Created
November 8, 2020 11:21
-
-
Save comprofix/1449ab4069060d18ee6197c82c943558 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<VirtualHost *:80> | |
ServerName exchange.comprofix.com | |
ServerAlias autodiscover.comprofix.com | |
ServerAdmin support.comprofix.com | |
ErrorLog ${APACHE_LOG_DIR}/exchange.comprofix.com_error.log | |
CustomLog ${APACHE_LOG_DIR}/exchange.comprofix.com_access.log combined | |
Header set X-Frame-Options: "SAMEORIGIN" | |
Header set Server Apache | |
Requestheader unset expect early | |
Header unset X-AspNet-Version | |
Header unset X-OWA-version | |
Header unset X-Powered-By | |
ProxyRequests Off | |
RewriteEngine On | |
RewriteCond %{HTTPS} !=on | |
RewriteRule ^/owa(.*) https://exchange.comprofix.com/owa/$1 [R,L] | |
RewriteRule ^/ecp(.*) https://exchange.comprofix.com/ecp/$1 [R,L] | |
RewriteRule ^/Microsoft-Server-ActiveSync(.*) https://exchange.comprofix.com/Microsoft-Server-ActiveSync/$1 [R,L] | |
DocumentRoot /var/www/exchange.comprofix.com | |
<Directory /> | |
Order deny,allow | |
Deny from all | |
</Directory> | |
<Directory /var/www/exchange.comprofix.com> | |
DirectoryIndex index.php index.html | |
Options -Indexes +FollowSymLinks | |
Order allow,deny | |
Allow from all | |
</Directory> | |
<Proxy *> | |
Order deny,allow | |
Allow from all | |
</Proxy> | |
</VirtualHost> | |
<VirtualHost *:443> | |
DocumentRoot /var/www/exchange.comprofix.com | |
ServerName exchange.comprofix.com | |
ServerAlias autodiscover.comprofix.com | |
ServerAdmin support@comprofix.com | |
ErrorLog ${APACHE_LOG_DIR}/exchange.comprofix.com_ssl_error.log | |
CustomLog ${APACHE_LOG_DIR}/exchange.comprofix.com_ssl_access.log combined | |
Header set X-Frame-Options: "SAMEORIGIN" | |
Header set Server Apache | |
Requestheader unset expect early | |
Header unset X-AspNet-Version | |
Header unset X-OWA-version | |
Header unset X-Powered-By | |
SetEnvIf User-Agent ".*MSIE.*" Value BrowserMSIE | |
Header unset WWW-Authenticate | |
Header add WWW-Authenticate "Basic auth = exchange.comprofix.com" | |
ProxyRequests Off | |
ProxyPreserveHost On | |
# Derived from https://github.com/phr0gz/Apache-reverse-proxy-for-Exchange-2010-2013-2016/blob/master/webmail.conf | |
ProxyVia Full | |
RequestHeader edit Transfer-Encoding Chunked chunked early | |
RequestHeader unset Accept-Encoding | |
TimeOut 1800 | |
# Copied from the end | |
SSLProxyEngine On | |
# Avoid problems with communication between the Apache proxy and the Exchange server | |
# All SSL checks are switched off. For example, a self-signed certificate can also be used internally | |
SSLProxyVerify none | |
SSLProxyCheckPeerCN off | |
SSLProxyCheckPeerName off | |
SSLProxyCheckPeerExpire off | |
# The following line causes a call from only https: //sub.name.suffix to https: //sub.name.suffix/owa to be forwarded | |
Redirect / /owa/ | |
# owa | |
ProxyPass /owa https://10.10.10.3/owa | |
ProxyPassReverse /owa https://10.10.10.3/owa | |
ProxyPass /OWA https://10.10.10.3/OWA | |
ProxyPassReverse /OWA https://10.10.10.3/OWA | |
ProxyPass /Owa https://10.10.10.3/Owa | |
ProxyPassReverse /Owa https://10.10.10.3/Owa | |
# ecp = admin interface - if access is not required, simply comment out! | |
ProxyPass /ecp https://10.10.10.3/ecp | |
ProxyPassReverse /ecp https://10.10.10.3/ecp | |
ProxyPass /ECP https://10.10.10.3/ECP | |
ProxyPassReverse /ECP https://10.10.10.3/ECP | |
ProxyPass /Ecp https://10.10.10.3/Ecp | |
ProxyPassReverse /Ecp https://10.10.10.3/Ecp | |
# mapi | |
ProxyPass /mapi https://10.10.10.3/mapi | |
ProxyPassReverse /mapi https://10.10.10.3/mapi | |
# ews -> Exchange Web Services | |
ProxyPass /ews https://10.10.10.3/ews | |
ProxyPassReverse /ews https://10.10.10.3/ews | |
ProxyPass /EWS https://10.10.10.3/EWS | |
ProxyPassReverse /EWS https://10.10.10.3/EWS | |
ProxyPass /Ews https://10.10.10.3/Ews | |
ProxyPassReverse /Ews https://10.10.10.3/Ews | |
ProxyPass /exchange https://10.10.10.3/exchange | |
ProxyPassReverse /exchange https://10.10.10.3/exchange | |
ProxyPass /Exchange https://10.10.10.3/Exchange | |
ProxyPassReverse /Exchange https://10.10.10.3/Exchange | |
ProxyPass /exchweb https://10.10.10.3/exchweb | |
ProxyPassReverse /exchweb https://10.10.10.3/exchweb | |
ProxyPass /public https://10.10.10.3/public | |
ProxyPassReverse /public https://10.10.10.3/public | |
# oab (Offline Address Book) | |
ProxyPass /oab https://10.10.10.3/oab | |
ProxyPassReverse /oab https://10.10.10.3/oab | |
ProxyPass /OAB https://10.10.10.3/OAB | |
ProxyPassReverse /OAB https://10.10.10.3/OAB | |
# RPC over http (s) / Outlook Anywhere | |
OutlookAnywherePassthrough On | |
ProxyPass /rpc https://10.10.10.3/rpc | |
ProxyPassReverse /rpc https://10.10.10.3/rpc | |
ProxyPass /Rpc https://10.10.10.3/Rpc | |
ProxyPassReverse /Rpc https://10.10.10.3/Rpc | |
# Microsoft-Server-ActiveSync | |
ProxyPass /Microsoft-Server-ActiveSync https://10.10.10.3/Microsoft-Server-ActiveSync connectiontimeout=900 | |
ProxyPassReverse /Microsoft-Server-ActiveSync https://10.10.10.3/Microsoft-Server-ActiveSync | |
# Problem with sending file attachments> 128KByte via ActiceSync work around (new value 30MByte) | |
<Directory /Microsoft-Server-ActiveSync> | |
SSLRenegBufferSize 31457280 | |
</Directory> | |
# AutoDiscover -> Autodiscover for non-AD integrated Clients (Mac, eg.) | |
ProxyPass /autodiscover https://10.10.10.3/autodiscover | |
ProxyPassReverse /autodiscover https://10.10.10.3/autodiscover | |
ProxyPass /Autodiscover https://10.10.10.3/Autodiscover | |
ProxyPassReverse /Autodiscover https://10.10.10.3/Autodiscover | |
ProxyPass /AutoDiscover https://10.10.10.3/AutoDiscover | |
ProxyPassReverse /AutoDiscover https://10.10.10.3/AutoDiscover | |
# Specify character set for umlauts | |
AddDefaultCharset ISO-8859-1 | |
<Directory /> | |
Order deny,allow | |
Deny from all | |
</Directory> | |
<Directory /var/www/exchange.comprofix.com> | |
DirectoryIndex index.php index.html | |
Options -Indexes +FollowSymLinks | |
Order allow,deny | |
Allow from all | |
</Directory> | |
<Proxy *> | |
SetEnv proxy-nokeepalive 1 | |
SetEnv force-proxy-request-1.0 1 | |
Order deny,allow | |
Allow from all | |
</Proxy> | |
# Use a Lets Encrypt certificate externally: | |
SSLEngine on | |
SSLProtocol All -SSLv2 -SSLv3 | |
SSLHonorCipherOrder on | |
SSLCertificateFile /etc/letsencrypt/live/exchange.comprofix.com/fullchain.pem | |
SSLCertificateKeyFile /etc/letsencrypt/live/exchange.comprofix.com/privkey.pem | |
SSLCertificateChainFile /etc/letsencrypt/live/exchange.comprofix.com/chain.pem | |
BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 | |
# MSIE 7 and newer should be able to use keepalive | |
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown | |
</VirtualHost> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment