You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Ioan Eugen Stan (Jira)" <se...@james.apache.org> on 2020/06/16 08:54:00 UTC
[jira] [Assigned] (JAMES-3209) Auth Module to make James usable
with Nginx mail proxy for TLS termination
[ https://issues.apache.org/jira/browse/JAMES-3209?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ioan Eugen Stan reassigned JAMES-3209:
--------------------------------------
Assignee: Ioan Eugen Stan
> Auth Module to make James usable with Nginx mail proxy for TLS termination
> ---------------------------------------------------------------------------
>
> Key: JAMES-3209
> URL: https://issues.apache.org/jira/browse/JAMES-3209
> Project: James Server
> Issue Type: New Feature
> Reporter: Ioan Eugen Stan
> Assignee: Ioan Eugen Stan
> Priority: Major
> Attachments: docker-compose.yaml, nginx.conf
>
>
> Apache James needs to be deployed with TLS encryption to ensure security of emails during transport.
> We could use Nginx as a mail proxy and use it for TLS termination.
> However we need to implement an HTTP auth service for that to work.
> This issue should cover work on making Nginx a valid mail proxy in front of Apache James.
> References:
> https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/
> https://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#protocol
> == Context
> Unfortunately, Java has only the keystore for managing TLS certificates. This is makes deploying TLS certificates hard for Apache James since the internet does not use. keystore format.
> We could use Nginx as a amil proxy. Nginx supports the certificate format that all other tools use. (add format here - PKCS #XXX ). People know how to setup Nginx with LetsEncrypt and benefit from free TLS certificates with automatic renewal.
> However we need an integration piece: the nginx auth service. It's an http service that works only with headers. It should be simple to write and work integrate.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org