Can't access OWA, OA and ActiveSync

alisampras nginx-forum at forum.nginx.org
Tue Oct 9 03:58:38 UTC 2018


Hi All,

Business Objective
Outside users (users travelling) should be able to access their email
through NGINX and it should redirect the connection to my Internal Exchange
server for authentication and access:
1. OWA
2. Outlook Anyway
3. ActiveSync


My environment info:
Client email access through External Proxy server is mail.example.com, IP
223.153.119.18. 
External DNS A record for mail.example.com point to IP 223.153.119.18

Internal Exchange server is EX-01.example.com with internal IP 10.10.10.11
Internal DNS A record for mail.example.com point to 10.10.10.11

So, if you noticed, all the outside user's email client will look for
mail.example.com with external IP 223.153.119.18.


Problem:
>From outside my office, i used my laptop to test.

1. Open browser, https://mail.example.com/owa
Authentication is pop up and i entered my credentials but it keep failing.

2. Outlook Anywhere got the pop up for authentication but it still keep
failing too.

Remark: Remember mail.example.com i entered in my browse will point to my
external ip 223.153.119.18





Hope ny looking at my below nginx config file, the NGINX or the Exchange
expert can spot my mistake.




Below is my NGINX config:
worker_processes  1;

events {
    worker_connections  1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request"
'
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  www.example.com;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        access_log  logs/www.access.log  main;
        error_log  logs/www.error.log;
    }


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

    server {
        listen 443 ssl;
        server_name     mail.example.com      autodiscover.example.com;

        ssl_certificate /etc/ssl/certs/mail.example.com.crt;
        ssl_certificate_key     /etc/ssl/private/mail.example.com.rsa;
        ssl_session_timeout     5m;

        client_max_body_size    3G;
        tcp_nodelay     on;

        proxy_request_buffering off;
        proxy_http_version      1.1;
        proxy_read_timeout      360;
        proxy_pass_header       Date;
        proxy_pass_header       Server;
        proxy_pass_header       Authorization;
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For 
$proxy_add_x_forwarded_for;
        proxy_pass_request_headers      on;
        proxy_set_header        Accept-Encoding "";
        proxy_buffering off;
        proxy_set_header        Connection "Keep-Alive";

        location / {
                #return 301 https://$host$request_uri;
                #return 301 https://ex-01.esuria.local/owa;
                #return 301 https://10.10.11.11/owa;
                return 301 https://mail.example.com/owa;
        }

        location ~* ^/owa {
                proxy_pass      https://EX-01.example.com;
        }

        location ~* ^/Microsoft-Server-ActiveSync {
                proxy_pass      https://EX-01.example.com;
        }

        location ~* ^/rpc {
                proxy_pass      https://EX-01.example.com;
        }

        location ~* ^/ews {
                proxy_pass      https://EX-01.example.com;
        }

        location ~* ^/autodiscover {
                proxy_pass      https://EX-01.example.com;
        }

        access_log      /usr/local/nginx/logs/mail.access.log   main;
        error_log       /usr/local/nginx/logs/mail.error.log;
    }
}

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,281555,281555#msg-281555



More information about the nginx mailing list