Exchange vs ProxyPass on Apache or NGINX

michaldejmek

New Member
Credits
0
Hello IT, I have a problem with creating "proxypss" for Exchange 2019. If I created the configuration, I have a problem with NTLM :(
My config for Apache:

Code:
<VirtualHost *:443>
   ServerName mail.domain.com

   SSLEngine on

    SSLCertificateFile /etc/httpd/certs/2018-wildcard-domain-com.crt
    SSLCertificateKeyFile /etc/httpd/certs/2018-wildcard-domain-com.key
    SSLCertificateChainFile /etc/httpd/certs/GeoTrustRSACA2018.pem

   SSLProxyEngine on
   ProxyPreserveHost On

   Header always set X-Frame-Options SAMEORIGIN
   Header set Server Apache
   Header unset X-AspNet-Version
   Header unset X-OWA-Version
   Header unset X-Powered-By

   RequestHeader unset Expect early

   SetEnvIf User-Agent ".*MSIE.*" value BrowserMSIE
   Header unset WWW-Authenticate
   Header add WWW-Authenticate "Basic realm=mail.domain.com"

## ProxyRequests Off
   ProxyRequests On
   ProxyPreserveHost On
   ProxyReceiveBufferSize 4096

   SSLProxyVerify none
   SSLProxyCheckPeerCN off
   SSLProxyCheckPeerName off
   SSLProxyCheckPeerExpire off

   OutlookAnywherePassthrough On

   # Outlook Web Access(OWA)
   ProxyPass /owa https://192.168.1.10/owa
   ProxyPassReverse /owa https://192.168.1.10/owa

   # Outlook Anywhere / RPC over http(s) 
   ProxyPass /rpc https://192.168.1.10/rpc
   ProxyPassReverse /rpc https://192.168.1.10/rpc

   ProxyPass /ews https://192.168.1.10/ews
   ProxyPassReverse /ews https://192.168.1.10/ews

   ProxyPass /autodiscover https://192.168.1.10/autodiscover
   ProxyPassReverse /autodiscover https://192.168.1.10/autodiscover

   # Microsoft ActiveSync
   ProxyPass /Microsoft-Server-ActiveSync https://192.168.1.10/Microsoft-Server-ActiveSync connectiontimeout=600
   ProxyPassReverse /Microsoft-Server-ActiveSync https://192.168.1.10/Microsoft-Server-ActiveSync

   <Directory /Microsoft-Server-ActiveSync>
      SSLRenegBufferSize 31457280
  </Directory>
</VirtualHost>
My config for NGinx:
NGINX:
server {
    listen      443 ssl http2;
    server_name mail.domain.com;

    # Certificate(s) and private key
    ssl_certificate             /etc/nginx/certs/2018-wildcard-domain-com.crt;
    ssl_certificate_key         /etc/nginx/certs/2018-wildcard-domain-com.key;
    ssl_trusted_certificate     /etc/nginx/certs/GeoTrustRSACA2018.pem;

    include /etc/nginx/options-ssl-nginx.conf;

        proxy_connect_timeout   360;
        proxy_read_timeout      360;

        proxy_http_version 1.1;
        proxy_pass_request_headers on;

        proxy_pass_header Date;
        proxy_pass_header Server;

        proxy_pass_header       Authorization;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Accept-Encoding "";

        more_set_input_headers 'Authorization: $http_authorization';
        proxy_set_header Accept-Encoding "";
        more_set_headers -s 401 'WWW-Authenticate: Basic realm="$host"';
        #more_set_headers -s 401 'WWW-Authenticate: Basic realm=mail.domain.com';


        location = / {
            return 301 "/owa/";
        }

        location = /favicon.ico {
            empty_gif;
            access_log off;
        }

        location /rpc {  proxy_pass grpc://192.168.1.10; }
        location / {  proxy_pass https://192.168.1.10; }

        error_log /var/log/nginx/haproxy-error.log debug;
        access_log /var/log/nginx/haproxy-access.log;

}

Always i have error message:
Code:
"RPC_IN_DATA /rpc/[email protected]:6001 HTTP/1.1" 400 226 "-" "MSRPC"
"RPC_OUT_DATA /rpc/[email protected]:6001 HTTP/1.1" 500 273 "-" "MSRPC"

[proxy:error] [pid 12762:tid 139679617726208] (20014)Internal error (specific information not available): [client xx.xx.xx.xx:62044] AH01084: pass request body failed to xx.xx.xx.xx:443 (xx.xx.xx.xx)
[proxy:error] [pid 12762:tid 139679617726208] [client xx.xx.xx.xx:62044] AH00898: Error during SSL Handshake with remote server returned by /rpc/rpcproxy.dll
[W[proxy_http:error] [pid 12762:tid 139679617726208] [client xx.xx.xx.xx:62044] AH01097: pass request body failed to xx.xx.xx.xx:443 (xx.xx.xx.xx) from xx.xx.xx.xx ()
Can you help me ..? Thank you Michal.
 


Members online


Top