I'm an apache user normally, but I need to start using nginx as a reverse proxy for smtp (postfix).
I've seen tens of examples online. Like this and this. All of them have an auth_http
entry, which I completely don't understand. This is not the first time I use proxies, and I currently use haproxy since months. So why do I have to provide a php authentication page? Why can't I just use nginx as simple as I use haproxy, and just tell it: Set a frontend here, decrypt ssl with this key, and take it to that backend/port?
Could someone please explain how necessary that auth_http
entry is? The nginx manual doesn't seem to say much.
Thank you for any efforts.
Best Answer
Basically there are three big steps in your workflow
As far as I understand, you want to use nginx to do step 1, and transparently pass the rest of the transaction to the backend. Unfortunately you can't do it with nginx due its design. Nginx is always do step 1 and 2 before pass the request to the backend.
That's why parameter
auth_http
becomes crucial. Basically nginx takes username and password from SMTP auth process, pass it to auth_http URL via a protocol. And it expects response about auth status (whether transaction can be continued or not) and which address and port where the SMTP data should be passed.So, if you want just some SSL stripper proxy for SMTP, then maybe nginx won't be fit in your case.