documenting the email reverse proxy configuration

[ghomem]

Hello,

Thank you for puppet-nginx. This report is merely a suggestion for the documentation of what seems to be on orphaned question.

The question is: how to configure an Nginx reverse proxy for an encryped email backend using puppet-nginx?

The question is simple but the answer turns out to not be trivial.

TLDR

We ended up having:

class{ 'is_puppet_base::nginx_frontend_mail' :
    domain                  => 'mail.mydomain.tld',
    mail_backend            => 'mail-backend.mydomain.tld',
    frontend_sslprefix      => 'star.mydomain.tld',
    letsencrypt_certificate => true,
    require                 => [ Class['is_puppet_base::node_base'], Class['is_puppet_base::nginx_proxy_smtp_auth_ppa'], ],
  }

The above code is the solution we achieved, which makes use of several puppet-nginx resources. The implementation can be found here:

https://bitbucket.org/asolidodev/is_puppet_base/src/master/manifests/nginx_frontend_mail.pp

along with a short documentation article:

https://bitbucket.org/asolidodev/is_puppet_base/wiki/NGINX%20Frontend%20Mail

Several things were not clear to us during this effort, from the strange http auth protocol (why?), to SSL not being supported without additional effort. What we thought would be similar to an HTTPS reverse proxy turned out to be more complicated. Because there are many questions about this on the Internet, but we found no answer with all the information together we thought we could contribute with this information.

Thanks again for puppet-nginx. It is a really solid and useful tool :-)