Wednesday, August 10, 2005

Aha! Reverse proxying OWA (Exchange's web access) and RPC-over-HTTP using Apache 2.

This blog is informative for those of us running Exchange 2003 servers. If you don't, feel free to ignore it.

I finally figured out a way to reverse proxy Exchange's Outlook Web Access (OWA) as well as the RPC-over-HTTP thing that Outlook and Exchange 2003 can do using Apache 2. Some of this came from http://3cx.org/item/46#rpcoverhttp, although that method had more stuff than I needed in my vhost. I've put what I think is the bare minimum here. You put this into a < VirtualHost > area.

Also, note, that your INTERNET facing DNS needs to think that this box resolves as the SAME NAME as the real exchange server. So, let's say you have a server, LEMON.domain.com, which is a real Exchange 2003 server, and BLUE.domain.com, which is an Apache 2 box. You'll setup the internet-facing DNS to resolve LEMON.domain.com to the same IP as BLUE.domain.com. Then, BLUE needs to resolve the REAL LEMON.domain.com correctly (either by having your own internal DNS (which you probably have) or using hosts entries and the like).

Ex:
Internet:
LEMON.domain.com. IN A 1.2.3.4 ; fake lemon, blue is the reverse proxy for lemon
BLUE.domain.com. IN A 1.2.3.4

Inside (or in hosts file on BLUE):
LEMON.domain.com. IN A 1.2.3.156 ; the REAL lemon

Then setup a VHOST with this inside:

SSLEngine on
SSLProxyEngine on

# Server Certificate:
SSLCertificateFile /path/to/public.key

# Server Private Key:
SSLCertificateKeyFile /path/to/private.key

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

ProxyPass /Public https://real.exchange.server/public
ProxyPassReverse /Public https://real.exchange.server/public
ProxyPass /public https://real.exchange.server/public
ProxyPassReverse /public https://real.exchange.server/public
ProxyPass /exchange https://real.exchange.server/exchange
ProxyPassReverse /exchange https://real.exchange.server/exchange
ProxyPass /Exchange https://real.exchange.server/exchange
ProxyPassReverse /Exchange https://real.exchange.server/exchange
ProxyPass /Exadmin https://real.exchange.server/exadmin
ProxyPassReverse /Exadmin https://real.exchange.server/exadmin
ProxyPass /exadmin https://real.exchange.server/exadmin
ProxyPassReverse /exadmin https://real.exchange.server/exadmin
ProxyPass /ExchWeb https://real.exchange.server/exchweb
ProxyPassReverse /ExchWeb https://real.exchange.server/exchweb
ProxyPass /exchweb https://real.exchange.server/exchweb
ProxyPassReverse /exchweb https://real.exchange.server/exchweb

# Note: we don't use ProxyPass for /rpc, as it doesn't seem to work right
RewriteEngine On
RewriteRule ^(.*)/rpc/(.*) https://real.exchange.server/rpc/$2 [P]

That's what I'm using at my work.
Posted by Chris Wiegand at 2:17 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)