Folgende Pakete müssen auf einem Ubuntu 16.04 LTS installiert werden:
apt install nginx nginx-extras
Die Konfiguration wird abgelegt unter /etc/nginx/conf.d/exchange.conf
Folgende Dinge müssen angepasst werden:
- DNS Name unter dem OWA etc. erreichbar sein soll z.B. mail.example.org
- Autodiscover DNS Name z.B. autodiscover.example.org
- Interner Exchange Server z.B. exchange-server.example.internal
server {
listen 80;
server_name mail.example.org autodiscover.example.org;
return 301 https://$host$request_uri;
}
server {
tcp_nodelay on;
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/star.example.org.pem;
ssl_certificate_key /etc/ssl/private/star.example.org.key;
ssl_session_timeout 5m;
server_name mail.example.org;
location / {
return 301 https://mail.example.org/owa;
}
proxy_http_version 1.1;
proxy_read_timeout 360;
proxy_pass_header Date;
proxy_pass_header Server;
proxy_pass_header Authorization;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
more_set_input_headers 'Authorization: $http_authorization';
proxy_set_header Accept-Encoding "";
more_set_headers -s 401 'WWW-Authenticate: Basic realm="exchange-server.example.internal"';
# proxy_request_buffering off;
proxy_buffering off;
proxy_set_header Connection "Keep-Alive";
location ~* ^/owa { proxy_pass https://exchange-server.example.internal; }
location ~* ^/Microsoft-Server-ActiveSync { proxy_pass https://exchange-server.example.internal; }
location ~* ^/ecp { proxy_pass https://exchange-server.example.internal; }
location ~* ^/rpc { proxy_pass https://exchange-server.example.internal; }
location ~* ^/autodiscover { proxy_pass https://exchange-server.example.internal; }
location ~* ^/oab { proxy_pass https://exchange-server.example.internal; }
error_log /var/log/nginx/exchange-rproxy-ssl-error.log;
access_log /var/log/nginx/exchange-rproxy-ssl-access.log;
}
Ob alles einwandfrei Funktioniert lässt sich über einen Webservice von Microsoft testen:
https://testconnectivity.microsoft.com/
Quellen:
- http://blog.adamjoshuasmith.com/deploying-exchange-2016-behind-nginx-free/
- https://gist.github.com/taddev/7275873
- https://blog.friedlandreas.net/2016/05/nginx-reverseproxy-fuer-mapi-over-http-eas-und-owa/
Viel Spaß 