft/caddy failed as you describe when built with the net server type plugin?


(Etique57) #5

No, I actually didn’t try with a simple binary. I’ll give it a try.


(Etique57) #6

Ok with the binary the server starts properly.

But the redirection doesn’t work. I assume it may be a TLS issue, I probably have to enable TLS on caddy and disable it on dovecot.


(Etique57) #7

Ok, I had the excellent idea to enable logging to stdout, and here’s what it gets:

[INFO] Proxying from  :143  ->  :143
2018/05/09 12:13:58 accept tcp [::]:143: accept4: too many open files

I unfortunately don’t know what this means.


(Ronsor) #8

You have too many open file descriptors (includes TCP/UDP sockets, files, etc)

Increase the limit using ulimit -n 8192


(Etique57) #9

Thanks @Ronsor

I did so, I tried to telnet to the mail server from another pc, I got connected. So the redirection initially works.

Then my telnet command hung out (not working anymore), and then I saw in the stdout the “too many open files”.

I killed the telnet command and the stdout issues this:

Activating privacy features... done.
[INFO] Proxying from  :58846  ->  :58846
[INFO] Proxying from  :143  ->  :143
2018/05/09 17:24:13 accept tcp [::]:143: accept4: too many open files
Done proxying: 192.168.0.203:143 127.0.0.1:46288
Done proxying: 127.0.0.1:143 127.0.0.1:46290
Done proxying: 127.0.0.1:143 127.0.0.1:46292
Done proxying: 127.0.0.1:143 127.0.0.1:46294
Done proxying: 127.0.0.1:143 127.0.0.1:46296
Done proxying: 127.0.0.1:143 127.0.0.1:46298
Done proxying: 127.0.0.1:143 127.0.0.1:46300
Done proxying: 127.0.0.1:143 127.0.0.1:46302
Done proxying: 127.0.0.1:143 127.0.0.1:46304

And it goes on and on.

I’m not sure what it tries to do with this 127.0.0.1 proxying.


(Etique57) #10

Just to make sure:

  • the server running caddy is called frontend
  • the server I want to redirect to is call (very conveniently) server
proxy :143 :143 {
        host server
        tls off
}

Reading again the help, I’m not sure anymore it is intended to work as I thought it would:
frontend:143 -> server:143

could it work that way?

I actually would need something like this:

proxy :143 server:143 {
        host my.domain
        tls webmaster@my.domain
}

Well, I just did the modification and it worked :smiley:

Maybe we should update the help…