Archive-Team
/
docker-mailserver
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs(chore): Shift "PROXY protocol" tabs 

NGINX tab relocated closer to Traefik, as the nested config tabs for DMS Postfix + Dovecot config have been extracted out to be visible after the reverse proxy config tab group instead of buried in the Traefik tab.

The warning admonition is shifted into the relevant config tab where it's visible upfront for the reader to be aware of and change to the duplicate ports tab early.
This commit is contained in:
polarathene 2024-03-10 22:12:41 +13:00
parent fc0ef0f996
commit 9f9312db30
1 changed files with 134 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
docs/content/config/advanced/kubernetes.md
View File

@ -580,14 +580,27 @@ The major problem with exposing DMS to the outside world in Kubernetes is to [pr
- These port variants will be defined in the `Deployment` configuration, and are scoped to the `mailserver` service (via `spec.routes.services.name`).
- The suffix is used to distinguish that these ports are only compatible with connections using the PROXY protocol, which is what your ingress controller should be managing for you by adding the correct PROXY protocol headers to TCP connections it routes to DMS.
=== "NGINX"
With an [NGINX ingress controller][Kubernetes-nginx], add the following to the TCP services config map (as described [here][Kubernetes-nginx-expose]):
```yaml
25: "mailserver/mailserver:25::PROXY"
465: "mailserver/mailserver:465::PROXY"
587: "mailserver/mailserver:587::PROXY"
993: "mailserver/mailserver:993::PROXY"
```
---
=== "Only accept connections with PROXY protocol"
!!! warning "Connections to DMS within the internal cluster will be rejected"
The services for these ports can only enable PROXY protocol support by mandating the protocol on all connections for these ports.
This can be problematic when you also need to support internal cluster traffic directly to DMS (_instead of routing indirectly through the ingress controller_).
=== "Only accept connections with PROXY protocol"
Here is an example configuration for [Postfix][docs-postfix], [Dovecot][docs-dovecot], and the adjustments to the `Deployment` config. The port names are adjusted here only for the additional context as described previously.
```yaml
@ -712,17 +725,6 @@ The major problem with exposing DMS to the outside world in Kubernetes is to [pr
protocol: TCP
```
=== "NGINX"
With an [NGINX ingress controller][Kubernetes-nginx], add the following to the TCP services config map (as described [here][Kubernetes-nginx-expose]):
```yaml
25: "mailserver/mailserver:25::PROXY"
465: "mailserver/mailserver:465::PROXY"
587: "mailserver/mailserver:587::PROXY"
993: "mailserver/mailserver:993::PROXY"
```
[github-web::docker-mailserver-helm]: https://github.com/docker-mailserver/docker-mailserver-helm
[metallb-web]: https://metallb.universe.tf/