Skip to content

Instantly share code, notes, and snippets.

@pbruna

pbruna/mruby_nginx_mail_auth_router.rb

Last active April 4, 2018 12:45
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save pbruna/51a86760666c8b1c6326 to your computer and use it in GitHub Desktop.
Save pbruna/51a86760666c8b1c6326 to your computer and use it in GitHub Desktop.
Download ZIP
A mruby-nginx example of how to do an Auth Router for a Mail Proxy
Raw
mruby_nginx_mail_auth_router.rb
backend = ""
request = Nginx::Request.new
auth_user = request.headers_in["Auth-User"]
domain = auth_user.split(/@/).last
backend_zimbra_open = "http://opmailbox1:7072/service/extension/nginx-lookup"
backend_zimbra_network = "http://nemailbox1:7072/service/extension/nginx-lookup"
auth_headers = {
"Auth-User" => request.headers_in["Auth-User"],
"Auth-Method" => request.headers_in["Auth-Method"],
"Auth-Pass" => request.headers_in["Auth-Pass"],
"Auth-Protocol" => request.headers_in["Auth-Protocol"]
}
def get_port_from_protocol(protocol)
protomap = {
"pops" => '995',
'imaps' => '993',
'pop' => '110',
'pop3' => '110',
'imap' => '143'
}
protomap[protocol]
end
http = HttpRequest.new()
result_headers = Nginx::Headers_out.new
master_response = false
# Probamos con Zimbra Open
open_response = http.get(backend_zimbra_open, nil, auth_headers)
network_response = http.get(backend_zimbra_network, nil, auth_headers)
if open_response.headers['auth-status'] == "OK"
master_response = open_response
elsif network_response.headers['auth-status'] == "OK"
master_response = network_response
end
if master_response
%w(Auth-Status Auth-Server Auth-Port Auth-Cache-Alias Auth-User).each do |k|
result_headers[k] = master_response.headers[k.downcase]
end
Nginx.echo ''
else
result_headers['Auth-Status'] = 'OK'
result_headers['Auth-Server'] = '201.238.246.173'
result_headers['Auth-Port'] = get_port_from_protocol(auth_headers['Auth-Protocol'])
result_headers['Auth-Cache-Alias'] = 'TRUE'
result_headers['Auth-User'] = auth_headers['Auth-User']
Nginx.echo ''
end
Raw
nginx.conf
worker_processes 1;
events {
worker_connections 1024;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server_tokens off;
server {
proxy_pass_header Server;
listen 80;
server_name localhost;
location /authmail {
mruby_content_handler '/etc/nginx/ruby_src/authmail.rb';
}
}
mail {
auth_http http://localhost/authmail;
pop3_capabilities "TOP" "USER";
imap_capabilities "IMAP4rev1" "UIDPLUS";
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
server {
listen 143;
protocol imap;
auth_http_header X-Auth-Port 143;
auth_http_header User-Agent "Nginx IMAP4 proxy";
}
server {
protocol pop3;
listen 110;
starttls on;
pop3_auth plain;
auth_http_header X-Auth-Port 110;
auth_http_header User-Agent "Nginx POP3 proxy";
}
server {
protocol imap;
listen 993;
ssl on;
auth_http_header X-Auth-Port 993;
auth_http_header User-Agent "Nginx IMAPS proxy";
}
server {
protocol pop3;
listen 995;
ssl on;
pop3_auth plain;
auth_http_header X-Auth-Port 995;
auth_http_header User-Agent "Nginx POP3S proxy";
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment