[jira] [Created] (JAMES-3209) Auth Module to make James usable with Nginx mail proxy for TLS termination

["Ioan Eugen Stan (Jira)" <se...@james.apache.org>]

Ioan Eugen Stan created JAMES-3209:
--------------------------------------

             Summary: Auth Module to make James usable with Nginx mail proxy for TLS termination 
                 Key: JAMES-3209
                 URL: https://issues.apache.org/jira/browse/JAMES-3209
             Project: James Server
          Issue Type: New Feature
            Reporter: Ioan Eugen Stan


Apache James needs to be deployed with TLS encryption to ensure security of emails during transport. 

We could use Nginx as a mail proxy and use it for TLS termination. 
However we need to implement an HTTP auth service for that to work. 
This issue should cover work on making Nginx a valid mail proxy in front of Apache James.

References:

https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/ 
https://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#protocol

== Context

Unfortunately, Java has only the keystore for managing TLS certificates. This is makes deploying TLS certificates hard for Apache James since the internet does not use. keystore format. 

We could use Nginx as a amil proxy. Nginx supports the certificate format that all other tools use. (add format here - PKCS #XXX ). People know how to setup Nginx with LetsEncrypt and benefit from free TLS certificates with automatic renewal. 

However we need an integration piece: the nginx auth service. It's an http service that works only with headers. It should be simple to write and work integrate.





--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org