Setting up imaps with haproxy and local certs?

baradhili · October 28, 2022, 6:42am

Slowly going crazy here…
have setup haproxy using this Set Up SMTP and IMAP Proxy with HAProxy (Debian, Ubuntu, CentOS)

it gets part of the way there, but I want to use my letsencrypt cert that I have available on the proxy box instead of trying to convince my internal dovecot to provide imaps - so basically offload SSL at the proxy

but I have no idea how to tell haproxy to provide imap:993 with the correct certs?

Probably just failing to read the rtfm properly

Also want to do the same with smtps:465

baradhili · February 23, 2023, 5:19am

because someone might find this…

I fixed it by

merging fullchain and key into a cert - eg. cat /etc/letsencrypt/live/external.XXX.com/fullchain.pem /etc/letsencrypt/live/external.XXX.com/privkey.pem | tee /etc/haproxy/external.XXX.com.pem
referring to this combined pem file in the config e.g. bind *:993 ssl crt /etc/haproxy/external.XXX.com.pem

lukastribus · February 23, 2023, 8:27am

This only works for ports with implicit SSL. It cannot work with STARTTLS based approaches:

Topic		Replies	Views
IMAP + SMTP proxy for 2 Mail Domains Help!	2	2589	March 26, 2020
Terminating opportunistic TLS (STARTTLS) Help!	2	3724	April 3, 2019
HAproxy SMTP mail config Help!	3	4258	August 21, 2023
Haproxy SSL/TLS Passthrough Proxy not working? Help!	1	1009	April 4, 2022
SMTP & IMAP proxy based on domain (pass-through) Help!	4	11692	November 4, 2020

Setting up imaps with haproxy and local certs?

Related topics