On Sat, Sep 20, 2025 at 3:46 PM Bret Stern <[email protected]> wrote:
> Ok. Is there a recommended place for the TLS, or either one is fine. Just > confiming. > > Sounds like I'll need to remove a cert on one of the servers > thinking..Yes/No > > Thanks Frank. > On 9/20/2025 12:38 PM, Frank Gingras wrote: > > > > On Sat, Sep 20, 2025 at 3:12 PM Bret Stern < > [email protected]> wrote: > >> Hi there, >> >> I'm setting up and email server which is reverse proxyied behind a front >> end apache server. >> >> >> For the same domain...my dns has both a primary web server server, and >> an email server sitting behind a single wan ip. >> >> First question. >> >> Is this possible? >> >> At this point all email is working except smtp, which I'm thinking is a >> certificate problem. >> >> >> So I have certicates on the email server apache and the apache server >> providing the reverse proxy. >> >> And of course Postfix and Dovecot could have config issues, but mostly >> here I'm looking for verifying my described concept is >> >> achievable using apache. >> >> >> Comments or links to feasability and tips are always appreciated. >> >> Thanks, >> >> Bret >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> > Email and HTTP server had nothing to do with each other, practically. A > reverse HTTP proxy can be used to host a webmail interface to handle those > emails, sure, but then just handle the TLS termination either on the edge, > or the inner server. > > For the latter, just use SSLProxyEngine on. > > > It depends on what the backend interface requires - if it redirects to https:// automatically, then you'll need to offload TLS to the proxied server with SSLProxyEngine on. Otherwise, you can handle the TLS handshake on the edge server and speak non-TLS to the inner servers.
