Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



The DNS Guys

25 Nameservers Worldwide

Host Monitoring & Auto Rollback

Smart Relay, SASL

OpenID Servers & XMPP

TSIG & Secondary DNS

Amazon Route53 GUI
 
Reply to this topicStart new topic
> Linux/Apache front end to Exchange 2007
RogerV
post Apr 10 2012, 03:10 PM
Post #1


Whats this Lie-nix Thing?
*

Group: Members
Posts: 1
Joined: 10-April 12
Member No.: 17,530



Using Apache (on Fedora 16) as a front end (reverse proxy) to Exchange 2007 and a config that worked on Fedora 8 I get an SSL error because Apache doesn't trust the self-signed cert from Exchange.

If I change the reverse proxy to not use SSL between Apache and Exchange I get farther but every page comes back in the browser address bar missing "https://". If I manually place it in front of the returned address I can get the pages until the one after the login.

Both of these issues were the same when previously trying Fedora 14.

What I am looking for is:

1) How to import (I can export from Exchange) the self-signed certificate so that it doesn't conflict with Apache's self-signed certificate for the WAN side.

2) Instead. Get the returned addresses to the browsers to be properly formatted.

I would prefer #1 as it keeps a tighter network but am also not sure if #2 still won't be necessary once past #1.

Thanks.

===== The config I am Using =====
I had to space separate the http from the :// to get the forum code to allow me to post this.

CODE

ProxyReceiveBufferSize 1024


#Exchange

<VirtualHost *:443>
# DocumentRoot /var/www/html/

RequestHeader set Front-End-Https "On"

RewriteEngine On

SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

SSLEngine On
SSLProxyEngine On
SSLProxyVerify Optional

SetEnv HTTPS_PORT 443

ExpiresActive On
ExpiresDefault "access plus 300 seconds"

# UserDir /var/www/html/

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPreserveHost On
ProxyBadHeader StartBody
ProxyVia On

#OWA % character in email subject fix
# RewriteMap percentsubject int:escape
# RewriteCond $1 ^/owa/.*\%.*$
# RewriteRule (/owa/.*) ${percentsubject:$1} [P]

RewriteRule ^/owa$ owa/ [R]

<Location /owa>
ProxyPass http ://exchange/owa
ProxyPassReverse http ://exchange/owa
SSLRequireSSL

# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=public"
</Location>

<Location /OAB>
ProxyPass http ://exchange/OAB
ProxyPassReverse http ://exchange/OAB
SSLRequireSSL

# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=public"
</Location>

<Location /rpc>
ProxyPass http ://exchange/rpc
ProxyPassReverse http ://exchange/rpc
SSLRequireSSL

# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=public"
</Location>

<Location /ecp>
ProxyPass http ://exchange/ecp
ProxyPassReverse http ://exchange/ecp
SSLRequireSSL

# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=public"
</Location>

<Location /RpcWithCert>
ProxyPass http ://exchange/RpcWithCert
ProxyPassReverse http ://exchange/RpcWithCert
SSLRequireSSL

# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=public"
</Location>

# Enables Windows Mobile ActiveSync
<Location /Microsoft-Server-ActiveSync>
ProxyPass http ://exchange/Microsoft-Server-ActiveSync
ProxyPassReverse http ://exchange/Microsoft-Server-ActiveSync
SSLRequireSSL

# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=public"
</Location>

</VirtualHost>
#/Exchange
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 30th July 2014 - 02:12 PM