-
-
Save enoch85/573dac9005f0c8f1b826cc22e520e0ae to your computer and use it in GitHub Desktop.
# nginx@nginx:~$ cat /etc/nginx/sites-available/outlook.conf | |
server { | |
listen 192.168.128.2:80; | |
server_name yourdomain.com; | |
return 301 https://yourdomain.com$request_uri; | |
} | |
server { | |
listen 192.168.128.2:443; | |
server_name yourdomain.com; | |
set $exchange2016 https://192.168.128.112:443; | |
# Redirect from "/" to "/owa" by default | |
rewrite ^/$ https://yourdomain.com/owa permanent; | |
# Enable SSL | |
ssl on; | |
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; | |
ssl_session_timeout 5m; | |
# Set global proxy settings | |
proxy_pass_request_headers on; | |
proxy_read_timeout 360; | |
proxy_pass_header Date; | |
proxy_pass_header Server; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
# RPC Exchange 2010 (https://gist.github.com/taddev/7275873#gistcomment-3555437) | |
# proxy_set_header Authorization $http_authorization; | |
# proxy_pass_header Authorization; | |
location ~* ^/owa { proxy_pass $exchange2016; } | |
location ~* ^/Microsoft-Server-ActiveSync { proxy_pass $exchange2016; } | |
location ~* ^/ecp { proxy_pass $exchange2016; } | |
location ~* ^/Rpc { proxy_pass $exchange2016; } | |
#location ~* ^/mailarchiver { proxy_pass https://mailarchiver.local; } | |
error_log /var/log/nginx/owa-ssl-error.log; | |
access_log /var/log/nginx/owa-ssl-access.log; | |
} | |
server { | |
listen 192.168.128.2:443; | |
server_name autodiscover.yourdomain.com; | |
# Enable SSL | |
ssl on; | |
ssl_certificate /etc/letsencrypt/live/autodiscover.yourdomain.com/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/autodiscover.yourdomain.com/privkey.pem; | |
ssl_session_timeout 5m; | |
# Set global proxy settings | |
proxy_pass_request_headers on; | |
proxy_read_timeout 360; | |
proxy_pass_header Date; | |
proxy_pass_header Server; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
# RPC Exchange 2010 (https://gist.github.com/taddev/7275873#gistcomment-3555437) | |
# proxy_set_header Authorization $http_authorization; | |
# proxy_pass_header Authorization; | |
location ~* ^/Autodiscover { proxy_pass $exchange2016; } | |
error_log /var/log/nginx/owa-ssl-error.log; | |
access_log /var/log/nginx/owa-ssl-access.log; | |
} |
Thanks for sharing! Working good with Exchange Server 2019 and NGINX compiled from source
Glad I can help!
how can i download fullchain.pem and privkey.pem?
Thank you!
@AlessandroAmenduni You have to generate the certs yourself. Easiest option is to use Let's Encrypt (Certbot).
Thank you so much!
@enoch85 Hi Daniel, thank you for this article!
I tried your config on my exchange and couldn't get it up ...
In your config 192.168.128.2 is exchange server and $exchange2016 on 192.168.128.112 also?
@kokosik8998 192.168.128.2
is the proxy server.
@kokosik8998
192.168.128.2
is the proxy server.
Thank you!
Any idea about certificate based authentication?
Add ssl_verify_client on and ssl_client_certificate, but got blank/empty page...
Hi, mi nginx server have nextcloud, openoffice and in another server have exchange. I put this and other scripts to get connectivity with SSL, but the problem it´s the same. Can't communicate with 443 and/or getting SSL cert. What it's worng ? I have the needed ports open (like 80, 443, 584, 110, 143, etc).
Thanks for sharing! Working good with Exchange Server 2019 and NGINX compiled from source