I managed to write my php auth script but still having problems
authenticating.
Also this is what I see in the logs:
[error] 22014#0: *3234 recv() failed (111: Connection refused) while in http
auth state, client: back.end.ip server: 0.0.0.0:993, login:
"u...@domain.com"
Also do I call this script with the following auth_http line? I never see
anything listening on 9000. Where is this 9000 coming from? I just see
everyone using it:
auth_http 127.0.0.1:9000/mail/auth.php;
------------
auth.php
<?php
$db = new PDO('mysql:host=back.end.ip;dbname=server;charset=utf8', 'user',
'password');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
if (!isset($_SERVER["HTTP_AUTH_USER"] ) || !isset($_SERVER["HTTP_AUTH_PASS"]
)) {
fail();
}
$username = $_SERVER["HTTP_AUTH_USER"] ;
$userpass = $_SERVER["HTTP_AUTH_PASS"] ;
$protocol = $_SERVER["HTTP_AUTH_PROTOCOL"] ;
$backend_port = "";
if ($protocol == "imap") {
$backend_port = 993;
}
if ($protocol == "smtp") {
$backend_port = 25;
}
// nginx likes ip address so if your
// application gives back hostname, convert it to ip address here
$backend_ip = "back.end.ip";
// Authenticate the user or fail
if (!authuser($username,$userpass)) {
fail();
exit;
}
// Get the server for this user if we have reached so far
$userserver = getmailserver($username);
// Get the ip address of the server
// We are assuming that your backend returns hostname
// We try to get the ip else return what we got back
$server_ip = (isset($backend_ip[$userserver]))?$backend_ip[$userserver]
:$userserver;
// Pass!
pass($server_ip, $backend_port);
//END
function authuser($user,$pass) {
global $db;
$stmt = $db->prepare("SELECT password FROM users WHERE email=:email
LIMIT 1");
$stmt->bindValue(':email',$username,PDO::PARAM_STR);
$stmt->execute();
$dbpass = $stmt->fetchColumn();
return ($dbpass === $pass);
}
function getmailserver($user) {
return $backend_ip;
}
}
function fail(){
header("Auth-Status: Invalid login or password");
exit;
}
function pass($server,$port) {
header("Auth-Status: OK");
header("Auth-Server: $server");
header("Auth-Port: $port");
exit;
}
?>
========================================================
nginx.conf (my http section is fine as I use it for my backend apache)
mail {
server_name mx1.domain.com;
#auth_http unix:/path/socket:/cgi-bin/auth;
auth_http 127.0.0.1:9000/mail/auth.php;
proxy on;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 SSLv3;
ssl_ciphers HIGH:!ADH:!MD5:@STRENGTH;
ssl_session_cache shared:TLSSL:16m;
ssl_session_timeout 10m;
ssl_certificate ssl/ug-mail.crt;
ssl_certificate_key ssl/private/ug-mail.key;
imap_capabilities "IMAP4rev1 UIDPLUS";
smtp_capabilities "PIPELINING 8BITMIME DSN";
# smtp_auth plain login;
# imap_auth plain login;
server {
listen 25;
protocol smtp;
timeout 120000;
}
server {
listen 8825;
protocol smtp;
starttls on;
}
server {
listen 993;
protocol imap;
ssl on;
}
}
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,249256,249256#msg-249256
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
