RPC over HTTPS

Has anyone got MS RPC over HTTPS working with Nginx proxying? Trying to
use Nginx as a reverse proxy for Exchange 2007 with Outlook Anywhere. No
proxy servers seem to be able to deal with MS_RPC so thought I would try
my luck with Nginx but without much success!

Also any word on when/if the proxy module might support HTTP1.1
keep-alives to the backend?

Thanks!

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,3511,3511#msg-3511

Hello!

On Mon, Jun 29, 2009 at 03:06:11AM -0400, Linden wrote:

Has anyone got MS RPC over HTTPS working with Nginx proxying? Trying to use Nginx as a reverse proxy for Exchange 2007 with Outlook Anywhere. No proxy servers seem to be able to deal with MS_RPC so thought I would try my luck with Nginx but without much success!

No idea.

Also any word on when/if the proxy module might support HTTP1.1 keep-alives to the backend?

I have some preliminary code on hand, but it’s not yet complete.

Maxim D.

Thanks for the response - just to be clear I have got outlook web access
(OWA) working fine with nginx except for the ‘Outlook Anywhere’
functionality (was called RPC over HTTP(s)).

I think this is all related to the fact that the methods used
(RPC_IN_DATA and RPC_OUT_DATA) create an artificially large
content-length (1GB on the RPC_IN_DATA) to keep the connection open.
Because nginx proxy tries to pre-fetch this (which will not complete)
the end users’ connection just times out. I have tried turning various
buffering switches off but it still is not working. There is a really
good explanation of the problem I have on an apache bug which has been
re-opened (see
http://209.85.229.132/search?q=cache:ejPagX7DOF8J:issues.apache.org/bugzilla/show_bug.cgi%3Fid%3D40029+rpc_in_data+“1073741824+bytes”&hl=en&gl=uk&strip=1)
so nginx is not alone.

I don;t understand if this is something that will never work in
nginx/reverse proxies or if it is just down to configuration. I would be
really interested to know if anyone has got RPC over HTTPS working
through nginx. My debug log just shows the connection timing out while
it is waiting for 1GB of data that it wont get!

cates.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,3511,10195#msg-10195

Did you ever get this working? I believe Apache and squid can both do
this so I am not sure why nginx couldn’t.

Has anyone got RPC over HTTPS working with nginx as a reverse proxy??

Regs,
Cates.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,3511,10155#msg-10155

2009/9/30 cates [email protected]:

Did you ever get this working? I believe Apache and squid can both do this so I am not sure why nginx couldn’t.

Has anyone got RPC over HTTPS working with nginx as a reverse proxy??

What do you mean by RPC?

Sure GET, PUT, POST RESTful requests work as does SOAP.
Or, do you have the Microsoft RPC/port wrapping in mind which has to
be set up with Exchange e.g. for Outlook Web Access (OWA)? The latter
even does not work with Apache (for a workaround see [1]).


Mark
http://mark.ossdl.de/

[1] http://mark.ossdl.de/2009/01/iis-reverse-proxy-for-apache/

Maxim

I was wondering if you are done (almost) with the HTTP1.1 Keepalive
support for proxy.
I am anxiously waiting for the feature.

Thank you.

EDIT: I get the log on window but cannot proceed.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,3511,13654#msg-13654

Hi,

I am currently trying to set up Nginx 0.6.35 (on Ubuntu 9.04) to listen
to OWA of some Exchange 2003 server. My config is as follows:


nginx.conf

user www-data;
worker_processes 2;

error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
#default_type application/octet-stream;
default_type text/plain;

access_log  /var/log/nginx/access.log;

#sendfile        on;
tcp_nopush     off;

#keepalive_timeout  0;
keepalive_timeout  65;
tcp_nodelay        on;

#msie_padding on;
#msie_refresh off;
#server_name_in_redirect off;
#server_names_hash_max_size 512;
#server_names_hash_bucket_size 64;

gzip  off;
#gzip_http_version 1.1;
#gzip_vary on;
#gzip_comp_level 6;
#gzip_proxied any;
#gzip_types text/plain text/html text/css application/json 

application/x-javascript text/xml application/xml application/xml+rss
text/javascript;
#gzip_buffers 16 8k;
#gzip_disable “MSIE [1-6].(?!.*SV1)”;

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

}


#https-proxy config file
server {
listen 443;
server_name 192.168.10.157;

rewrite ^/$ https://192.168.10.157/exchange permanent;

    ssl  on;
    ssl_certificate  /etc/ssl/certs/myssl.crt;
    ssl_certificate_key  /etc/ssl/private/myssl.key;
    ssl_session_timeout  5m;

    proxy_read_timeout      360;
   proxy_connect_timeout   360;
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For 

$proxy_add_x_forwarded_for;

proxy_redirect off;

proxy_buffering off;

proxy_max_temp_file_size 0;

    location /exchange { proxy_pass https://sbs/exchange; }
    location /exchweb  { proxy_pass https://sb/exchweb; }
    location /public   { proxy_pass https://sbs/public; }

location /Microsoft-Server-ActiveSync { proxy_pass

https://sbs/Microsoft-Server-ActiveSync; }

}


However I cannot log on to OWA. Firefox 3.5.3 complains about some
codepage error, MSIE 8 gives a gateway error message, Opera 10 delivers
cryptic characters, Safari/Win32 says it could not decode the raw data.

@cates: Can you please review my config and suggest what I am doing
wrong?

CU,
Mészi.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,3511,13653#msg-13653

Hi Meszi,

I think the only thing that looks wrong is the server name although I am
not sure why that would give you the errors you are getting.
Mine is set to server_name mail.company.com;.

Other than that the config looks similar.

Cates

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,3511,13869#msg-13869

Hi Meszi,

I use the same SSL cert on both machines - you can install the same cert
on the Ubuntu server and the SBS server.
Or you could use the SSL offloading setup where you have SSL up to the
Ubuntu server and then HTTP on the internal communication (search google
for front-end-https on).

With regard to RAM and CPU consumption, nginx uses very little anyway so
concentrate on disabling unused services on the Ubuntu server rather
than tweaking nginx - leave it running at init level 3 without full X
server etc., and disable any unused services. Or get yourself a new
server from the 21st century!!

Regs,
Cates.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,3511,14107#msg-14107

Another question: Would you turn GZIP on or off? I read about problems
with older versions of MSIE but nobody should be concerned about this
anymore, I think. So I could turn it on, right?

And: Any suggestions to tweak Nginx in relation to less CPU and RAM
consumption? The machine it runs on is a rather old one: PIII500, 768 MB
RAM.

CU,
Mészi.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,3511,14099#msg-14099

Thank you. Could not yet test if changing the server_name helps. I would
be glad if it did. But on Monday I’ll be back @ work. I keep you posted
about my success.

Another question: Do the SSL certificates have to be the same on the
Nginx and the SBS/Exchange machine? Or can they be different? That was
my idea up to now. :-/

Thanks very much,
Mészi.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,3511,14097#msg-14097

Ok, I guess I’ll keep SSL turned on on the SBS. I want to use Nginx on
the gateway to serve the internal SBS externally but without exposing
its IIS to the internet. The SBS shall serve internally using SSL - so
the traffic is encrypted in-house also.

I will try with both, with different SSL certs and the same. Let’s see
if the setup requires the same SSL certs on both machines.

Regarding the CPU consumption: At the moment even the 500MHz machine
“idles around”. X is turned off and just a few other services are
running: SMTP to receive email from outside, a FTP proxy service and
SSH. And Nginx. That’s it.

Thanks very much for your help up to now. :slight_smile:

CU,
Mészi.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,3511,14505#msg-14505

Sorry, I wasn’t lucky. I opened a separate topic for my problem:
http://forum.nginx.org/read.php?2,14903

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,3511,14904#msg-14904

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs