Can't access OWA, OA and ActiveSync

alisampras nginx-forum at
Tue Oct 9 03:58:38 UTC 2018

Hi All,

Business Objective
Outside users (users travelling) should be able to access their email
through NGINX and it should redirect the connection to my Internal Exchange
server for authentication and access:
1. OWA
2. Outlook Anyway
3. ActiveSync

My environment info:
Client email access through External Proxy server is, IP 
External DNS A record for point to IP

Internal Exchange server is with internal IP
Internal DNS A record for point to

So, if you noticed, all the outside user's email client will look for with external IP

>From outside my office, i used my laptop to test.

1. Open browser,
Authentication is pop up and i entered my credentials but it keep failing.

2. Outlook Anywhere got the pop up for authentication but it still keep
failing too.

Remark: Remember i entered in my browse will point to my
external ip

Hope ny looking at my below nginx config file, the NGINX or the Exchange
expert can spot my mistake.

Below is my NGINX config:
worker_processes  1;

events {
    worker_connections  1024;

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request"
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;

        location / {
            root   html;
            index  index.html index.htm;

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;

        access_log  logs/www.access.log  main;
        error_log  logs/www.error.log;

    # HTTPS server
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }

    server {
        listen 443 ssl;

        ssl_certificate /etc/ssl/certs/;
        ssl_certificate_key     /etc/ssl/private/;
        ssl_session_timeout     5m;

        client_max_body_size    3G;
        tcp_nodelay     on;

        proxy_request_buffering off;
        proxy_http_version      1.1;
        proxy_read_timeout      360;
        proxy_pass_header       Date;
        proxy_pass_header       Server;
        proxy_pass_header       Authorization;
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For 
        proxy_pass_request_headers      on;
        proxy_set_header        Accept-Encoding "";
        proxy_buffering off;
        proxy_set_header        Connection "Keep-Alive";

        location / {
                #return 301 https://$host$request_uri;
                #return 301 https://ex-01.esuria.local/owa;
                #return 301;
                return 301;

        location ~* ^/owa {

        location ~* ^/Microsoft-Server-ActiveSync {

        location ~* ^/rpc {

        location ~* ^/ews {

        location ~* ^/autodiscover {

        access_log      /usr/local/nginx/logs/mail.access.log   main;
        error_log       /usr/local/nginx/logs/mail.error.log;

Posted at Nginx Forum:,281555,281555#msg-281555

More information about the nginx mailing list