this post was submitted on 19 Jul 2023
12 points (61.5% liked)

Selfhosted

40183 readers
667 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hello fellow self-hosters. Is it possible to use NGINX as a proxy for an IMAP service where the IMAP server is located on a different host? I have a cloud VPS running NGINX which is connected to my home network via a WireGuard tunnel. What I would like to do is run the IMAP server (Dovecot) in my own network and have NGINX proxy the connection. I have tried doing searches based on this but the examples don't show how to specify the IMAP server for the connection to be redirected to for the lack of a better phrase. I know streaming is possible. Would this be the way to do?

I would love an example to go on. Thanks very much!

top 16 comments
sorted by: hot top controversial new old
[–] Zikeji@programming.dev 15 points 1 year ago (2 children)

What you're looking for is a reverse proxy, or in this case, a TCP reverse proxy. I believe only NGINX plus (paid?) supports that. You're probably better off using haproxy.

I haven't done it so I can't help in that front, but I found this: https://www.linuxbabe.com/mail-server/smtp-imap-proxy-with-haproxy-debian-ubuntu-centos

Which is close to your scenario (I just looked at the first result). Otherwise the search term "haproxy imap" or "haproxy mail server" may help you find something, maybe throwing in wireguard or VPN.

[–] housepanther@lemmy.goblackcat.com 5 points 1 year ago (1 children)

Thank you! It never occurred to me to consider haproxy to do something like this and I think it is exactly what I am looking for. It's definitely worth further exploration. My subscription for email service is about to run out and I'd rather not pay for something I don't have to.

[–] derin@lemmy.beru.co 5 points 1 year ago (1 children)

Just so you know, running an email service isn't as easy as you think. You'll most likely deal with a lot of blocks from Gmail and the rest.

[–] housepanther@lemmy.goblackcat.com 2 points 1 year ago (2 children)

I realize this could be a possibility. I don't think it is going to be easy but I'll give it a shot.

[–] kill_dash_nine@lemm.ee 3 points 1 year ago

You can do TCP proxying with nginx but many of the same features available in haproxy are behind the paywall. In nginx, layer 4 connections are dealt with through streams. You can do both TCP and UDP. I stick with haproxy for TCP streams with very few exceptions. HAproxy is most definitely more robust for situations where you have a pool of upstream servers. For single upstream instances, it’s not terrible. Most of the features I would use for better control of how the failover and balancing would work isn’t available in the open source nginx.

[–] ThorrJo@lemmy.sdf.org 7 points 1 year ago

You might also check out rathole as it is very easy to use: https://github.com/rapiz1/rathole

[–] Decronym@lemmy.decronym.xyz 5 points 1 year ago* (last edited 1 year ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
DNS Domain Name Service/System
HTTP Hypertext Transfer Protocol, the Web
IP Internet Protocol
NAT Network Address Translation
SMTP Simple Mail Transfer Protocol
VPN Virtual Private Network
VPS Virtual Private Server (opposed to shared hosting)
nginx Popular HTTP server

7 acronyms in this thread; the most compressed thread commented on today has 10 acronyms.

[Thread #10 for this sub, first seen 19th Jul 2023, 15:00] [FAQ] [Full list] [Contact] [Source code]

[–] blah@lemmy.1204.org 4 points 1 year ago

In case nginx does not work out for you, you can opt for more generic reverse proxies. frp is my favorite one: https://github.com/fatedier/frp

See https://github.com/anderspitman/awesome-tunneling

[–] ratz@chatsubo.hiteklolife.net 2 points 1 year ago (2 children)

I see you, fellow data sovereignty aficionado.

My first thought would be to try and set up iptables/nftables forwarding for this.

Personally I opted to just use my VPS as a MITM mail relay and just forward inbound mail for my domains to my own on-prem dovecot instance.

...your way is probably easier

[–] housepanther@lemmy.goblackcat.com 2 points 1 year ago (1 children)

I will use my VPS as an SMTP smart host because I have a residential dynamic DNS connection and many mail providers block those IPs by default. I have to see if my Oracle always free tier will let me use port 25. I have a feeling I may bit shit out of luck on that front.

[–] ratz@chatsubo.hiteklolife.net 3 points 1 year ago (1 children)

Yeah I shell out ~$3 per month for the privilege of indulging in the insanity of self hosting email.

[–] housepanther@lemmy.goblackcat.com 2 points 1 year ago (1 children)

Right now I pay 15.00 a year for email through Zoho and it works really well so maybe it is folly for me to change it up. It's more the principle of having to pay for email chaps at my ass when I have the technical know-how to do it myself. But Zoho is probably not selling my data since I am a paid member.

[–] ratz@chatsubo.hiteklolife.net 1 points 1 year ago

It really comes down to what value you assign to having private email storage.. unless you're having GPG encrypted convos, its probably pretty moot anyway as one side is going to have a copy of the email trail and theres a 98% probability its google, microsoft or ...yahoo I guess?

I might be talking myself out of this, this is now a therapy session

I actually considered doing port forwarding and NAT for this but I would run into a problem with NAT reflection. I'd have to implement split-brain DNS to avoid this. It's more efficient to simple proxy the connection. If I am unsuccessful, however, I will resort to port forwarding.

load more comments
view more: next ›