ImapAuthenticateWithApachePhpScript
[edit] Using a php script on apache server as the auth backend
Start with the configuration from NginxImapProxyExample. For detail information about different configuration parameters, see the NginxMailCoreModule page.
- Your Proxy server for pop/imap is running on 192.168.1.1
- You have 2 backend pop/imap servers: 192.168.1.22 and 192.168.1.33
- You have a webserver that you will use for the authentication and redirection logic 192.168.1.44.
- The authentication script is /mail/auth.php
nginx.conf
user nobody; worker_processes 1; error_log logs/error.log info; pid logs/nginx.pid; events { worker_connections 1024; multi_accept on; } mail { auth_http 192.168.1.44:80/mail/auth.php; pop3_capabilities "TOP" "USER"; imap_capabilities "IMAP4rev1" "UIDPLUS"; server { listen 110; protocol pop3; proxy on; } server { listen 143; protocol imap; proxy on; } }
/mail/auth.php
<?php /* Nginx sends headers as Auth-User: somuser Auth-Pass: somepass On my php app server these are seen as HTTP_AUTH_USER and HTTP_AUTH_PASS */ if (!isset($_SERVER["HTTP_AUTH_USER"] ) || !isset($_SERVER["HTTP_AUTH_PASS"] )){ fail(); } $username=$_SERVER["HTTP_AUTH_USER"] ; $userpass=$_SERVER["HTTP_AUTH_PASS"] ; $protocol=$_SERVER["HTTP_AUTH_PROTOCOL"] ; // default backend port $backend_port=110; if ($protocol=="imap") { $backend_port=143; } if ($protocol=="smtp") { $backend_port=25; } // nginx likes ip address so if your // application gives back hostname, convert it to ip address here $backend_ip["mailhost01"] ="192.168.1.22"; $backend_ip["mailhost02"] ="192.168.1.33"; // Authenticate the user or fail if (!authuser($username,$userpass)){ fail(); exit; } // Get the server for this user if we have reached so far $userserver=getmailserver($username); // Get the ip address of the server // We are assuming that you backend returns hostname // We try to get the ip else return what we got back $server_ip=(isset($backend_ip[$userserver]))?$backend_ip[$userserver] :$userserver; // Pass! pass($server_ip, $backend_port); //END function authuser($user,$pass){ // put your logic here to authen the user to any backend // you want (datbase, ldap, etc) // for example, we will just return true; return true; } function getmailserver($user){ // put the logic here to get the mailserver // backend for the user. You can get this from // some database or ldap etc // dummy logic, all users that start with a,c,f and g get mailhost01 // the others get mailhost02 if in_array(substr($user,0,1), array("a", "c", "f", "g")){ return "mailhost01"; } else { return "mailhost02"; } } function fail(){ header("Auth-Status: Invalid login or password"); exit; } function pass($server,$port){ header("Auth-Status: OK"); header("Auth-Server: $server"); header("Auth-Port: $port"); exit; }