Exchange / Outlook - RPC Method and Error 405

gmor nginx-forum at
Thu Apr 18 11:07:55 UTC 2013


Happy to share my config. This is based on HAProxy Version 1.5-Dev17.

It's by no means perfect, but's working for us at the moment:


  # Default Maximum Number of Connections. Used to set ulimit -n
  maxconn 20000

  # Run as a Daemon Service in the Background

  # Define the Number of Processor Cores - Not Essential
  #nbproc 2

  # Allows Turning Off of Kernel TCP Splicing - Not Essential

  # Logging Setting. Local to Local Syslog and Control from There
  log daemon
  log-tag haproxy

  # Define a UNIX Socket so that you can Admin the Service interactively
  stats socket /usr/local/sbin/haproxy-socket level admin


  # Do Not Log Connections with No Requests
  option dontlognull

  # Force Clients to try and Reconnect to an Alternative Server if one is
  option redispatch

  # Ensure that Streaming HTTP Works Correctly - Vital for Outlook Anywhere
  option http-no-delay

  # Enable Continuous Stats for Long Running Connections
  option contstats

  # Log All HTTP Date
  option httplog

  # Log Request and Responses as Fast as Possible
  option logasap

  # Set Logging to the Setting in Global
  log global

  # Define the Method of Load Balancing - source = Source IP Hash
  balance source

  # Client Inactivity Timeout
  #timeout client 900s
  timeout client 3600s

  # Server Inactivity Timeout
  #timeout server 900s
  timeout server 3600s

  # Maximum Time a Request is Queued on the Load Balancer
  timeout queue 30s

  # Other Timeouts - Need Investigating
  timeout connect 5s
  timeout http-keep-alive 1s
  timeout http-request 15s
  timeout tarpit 1m

  # Define the Default Server Checking Behaviour - 10 seconds, 3 Missed
Checks is Failure, 2 Successful Check Brings Server Back
  default-server inter 10s fall 3 rise 2

userlist stats-auth

  # User / Password for Admin Access to Stats Page
  group stats-admin users admin
  user admin password [Remvoed]

  # User / Password for Monitor Access to Stats Page
  group stats-readonly users monitor
  user monitor password [Removed]

listen stats

  # Define the Mode
  mode http

  # Bind to an IP Address/Port

  # Define ACLs to be Used in the Stats Authentication Process
  acl AUTH-readonly http_auth_group(stats-auth) stats-readonly
  acl AUTH-admin http_auth_group(stats-auth) stats-admin
  acl net-allowed src

  # Enable Various Stats Features
  stats enable
  stats show-desc Load Balancer for Exchange
  stats uri /
  stats refresh 10s

  # Enable Stats Auth
  stats http-request auth unless AUTH-admin OR AUTH-readonly
  stats admin if AUTH-admin

  # Block Access Unless in the Allow Network Range
  block unless net-allowed

frontend ft_exchange

  # Define the Mode
  mode http

  # Define the Maximum Number of Connections for the Frontend
  maxconn 8000

  # Bind to an IP Address/Port, Select SSL and specific the Certificate
  # The Ciphers option for SSL can be Added: ciphers
  bind ssl crt /etc/ssl/ ciphers

  # Define a List of Accepted ACLs for Future use
  acl all-exchange path_beg -i /autodiscover /owa /oab /ews /public
/microsoft-server-activesync /rpc
  acl root url_len 1
  acl autodiscover path_beg -i /autodiscover
  acl owa path_beg -i /owa
  acl oab path_beg -i /oab
  acl ews path_beg -i /ews
  acl public path_beg -i /public
  acl activesync path_beg -i /microsoft-server-activesync
  acl outlook-anywhere path_beg -i /rpc

  # Block All Request Except Those to Exchange Virtual Directories
  block unless all-exchange OR root

  # Redirect is the URL is a Single Character, which can only mean /
  redirect location /owa if root

  # Capture the User-Agent Header, so that it is Added to the Log
  capture request header User-Agent len 50
  capture request header Content-Length len 120
  capture response header Content-Length len 120

  # Define Which Set of Backend Servers to Use
  default_backend bk_exchange_all

backend bk_exchange_all

  # Define the Mode
  mode http

  # Define the Overal Maximum Number of Connections for the Backend
  fullconn 8000

  # Define the Backend Servers
  server exchange01 check
  server exchange02 check

(IP addresses and names have been changed to protect to innocent).

Posted at Nginx Forum:,236709,238474#msg-238474

More information about the nginx mailing list