Exchange vs ProxyPass on Apache or NGINX


New Member
Dec 17, 2019
Reaction score
Hello IT, I have a problem with creating "proxypss" for Exchange 2019. If I created the configuration, I have a problem with NTLM :(
My config for Apache:

<VirtualHost *:443>

   SSLEngine on

    SSLCertificateFile /etc/httpd/certs/2018-wildcard-domain-com.crt
    SSLCertificateKeyFile /etc/httpd/certs/2018-wildcard-domain-com.key
    SSLCertificateChainFile /etc/httpd/certs/GeoTrustRSACA2018.pem

   SSLProxyEngine on
   ProxyPreserveHost On

   Header always set X-Frame-Options SAMEORIGIN
   Header set Server Apache
   Header unset X-AspNet-Version
   Header unset X-OWA-Version
   Header unset X-Powered-By

   RequestHeader unset Expect early

   SetEnvIf User-Agent ".*MSIE.*" value BrowserMSIE
   Header unset WWW-Authenticate
   Header add WWW-Authenticate "Basic"

## ProxyRequests Off
   ProxyRequests On
   ProxyPreserveHost On
   ProxyReceiveBufferSize 4096

   SSLProxyVerify none
   SSLProxyCheckPeerCN off
   SSLProxyCheckPeerName off
   SSLProxyCheckPeerExpire off

   OutlookAnywherePassthrough On

   # Outlook Web Access(OWA)
   ProxyPass /owa
   ProxyPassReverse /owa

   # Outlook Anywhere / RPC over http(s) 
   ProxyPass /rpc
   ProxyPassReverse /rpc

   ProxyPass /ews
   ProxyPassReverse /ews

   ProxyPass /autodiscover
   ProxyPassReverse /autodiscover

   # Microsoft ActiveSync
   ProxyPass /Microsoft-Server-ActiveSync connectiontimeout=600
   ProxyPassReverse /Microsoft-Server-ActiveSync

   <Directory /Microsoft-Server-ActiveSync>
      SSLRenegBufferSize 31457280

My config for NGinx:
server {
    listen      443 ssl http2;

    # Certificate(s) and private key
    ssl_certificate             /etc/nginx/certs/2018-wildcard-domain-com.crt;
    ssl_certificate_key         /etc/nginx/certs/2018-wildcard-domain-com.key;
    ssl_trusted_certificate     /etc/nginx/certs/GeoTrustRSACA2018.pem;

    include /etc/nginx/options-ssl-nginx.conf;

        proxy_connect_timeout   360;
        proxy_read_timeout      360;

        proxy_http_version 1.1;
        proxy_pass_request_headers on;

        proxy_pass_header Date;
        proxy_pass_header Server;

        proxy_pass_header       Authorization;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Accept-Encoding "";

        more_set_input_headers 'Authorization: $http_authorization';
        proxy_set_header Accept-Encoding "";
        more_set_headers -s 401 'WWW-Authenticate: Basic realm="$host"';
        #more_set_headers -s 401 'WWW-Authenticate: Basic';

        location = / {
            return 301 "/owa/";

        location = /favicon.ico {
            access_log off;

        location /rpc {  proxy_pass grpc://; }
        location / {  proxy_pass; }

        error_log /var/log/nginx/haproxy-error.log debug;
        access_log /var/log/nginx/haproxy-access.log;


Always i have error message:
"RPC_IN_DATA /rpc/[email protected]:6001 HTTP/1.1" 400 226 "-" "MSRPC"
"RPC_OUT_DATA /rpc/[email protected]:6001 HTTP/1.1" 500 273 "-" "MSRPC"

[proxy:error] [pid 12762:tid 139679617726208] (20014)Internal error (specific information not available): [client xx.xx.xx.xx:62044] AH01084: pass request body failed to xx.xx.xx.xx:443 (xx.xx.xx.xx)
[proxy:error] [pid 12762:tid 139679617726208] [client xx.xx.xx.xx:62044] AH00898: Error during SSL Handshake with remote server returned by /rpc/rpcproxy.dll
[W[proxy_http:error] [pid 12762:tid 139679617726208] [client xx.xx.xx.xx:62044] AH01097: pass request body failed to xx.xx.xx.xx:443 (xx.xx.xx.xx) from xx.xx.xx.xx ()

Can you help me ..? Thank you Michal.
MALIBAL Linux Laptops

Linux Laptops Custom Built for You
MALIBAL is an innovative computer manufacturer that produces high-performance, custom laptops for Linux.

For more info, visit:

Members online

Latest posts