 Linux/Apache front end to Exchange 2007 |
 The DNS Guys |
Anycast DNS 25 Nameservers Worldwide |
DNS Failover Host Monitoring & Auto Rollback |
Outbound SMTP Smart Relay, SASL |
| Subversion Hosting OpenID Servers & XMPP |
DNSSEC TSIG & Secondary DNS |
easyRoute53 Amazon Route53 GUI |
  |
| Linux/Apache front end to Exchange 2007 |
  Apr 10 2012, 03:10 PM
Post
#1
|
|
|
Whats this Lie-nix Thing?  Group: Members Posts: 1 Joined: 10-April 12 Member No.: 17,530  |
Using Apache (on Fedora 16) as a front end (reverse proxy) to Exchange 2007 and a config that worked on Fedora 8 I get an SSL error because Apache doesn't trust the self-signed cert from Exchange.
If I change the reverse proxy to not use SSL between Apache and Exchange I get farther but every page comes back in the browser address bar missing "https://". If I manually place it in front of the returned address I can get the pages until the one after the login. Both of these issues were the same when previously trying Fedora 14. What I am looking for is: 1) How to import (I can export from Exchange) the self-signed certificate so that it doesn't conflict with Apache's self-signed certificate for the WAN side. 2) Instead. Get the returned addresses to the browsers to be properly formatted. I would prefer #1 as it keeps a tighter network but am also not sure if #2 still won't be necessary once past #1. Thanks. ===== The config I am Using ===== I had to space separate the http from the :// to get the forum code to allow me to post this. CODE ProxyReceiveBufferSize 1024 #Exchange <VirtualHost *:443> # DocumentRoot /var/www/html/ RequestHeader set Front-End-Https "On" RewriteEngine On SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key SSLEngine On SSLProxyEngine On SSLProxyVerify Optional SetEnv HTTPS_PORT 443 ExpiresActive On ExpiresDefault "access plus 300 seconds" # UserDir /var/www/html/ <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPreserveHost On ProxyBadHeader StartBody ProxyVia On #OWA % character in email subject fix # RewriteMap percentsubject int:escape # RewriteCond $1 ^/owa/.*\%.*$ # RewriteRule (/owa/.*) ${percentsubject:$1} [P] RewriteRule ^/owa$ owa/ [R] <Location /owa> ProxyPass http ://exchange/owa ProxyPassReverse http ://exchange/owa SSLRequireSSL # Rewrite the WWW-Authenticate header to strip out Windows Integrated # Authentication (NTLM) and only use Basic-Auth SetEnvIf User-Agent ".*MSIE.*" value SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE Header Always Unset WWW-Authenticate Header Always Add WWW-Authenticate "Basic realm=public" </Location> <Location /OAB> ProxyPass http ://exchange/OAB ProxyPassReverse http ://exchange/OAB SSLRequireSSL # Rewrite the WWW-Authenticate header to strip out Windows Integrated # Authentication (NTLM) and only use Basic-Auth SetEnvIf User-Agent ".*MSIE.*" value SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE Header Always Unset WWW-Authenticate Header Always Add WWW-Authenticate "Basic realm=public" </Location> <Location /rpc> ProxyPass http ://exchange/rpc ProxyPassReverse http ://exchange/rpc SSLRequireSSL # Rewrite the WWW-Authenticate header to strip out Windows Integrated # Authentication (NTLM) and only use Basic-Auth SetEnvIf User-Agent ".*MSIE.*" value SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE Header Always Unset WWW-Authenticate Header Always Add WWW-Authenticate "Basic realm=public" </Location> <Location /ecp> ProxyPass http ://exchange/ecp ProxyPassReverse http ://exchange/ecp SSLRequireSSL # Rewrite the WWW-Authenticate header to strip out Windows Integrated # Authentication (NTLM) and only use Basic-Auth SetEnvIf User-Agent ".*MSIE.*" value SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE Header Always Unset WWW-Authenticate Header Always Add WWW-Authenticate "Basic realm=public" </Location> <Location /RpcWithCert> ProxyPass http ://exchange/RpcWithCert ProxyPassReverse http ://exchange/RpcWithCert SSLRequireSSL # Rewrite the WWW-Authenticate header to strip out Windows Integrated # Authentication (NTLM) and only use Basic-Auth SetEnvIf User-Agent ".*MSIE.*" value SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE Header Always Unset WWW-Authenticate Header Always Add WWW-Authenticate "Basic realm=public" </Location> # Enables Windows Mobile ActiveSync <Location /Microsoft-Server-ActiveSync> ProxyPass http ://exchange/Microsoft-Server-ActiveSync ProxyPassReverse http ://exchange/Microsoft-Server-ActiveSync SSLRequireSSL # Rewrite the WWW-Authenticate header to strip out Windows Integrated # Authentication (NTLM) and only use Basic-Auth SetEnvIf User-Agent ".*MSIE.*" value SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE Header Always Unset WWW-Authenticate Header Always Add WWW-Authenticate "Basic realm=public" </Location> </VirtualHost> #/Exchange |
 |
 
|
|
|
Lo-Fi Version | Time is now: 19th June 2013 - 07:11 AM |
