由于我的邮件系统是欧洲的,也就是:eu1.workspace.org。 国内访问特别慢。
如果你也有一台欧洲国内优化的机器,那么可以和我的做法一样。
配置 Web Mail
Web Mail 本质上就是一个 HTTPS 网站,所以直接使用 Nginx 的 location 做反向代理即可。
location / {
proxy_pass https://eu1.workspace.org;
proxy_http_version 1.1;
proxy_ssl_server_name on;
proxy_ssl_name eu1.workspace.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_redirect https://eu1.workspace.org/ https://mail.itsse.cn/;
proxy_redirect http://eu1.workspace.org/ https://mail.itsse.cn/;
}此效果和你CNAME解析效果一样。
Stream 代理配置
# IMAPS
server {
listen 993 ssl;
proxy_pass eu1.workspace.org:993;
ssl_certificate /cert/mail.itsse.cn/fullchain.pem;
ssl_certificate_key /cert/mail.itsse.cn/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:STREAMSSL:20m;
ssl_session_timeout 10m;
proxy_ssl on;
proxy_ssl_server_name on;
proxy_ssl_name eu1.workspace.org;
proxy_connect_timeout 10s;
proxy_timeout 300s;
}
# POP3S
server {
listen 995 ssl;
proxy_pass eu1.workspace.org:995;
ssl_certificate /cert/mail.itsse.cn/fullchain.pem;
ssl_certificate_key /cert/mail.itsse.cn/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:STREAMSSL:20m;
ssl_session_timeout 10m;
proxy_ssl on;
proxy_ssl_server_name on;
proxy_ssl_name eu1.workspace.org;
proxy_connect_timeout 10s;
proxy_timeout 300s;
}
# SMTPS 465
server {
listen 465 ssl;
proxy_pass eu1.workspace.org:465;
ssl_certificate /cert/mail.itsse.cn/fullchain.pem;
ssl_certificate_key /cert/mail.itsse.cn/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:STREAMSSL:20m;
ssl_session_timeout 10m;
proxy_ssl on;
proxy_ssl_server_name on;
proxy_ssl_name eu1.workspace.org;
proxy_connect_timeout 10s;
proxy_timeout 300s;
}
# SMTP SSL/TLS 2465
server {
listen 2465 ssl;
proxy_pass eu1.workspace.org:2465;
ssl_certificate /cert/mail.itsse.cn/fullchain.pem;
ssl_certificate_key /cert/mail.itsse.cn/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:STREAMSSL:20m;
ssl_session_timeout 10m;
proxy_ssl on;
proxy_ssl_server_name on;
proxy_ssl_name eu1.workspace.org;
proxy_connect_timeout 10s;
proxy_timeout 300s;
}
# SMTP SSL/TLS 587
server {
listen 587 ssl;
proxy_pass eu1.workspace.org:587;
ssl_certificate /cert/mail.itsse.cn/fullchain.pem;
ssl_certificate_key /cert/mail.itsse.cn/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:STREAMSSL:20m;
ssl_session_timeout 10m;
proxy_ssl on;
proxy_ssl_server_name on;
proxy_ssl_name eu1.workspace.org;
proxy_connect_timeout 10s;
proxy_timeout 300s;
}
# SMTP SSL/TLS 2587
server {
listen 2587 ssl;
proxy_pass eu1.workspace.org:2587;
ssl_certificate /cert/mail.itsse.cn/fullchain.pem;
ssl_certificate_key /cert/mail.itsse.cn/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:STREAMSSL:20m;
ssl_session_timeout 10m;
proxy_ssl on;
proxy_ssl_server_name on;
proxy_ssl_name eu1.workspace.org;
proxy_connect_timeout 10s;
proxy_timeout 300s;
}