Hi all,
I’ve tried to do some research on this already, but without much luck.
So
I’m hoping others may be able to assist.
I’m trying to use Nginx as a Reverse Proxy back to an Exchange 2007
environment.
- Nginx is terminating to HTTPS / SSL connection for the Client
- Nginx is then proxying to the Exchange environment over HTTP
As other have found, this appears to be working find for all Exchange
Services, with the exception of ‘Outlook Anywhere’, which is also known
as
Outlook RCP/HTTP(S).
To better define the problem, an Exchange Client Access Server hosts the
following Virtual Directories (or services) is IIS7:
/Autodiscover - For devices to automatically configure their
connection
setting
/owa - “Outlook Web Access” - Basically webmail
/OAB - “Offline Address Book” - Where clients can download
copies off the offline address book
/EWS - “Exchange Web Services” - Good question as to what
this
is!
/Public - “Public Folders” - Conenction point for Public
Folder
access
/Microsoft-Server-ActiveSync - Used with devices for ActiveSync
/Rpc - “Outlook Anywhere” - Outlook connecting using
RPC/HTTP(S) - This is the problematic one.
(plus a few legacy and admin services)
So, I have everything working through Nginx, with the exception
RPC/HTTP(S).
Initially I was seeing this error:
10.110.2.15 - username [27/Feb/2013:17:24:31 +0000] “RPC_IN_DATA
/rpc/rpcproxy.dll?EX-SERVER-2008.servers.null.org:6002 HTTP/1.1” 413 198
“-”
“MSRPC” “-”
After a bit of reading, this was resolved with the following directive:
http {
client_max_body_size 0;
}
(Yes, I know 0=unlimited and that may not be appropriate, but I’m still
testing!)
So now all that I’m left with is trying to resolve this error:
10.110.2.15 - username [28/Feb/2013:07:39:27 +0000] “RPC_OUT_DATA
/rpc/rpcproxy.dll?EX-SERVER-2008.servers.null.or:6004 HTTP/1.1” 405 172
“-”
“MSRPC” “-”
10.110.2.15 - username [28/Feb/2013:07:39:27 +0000] “RPC_IN_DATA
/rpc/rpcproxy.dll?EX-SERVER-2008.servers.null.org:6004 HTTP/1.1” 405 172
“-”
“MSRPC” “-”
With my very limited knowledge Error 405 is “Method Not Allowed”.
I’ve seen various solutions which suggest changing the ‘error_page 405’
directive to different things. Such as:
location / {
error_page 405 = @app;
try_files $uri @app;
}
location @app {
proxy_pass http://app_servers;
}
But these don’t seem to solve the issue.
So my questions are:
- How can I allow this Method, if that is the issue?
- If what I’m doing is fundamentally not possible, please just let me
know!
For Reference:
I’m running Nginx v1.2.7 from the nginx Repo on Centos 6.3
My main Nginx Config looks like this (Some of the names and IPs have
been
changed to protect the innocent):
upstream exchange_all {
ip_hash;
server 10.1.1.1 max_fails=1 fail_timeout=10s;
server 10.1.1.2 max_fails=1 fail_timeout=10s;
Do NOT Remove - this is needed for auth to work
keepalive 32;
}
server {
listen 10.2.1.1;
return 301 https://webmail.null.com$request_uri;
}
server {
listen 10.2.1.1:443 ;
ssl on;
ssl_certificate /etc/ssl/webmail.aeltc.com.crt;
ssl_certificate_key /etc/ssl/ae-lb02-key.pem;
ssl_session_cache shared:SSL:60m;
ssl_session_timeout 60m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
proxy_redirect off;
proxy_buffering off;
proxy_read_timeout 3600;
proxy_pass_header Date;
proxy_pass_header Server;
proxy_set_header Connection “”;
proxy_set_header Accept-Encoding “”;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto off;
add_header Front-End-Https on;
proxy_http_version 1.1;
location ~*/Autodiscover {
proxy_pass http://exchange_all;
}
location ~*/owa {
proxy_pass http://exchange_all;
}
location ~*/OAB {
proxy_pass http://exchange_all;
}
location ~*/rpc/ {
location ~*/rpc/rpcproxy.dll? {
proxy_pass http://exchange_all;
}
location ~*/EWS {
proxy_pass http://exchange_all;
}
location ~*/Public {
proxy_pass http://exchange_all;
}
location ~*/Microsoft-Server-ActiveSync {
proxy_pass http://exchange_all;
}
location ~*/$ {
return 301 https://webmail.null.com/owa;
}
}
Posted at Nginx Forum: