Instantly share code, notes, and snippets.

@taddev /nginx.conf
Last active Sep 28, 2018

Embed
What would you like to do?
Nginx reverse proxy to Exchange 2010/2013
server {
listen 80;
#listen [::]:80;
server_name mail.gwtest.us autodiscover.gwtest.us;
return 301 https://$host$request_uri;
}
server {
listen 443;
#listen [::]:443 ipv6only=on;
ssl on;
ssl_certificate /etc/ssl/nginx/mail.gwtest.us.crt;
ssl_certificate_key /etc/ssl/nginx/mail.gwtest.us.open.key;
ssl_session_timeout 5m;
server_name mail.gwtest.us;
location / {
return 301 https://mail.gwtest.us/owa;
}
proxy_read_timeout 360;
proxy_pass_header Date;
proxy_pass_header Server;
#proxy_pass_header Authorization;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location ~* ^/owa { proxy_pass https://exch1.test.local; }
location ~* ^/Microsoft-Server-ActiveSync { proxy_pass https://exch1.test.local; }
location ~* ^/ecp { proxy_pass https://exch1.test.local; }
location ~* ^/rpc { proxy_pass https://exch1.test.local; }
#location ~* ^/mailarchiver { proxy_pass https://mailarchiver.local; }
error_log /var/log/nginx/owa-ssl-error.log;
access_log /var/log/nginx/owa-ssl-access.log;
}
@Edrard

This comment has been minimized.

Show comment
Hide comment
@Edrard

Edrard Dec 17, 2013

Just a fast question, where to get mail.gwtest.us.open.key and mail.gwtest.us.crt ?

Edrard commented Dec 17, 2013

Just a fast question, where to get mail.gwtest.us.open.key and mail.gwtest.us.crt ?

@taddev

This comment has been minimized.

Show comment
Hide comment
@taddev

taddev Jan 29, 2014

That is a certificate/key pair that you'll need to generate yourself. They don't need to be named that, you should probably review SSL certificates in Nginx if you're asking that question.

Owner

taddev commented Jan 29, 2014

That is a certificate/key pair that you'll need to generate yourself. They don't need to be named that, you should probably review SSL certificates in Nginx if you're asking that question.

@de1phi48

This comment has been minimized.

Show comment
Hide comment
@de1phi48

de1phi48 Mar 27, 2014

encountered a problem while proxying RPC. In the logs as follows:
"RPC_IN_DATA /rpc/rpcproxy.dll?srv5.domain.loc:6004 HTTP/1.1" 408 0 "-" "MSRPC"
"RPC_OUT_DATA /rpc/rpcproxy.dll?srv5.domain.loc:6001 HTTP/1.1" 200 0 "-" "MSRPC"

de1phi48 commented Mar 27, 2014

encountered a problem while proxying RPC. In the logs as follows:
"RPC_IN_DATA /rpc/rpcproxy.dll?srv5.domain.loc:6004 HTTP/1.1" 408 0 "-" "MSRPC"
"RPC_OUT_DATA /rpc/rpcproxy.dll?srv5.domain.loc:6001 HTTP/1.1" 200 0 "-" "MSRPC"

@smcstewart

This comment has been minimized.

Show comment
Hide comment
@smcstewart

smcstewart Apr 24, 2014

As alluded to by @de1phi48, unfortunately this configuration and Nginx in general will not work with Exchange's RPC over HTTP (Outlook Anywhere). Consider something like Squid or HAProxy if you need this, otherwise, if you don't need Outlook Anywhere, this configuration is solid.

smcstewart commented Apr 24, 2014

As alluded to by @de1phi48, unfortunately this configuration and Nginx in general will not work with Exchange's RPC over HTTP (Outlook Anywhere). Consider something like Squid or HAProxy if you need this, otherwise, if you don't need Outlook Anywhere, this configuration is solid.

@tigunov

This comment has been minimized.

Show comment
Hide comment
@tigunov

tigunov Jul 2, 2015

I have found solution for Outlook Anywhere -- it will work on nginx starting from 1.7.11
all you need -- add roxy_pass_request_headers on; to server section.

In this configuration notifications on OWA doesn't work too

final config
server {
server_name mail.contoso.com;
server_name autodiscover.contoso.com;
listen 80;
return 301 https://$host$request_uri;
}

server {
server_name mail.contoso.com;
server_name autodiscover.contoso.com;
keepalive_timeout 3h;
proxy_read_timeout 3h;
#reset_timedout_connection on;
tcp_nodelay on;
listen 443 ssl;
client_max_body_size 3G;
#proxy_pass_header Authorization;
proxy_pass_header Date;
proxy_pass_header Server;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Accept-Encoding "";
proxy_pass_request_headers on;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off;
proxy_set_header Connection "Keep-Alive";

    location / {
            proxy_pass https://exchange.internal/;
            proxy_next_upstream error timeout invalid_header http_500 http_503;
    }

}

for sure it will be better to add restrictions to access only to the needed locations and etc, but it's nice that all functionality works fine =)

tigunov commented Jul 2, 2015

I have found solution for Outlook Anywhere -- it will work on nginx starting from 1.7.11
all you need -- add roxy_pass_request_headers on; to server section.

In this configuration notifications on OWA doesn't work too

final config
server {
server_name mail.contoso.com;
server_name autodiscover.contoso.com;
listen 80;
return 301 https://$host$request_uri;
}

server {
server_name mail.contoso.com;
server_name autodiscover.contoso.com;
keepalive_timeout 3h;
proxy_read_timeout 3h;
#reset_timedout_connection on;
tcp_nodelay on;
listen 443 ssl;
client_max_body_size 3G;
#proxy_pass_header Authorization;
proxy_pass_header Date;
proxy_pass_header Server;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Accept-Encoding "";
proxy_pass_request_headers on;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off;
proxy_set_header Connection "Keep-Alive";

    location / {
            proxy_pass https://exchange.internal/;
            proxy_next_upstream error timeout invalid_header http_500 http_503;
    }

}

for sure it will be better to add restrictions to access only to the needed locations and etc, but it's nice that all functionality works fine =)

@mkaliyannan

This comment has been minimized.

Show comment
Hide comment
@mkaliyannan

mkaliyannan Aug 12, 2015

Is this configration works for outlook anywhere ?

mkaliyannan commented Aug 12, 2015

Is this configration works for outlook anywhere ?

@EngineXX

This comment has been minimized.

Show comment
Hide comment
@EngineXX

EngineXX Sep 21, 2015

Hello,
Thank you for your script, but ActiveSync doesn't works ...
Any solution ?

Regards,

EngineXX commented Sep 21, 2015

Hello,
Thank you for your script, but ActiveSync doesn't works ...
Any solution ?

Regards,

@jbostoen

This comment has been minimized.

Show comment
Hide comment
@jbostoen

jbostoen Feb 14, 2016

Currently using Tigunov's config, did anyone get ActiveSync to work (I'd be happy with Basic Authentication, NTLM seems to be impossible right now)?

When using Exchange Connectivity test (Microsoft's online version), I now get up to the point where ActiveSync is tested (which is a lot further). "OPTIONS" tests fine, but "FolderSync" fails .

jbostoen commented Feb 14, 2016

Currently using Tigunov's config, did anyone get ActiveSync to work (I'd be happy with Basic Authentication, NTLM seems to be impossible right now)?

When using Exchange Connectivity test (Microsoft's online version), I now get up to the point where ActiveSync is tested (which is a lot further). "OPTIONS" tests fine, but "FolderSync" fails .

@adamjs83

This comment has been minimized.

Show comment
Hide comment
@adamjs83

adamjs83 Feb 19, 2016

@jbostoen did you make sure it works without nginx in front? I spent a lot of time on this and it turned out to be an exchange issue that needed fixing.

adamjs83 commented Feb 19, 2016

@jbostoen did you make sure it works without nginx in front? I spent a lot of time on this and it turned out to be an exchange issue that needed fixing.

@adamjs83

This comment has been minimized.

Show comment
Hide comment
@adamjs83

adamjs83 Feb 24, 2016

I finally got this working and posted the detailed instructions on my blog. http://blog.adamjoshuasmith.com/deploying-exchange-2016-behind-nginx-free/

@jbostoen I believe your issue is that you are using an Admin user account which will not work with Activesync. try creating a new user who is only in the Domain User group and test active sync with that mailbox. If it works, you know where your problem is.

adamjs83 commented Feb 24, 2016

I finally got this working and posted the detailed instructions on my blog. http://blog.adamjoshuasmith.com/deploying-exchange-2016-behind-nginx-free/

@jbostoen I believe your issue is that you are using an Admin user account which will not work with Activesync. try creating a new user who is only in the Domain User group and test active sync with that mailbox. If it works, you know where your problem is.

@jbostoen

This comment has been minimized.

Show comment
Hide comment
@jbostoen

jbostoen Aug 24, 2017

Just stumbling back on this. Desktop Outlook is what I need to get working...
Thanks for the great write-up!

jbostoen commented Aug 24, 2017

Just stumbling back on this. Desktop Outlook is what I need to get working...
Thanks for the great write-up!

@Martinvdm

This comment has been minimized.

Show comment
Hide comment
@Martinvdm

Martinvdm Jul 6, 2018

I have tried this config from tigunov and from adamjs83 but both configs are not working with outlook anywhere and Exchange 2013 with RPC over HTTP. Nginx logging is generating 401 for RPC_IN_DATA and Outlook keeps asking for login credentials. Somebody know what i am doing wrong here?

Martinvdm commented Jul 6, 2018

I have tried this config from tigunov and from adamjs83 but both configs are not working with outlook anywhere and Exchange 2013 with RPC over HTTP. Nginx logging is generating 401 for RPC_IN_DATA and Outlook keeps asking for login credentials. Somebody know what i am doing wrong here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment