[Users] Recompiilng Zimbra's Nginx
Barry de Graaff
info at barrydegraaff.tk
Fri Dec 22 09:13:52 CET 2017
Hello Omar,
I dunno, but isn’t easier to just put haproxy in front of zimbra proxy and block all from there?
Barry
> On 22 Dec 2017, at 08:47, Omar Mochtar <iomarmochtar at gmail.com> wrote:
>
> Hi All,
>
>
>
> Here's the background of the issue: I implemented HAProxy as Load Balancer for Zimbra MTA & Proxy (webmail, pop3, imap) services and it's running smoothly until we have brute force issue then when i want to block the source of brute force IP but it just shown HAProxy server's IP in the log files since the traffics are come from it.
>
>
> After searching the solution is using HAProxy's Proxy Protocol that will add additional source information in package that will be forwarded to it's backend servers. For Postfix there is clear documentation in HaProxy's official blog (https://www.haproxy.com/blog/efficient-smtp-relay-infrastructure-with-postfix-and-load-balancers/) and for the rest service (webmail, pop3, imap) which handled with Nginx the clue is only this documentation http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_protocol .
>
>
> Unfortunately nginx's proxy_protocol configuration is available from version 1.9.2 and Nginx version in Zimbra 8.7 is 1.7.1 .
>
> The question is how to recompiling new version of Nginx (including it's zmlookup modules, etc) that will be replaced the existing one ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zetalliance.org/pipermail/users_lists.zetalliance.org/attachments/20171222/27bc120d/attachment.html>
More information about the Users
mailing list