Nginx作为Exchange代理

Question

I've been looking for a solution for this for quite a few hours already. I'm rather new to Nginx as well, so if someone could help me with a demo config, it would be superb.

• 1 public IP address (this is what's causing so much trouble)
• Nginx as proxy
• Exchange 2013

Current situation:

• http: apps.domain.org, video.domain.org, geo.domain.org . Traffic on port 80 goes to the Nginx server.
• https: mail.domain.org . Traffic on port 443 goes straight to Exchange 2013.

Now, we need https / SSL on our apps.domain.org . Our firewall only checks the IP addresses and forwards traffic.

So basically, my idea is to have all traffic go to Nginx. There, I need to know what's for mail.domain.org and redirect it to Exchange. Specifically, I need everything to work. OWA, autodiscover: OK. But I'm struggling with what seems to be RPC .

Someone mentioned I should use a stream config in Nginx to manage that.

But I don't know how to differentiate, so that only mail.domain.org uses a stream, while apps.domain.org is in a http config?

---

My current config (thanks to the links below, but in particular tigunov's comment about getting Outlook Anywhere aka RPC to work) gets me further than before. Currently failing at a FolderSync attempt when I try Microsoft's Remote Connectivity Analyzer. In Outlook, the credentials box still pops up.

---

server {
       (server_name , SSL-certs etc)

        # Set global proxy settings
        proxy_pass_header       Date;
        proxy_pass_header       Server;

        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        Accept-Encoding "";


        keepalive_timeout 3h;
        proxy_read_timeout 3h;
        #reset_timedout_connection on;
        tcp_nodelay on;
        client_max_body_size 3G;
        #proxy_pass_header Authorization;
        proxy_pass_request_headers on;
        proxy_http_version 1.1;
        proxy_request_buffering off;
        proxy_buffering off;
        proxy_set_header Connection "Keep-Alive";

}

Test now results in: (everything fine, including ActiveSync - OPTIONS), but:

Attempting the FolderSync command on the Exchange ActiveSync session.
The test of the FolderSync command failed.

Exception details:
Message: The request was aborted: The request was canceled.
Type: System.Net.WebException
Stack trace:

at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Exchange.Tools.ExRca.Extensions.RcaHttpRequest.GetResponse()
Elapsed Time: 526 ms. 

No further details to be seen in the connectivity tool.

Answer 1

This configuration is based on Tad DeVries' configuration found here and Daniel Kempkens' fix for autodiscover and RPC issues found here .

Note that since I don't have an Exchange environment to test against, I'm not sure if this configuration will work properly, but it's worth a try.

server {
        listen 80;
        #listen [::]:80;
        server_name mail.gwtest.us autodiscover.gwtest.us;
        return 301 https://$host$request_uri;
}

server {
        listen 443;
        #listen [::]:443 ipv6only=on;
        ssl                     on;
        ssl_certificate         /etc/ssl/nginx/mail.gwtest.us.crt;
        ssl_certificate_key     /etc/ssl/nginx/mail.gwtest.us.open.key;
        ssl_session_timeout     5m;

        server_name mail.gwtest.us;

        location / {
                return 301 https://mail.gwtest.us/owa;
        }

        proxy_http_version      1.1;
        proxy_read_timeout      360;
        proxy_pass_header       Date;
        proxy_pass_header       Server;
        proxy_pass_header       Authorization;

        proxy_set_header        Accept-Encoding "";
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

        more_set_input_headers 'Authorization: $http_authorization';
        more_set_headers -s 401 'WWW-Authenticate: Basic realm="exch1.test.local"';

        location ~* ^/owa { proxy_pass https://exch1.test.local; }
        location ~* ^/Microsoft-Server-ActiveSync { proxy_pass https://exch1.test.local; }
        location ~* ^/ecp { proxy_pass https://exch1.test.local; }
        location ~* ^/rpc { proxy_pass https://exch1.test.local; }
        #location ~* ^/mailarchiver { proxy_pass https://mailarchiver.local; }

        error_log /var/log/nginx/owa-ssl-error.log;
        access_log /var/log/nginx/owa-ssl-access.log;
}