Has anyone got MS RPC over HTTPS working with Nginx proxying? Trying to
use Nginx as a reverse proxy for Exchange 2007 with Outlook Anywhere. No
proxy servers seem to be able to deal with MS_RPC so thought I would try
my luck with Nginx but without much success!
Also any word on when/if the proxy module might support HTTP1.1
keep-alives to the backend?
Thanks!
Posted at Nginx Forum:
Hello!
On Mon, Jun 29, 2009 at 03:06:11AM -0400, Linden wrote:
Has anyone got MS RPC over HTTPS working with Nginx proxying? Trying to use Nginx as a reverse proxy for Exchange 2007 with Outlook Anywhere. No proxy servers seem to be able to deal with MS_RPC so thought I would try my luck with Nginx but without much success!
No idea.
Also any word on when/if the proxy module might support HTTP1.1 keep-alives to the backend?
I have some preliminary code on hand, but it’s not yet complete.
Maxim D.
Thanks for the response - just to be clear I have got outlook web access
(OWA) working fine with nginx except for the ‘Outlook Anywhere’
functionality (was called RPC over HTTP(s)).
I think this is all related to the fact that the methods used
(RPC_IN_DATA and RPC_OUT_DATA) create an artificially large
content-length (1GB on the RPC_IN_DATA) to keep the connection open.
Because nginx proxy tries to pre-fetch this (which will not complete)
the end users’ connection just times out. I have tried turning various
buffering switches off but it still is not working. There is a really
good explanation of the problem I have on an apache bug which has been
re-opened (see
http://209.85.229.132/search?q=cache:ejPagX7DOF8J:issues.apache.org/bugzilla/show_bug.cgi%3Fid%3D40029+rpc_in_data+“1073741824+bytes”&hl=en&gl=uk&strip=1)
so nginx is not alone.
I don;t understand if this is something that will never work in
nginx/reverse proxies or if it is just down to configuration. I would be
really interested to know if anyone has got RPC over HTTPS working
through nginx. My debug log just shows the connection timing out while
it is waiting for 1GB of data that it wont get!
cates.
Posted at Nginx Forum:
Did you ever get this working? I believe Apache and squid can both do
this so I am not sure why nginx couldn’t.
Has anyone got RPC over HTTPS working with nginx as a reverse proxy??
Regs,
Cates.
Posted at Nginx Forum:
2009/9/30 cates [email protected]:
Did you ever get this working? I believe Apache and squid can both do this so I am not sure why nginx couldn’t.
Has anyone got RPC over HTTPS working with nginx as a reverse proxy??
What do you mean by RPC?
Sure GET, PUT, POST RESTful requests work as does SOAP.
Or, do you have the Microsoft RPC/port wrapping in mind which has to
be set up with Exchange e.g. for Outlook Web Access (OWA)? The latter
even does not work with Apache (for a workaround see [1]).
–
Mark
[1] Ossdl - Blog
Maxim
I was wondering if you are done (almost) with the HTTP1.1 Keepalive
support for proxy.
I am anxiously waiting for the feature.
Thank you.
EDIT: I get the log on window but cannot proceed.
Posted at Nginx Forum:
Hi,
I am currently trying to set up Nginx 0.6.35 (on Ubuntu 9.04) to listen
to OWA of some Exchange 2003 server. My config is as follows:
user www-data;
worker_processes 2;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
#default_type application/octet-stream;
default_type text/plain;
access_log /var/log/nginx/access.log;
#sendfile on;
tcp_nopush off;
#keepalive_timeout 0;
keepalive_timeout 65;
tcp_nodelay on;
#msie_padding on;
#msie_refresh off;
#server_name_in_redirect off;
#server_names_hash_max_size 512;
#server_names_hash_bucket_size 64;
gzip off;
#gzip_http_version 1.1;
#gzip_vary on;
#gzip_comp_level 6;
#gzip_proxied any;
#gzip_types text/plain text/html text/css application/json
application/x-javascript text/xml application/xml application/xml+rss
text/javascript;
#gzip_buffers 16 8k;
#gzip_disable “MSIE [1-6].(?!.*SV1)”;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#https-proxy config file
server {
listen 443;
server_name 192.168.10.157;
ssl on;
ssl_certificate /etc/ssl/certs/myssl.crt;
ssl_certificate_key /etc/ssl/private/myssl.key;
ssl_session_timeout 5m;
proxy_read_timeout 360;
proxy_connect_timeout 360;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
location /exchange { proxy_pass https://sbs/exchange; }
location /exchweb { proxy_pass https://sb/exchweb; }
location /public { proxy_pass https://sbs/public; }
https://sbs/Microsoft-Server-ActiveSync; }
}
However I cannot log on to OWA. Firefox 3.5.3 complains about some
codepage error, MSIE 8 gives a gateway error message, Opera 10 delivers
cryptic characters, Safari/Win32 says it could not decode the raw data.
@cates: Can you please review my config and suggest what I am doing
wrong?
CU,
Mészi.
Posted at Nginx Forum:
Hi Meszi,
I think the only thing that looks wrong is the server name although I am
not sure why that would give you the errors you are getting.
Mine is set to server_name mail.company.com;.
Other than that the config looks similar.
Cates
Posted at Nginx Forum:
Hi Meszi,
I use the same SSL cert on both machines - you can install the same cert
on the Ubuntu server and the SBS server.
Or you could use the SSL offloading setup where you have SSL up to the
Ubuntu server and then HTTP on the internal communication (search google
for front-end-https on).
With regard to RAM and CPU consumption, nginx uses very little anyway so
concentrate on disabling unused services on the Ubuntu server rather
than tweaking nginx - leave it running at init level 3 without full X
server etc., and disable any unused services. Or get yourself a new
server from the 21st century!!
Regs,
Cates.
Posted at Nginx Forum:
Another question: Would you turn GZIP on or off? I read about problems
with older versions of MSIE but nobody should be concerned about this
anymore, I think. So I could turn it on, right?
And: Any suggestions to tweak Nginx in relation to less CPU and RAM
consumption? The machine it runs on is a rather old one: PIII500, 768 MB
RAM.
CU,
Mészi.
Posted at Nginx Forum:
Thank you. Could not yet test if changing the server_name helps. I would
be glad if it did. But on Monday I’ll be back @ work. I keep you posted
about my success.
Another question: Do the SSL certificates have to be the same on the
Nginx and the SBS/Exchange machine? Or can they be different? That was
my idea up to now. :-/
Thanks very much,
Mészi.
Posted at Nginx Forum:
Ok, I guess I’ll keep SSL turned on on the SBS. I want to use Nginx on
the gateway to serve the internal SBS externally but without exposing
its IIS to the internet. The SBS shall serve internally using SSL - so
the traffic is encrypted in-house also.
I will try with both, with different SSL certs and the same. Let’s see
if the setup requires the same SSL certs on both machines.
Regarding the CPU consumption: At the moment even the 500MHz machine
“idles around”. X is turned off and just a few other services are
running: SMTP to receive email from outside, a FTP proxy service and
SSH. And Nginx. That’s it.
Thanks very much for your help up to now. 
CU,
Mészi.
Posted at Nginx Forum:
Sorry, I wasn’t lucky. I opened a separate topic for my problem:
Posted at Nginx Forum:
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs