http://wiki.nginx.org/index.php?title=ImapAuthenticateWithApachePhpScript&feed=atom&action=historyImapAuthenticateWithApachePhpScript - Revision history2013-05-18T10:11:37ZRevision history for this page on the wikiMediaWiki 1.19.0http://wiki.nginx.org/index.php?title=ImapAuthenticateWithApachePhpScript&diff=178&oldid=prevUidvalidity: added missing brackets2011-10-11T17:45:46Z<p>added missing brackets</p>
<p><b>New page</b></p><div>== Using a php script on apache server as the auth backend ==<br />
<br />
Start with the configuration from NginxImapProxyExample. For detail information about different configuration parameters, see the NginxMailCoreModule page.<br />
<br />
<br />
# Your Proxy server for pop/imap is running on 192.168.1.1<br />
# You have 2 backend pop/imap servers: 192.168.1.22 and 192.168.1.33<br />
# You have a webserver that you will use for the authentication and redirection logic 192.168.1.44.<br />
# The authentication script is /mail/auth.php<br />
<br />
nginx.conf<br />
<br />
<geshi lang="nginx"><br />
user nobody;<br />
worker_processes 1;<br />
error_log logs/error.log info;<br />
pid logs/nginx.pid;<br />
<br />
events {<br />
worker_connections 1024;<br />
multi_accept on;<br />
}<br />
<br />
mail {<br />
auth_http 192.168.1.44:80/mail/auth.php;<br />
pop3_capabilities "TOP" "USER";<br />
imap_capabilities "IMAP4rev1" "UIDPLUS";<br />
<br />
server {<br />
listen 110;<br />
protocol pop3;<br />
proxy on;<br />
}<br />
<br />
server {<br />
listen 143;<br />
protocol imap;<br />
proxy on;<br />
}<br />
}<br />
</geshi><br />
<br />
/mail/auth.php<br />
<br />
<geshi lang="php"><br />
<?php<br />
/*<br />
Nginx sends headers as<br />
Auth-User: somuser<br />
Auth-Pass: somepass<br />
On my php app server these are seen as<br />
HTTP_AUTH_USER and HTTP_AUTH_PASS<br />
*/<br />
if (!isset($_SERVER["HTTP_AUTH_USER"] ) || !isset($_SERVER["HTTP_AUTH_PASS"] )){<br />
fail();<br />
}<br />
$username=$_SERVER["HTTP_AUTH_USER"] ;<br />
$userpass=$_SERVER["HTTP_AUTH_PASS"] ;<br />
$protocol=$_SERVER["HTTP_AUTH_PROTOCOL"] ;<br />
// default backend port<br />
$backend_port=110;<br />
if ($protocol=="imap") {<br />
$backend_port=143;<br />
}<br />
if ($protocol=="smtp") {<br />
$backend_port=25;<br />
}<br />
// nginx likes ip address so if your<br />
// application gives back hostname, convert it to ip address here<br />
$backend_ip["mailhost01"] ="192.168.1.22";<br />
$backend_ip["mailhost02"] ="192.168.1.33";<br />
// Authenticate the user or fail<br />
if (!authuser($username,$userpass)){<br />
fail();<br />
exit;<br />
}<br />
// Get the server for this user if we have reached so far<br />
$userserver=getmailserver($username);<br />
// Get the ip address of the server<br />
// We are assuming that you backend returns hostname<br />
// We try to get the ip else return what we got back<br />
$server_ip=(isset($backend_ip[$userserver]))?$backend_ip[$userserver] :$userserver;<br />
// Pass!<br />
pass($server_ip, $backend_port);<br />
<br />
//END<br />
<br />
<br />
function authuser($user,$pass){<br />
// put your logic here to authen the user to any backend<br />
// you want (datbase, ldap, etc)<br />
// for example, we will just return true;<br />
return true;<br />
}<br />
<br />
function getmailserver($user){<br />
// put the logic here to get the mailserver<br />
// backend for the user. You can get this from<br />
// some database or ldap etc<br />
// dummy logic, all users that start with a,c,f and g get mailhost01<br />
// the others get mailhost02<br />
if in_array(substr($user,0,1), array("a", "c", "f", "g")){<br />
return "mailhost01";<br />
} else {<br />
return "mailhost02";<br />
}<br />
}<br />
<br />
function fail(){<br />
header("Auth-Status: Invalid login or password");<br />
exit;<br />
}<br />
<br />
function pass($server,$port){<br />
header("Auth-Status: OK");<br />
header("Auth-Server: $server");<br />
header("Auth-Port: $port");<br />
exit;<br />
}<br />
<br />
</geshi></div>Uidvalidity