-
-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: Kubernetes - Add proxy example with Traefik #3865
Comments
Feel free to contribute it to the docs, it's just markdown 👍 We do have some extra syntax you can use, such as the purple collapsed admonition feature: docker-mailserver/docs/content/config/advanced/kubernetes.md Lines 450 to 454 in 45935f5
This is just If you want to work on it locally to see a live preview before your PR, just clone the repo and run this: docker run --rm -it -p 80:8000 -v "./docs:/docs" squidfunk/mkdocs-material You can then view the docs at Then later, once you submit a PR; the CI will also build a preview we can all check before merging it. |
I am using Traefik as well, but not for DMS yet; hence, these changes are very intriguing to me! Just a quick question here that immediately struck me:
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: smtps
namespace: mail
spec:
entryPoints:
- smtps
tls:
passthrough: true
routes:
- match: HostSNI(`*`)
services:
- name: mail-docker-mailserver
namespace: mail
port: subs-proxy # <-- !!! i.e. 10465 ? !!!
proxyProtocol:
version: 1
|
I don't use Traefik myself, or have much familiarity with the Proxy Protocol, I know we have a couple docs pages with several examples covering both of those, so it'd be good if they get a review to ensure they're not stale 👍 When the test suite migrates to |
Well, speaking of the PROXY protocol - see #3866. |
@georglauterbach - Sure, I'm not using Traefik so I don't know the best setup. Remember though the ingress spec does not support TCP routes (the new Gateway API does though)! I'm using
Version 3.5+ and higher of postfix support Proxy protocol 2. Not sure about dovecot, but its working fine with whatever version |
Here's my comment citing issues with Traefik and STARTTLS.
I forgot to mention the benefit of the proxy is to preserve the real client IP (if that wasn't already clear), avoiding problems from all external traffic appearing to come from a single IP / container. |
Thanks for the update! Preserving the client IP makes sense; but this can also be achieved in other ways; hence I was not sure whether there are more benefits to using a proxy. |
Just chiming in to say that I noticed v3 of Traefik got merged into their master branch recently, so that may get released in the near future. It has changes notably in deprecating some existing k8s config/support in favor of non-alpha/beta status. If anyone contributes docs for this issue, they should wait until v3 👍 |
This issue has become stale because it has been open for 20 days without activity.
|
I will take this and update the docs. |
Subject
I would like to configure a not documented mail server use case
Description
This could be nice to add to the Kubernetes documentation page.
This is an example of configuring Traefik as a reverse proxy that was taken from a PR request (docker-mailserver/docker-mailserver-helm#62).
Running behind Traefik as reverse proxy
Setup according to the official DMS guide with traefik.
values.yaml
Using the following TCP Route.
The text was updated successfully, but these errors were encountered: