Hi,
I try to configure Nginx as reverse proxy for Exchange ActiveSync with certificate authentication.
Owa and other services work perfectly. In addition, if I use password authentication for Exchange ActiveSync, it also works.
But if I try to use certificate authentication on Exchange, Nginx doesn't work.
Usually I get the error:
2014/11/25 14:33:33 [error] 14524#0: *37 upstream prematurely closed connection while reading response header from upstream, client: 145.45.218.140, server: mail.domen.ru, request: "OPTIONS /Microsoft-Server-ActiveSync HTTP/1.1", upstream: "https://172.16.11.14:443/Microsoft-Server-ActiveSync", host: "mail.dome.ru"
I use config like this:
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/nginx/mail.dome.ru.crt;
ssl_certificate_key /etc/ssl/nginx/mail.dome.ru.open.key;
ssl_session_timeout 5m;
server_name mail.dome.ru;
location / {
return 301 https://mail.dome.ru/owa;
}
proxy_read_timeout 360;
proxy_pass_header Date;
proxy_pass_header Server;
#proxy_pass_header Authorization;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location ~* ^/owa { proxy_pass https://exch1.test.local; }
location ~* ^/Microsoft-Server-ActiveSync { proxy_pass https://exch1.test.local; }
location ~* ^/ecp { proxy_pass https://exch1.test.local; }
location ~* ^/rpc { proxy_pass https://exch1.test.local; }
error_log /var/log/nginx/owa-ssl-error.log;
access_log /var/log/nginx/owa-ssl-access.log;
I try to configure Nginx as reverse proxy for Exchange ActiveSync with certificate authentication.
Owa and other services work perfectly. In addition, if I use password authentication for Exchange ActiveSync, it also works.
But if I try to use certificate authentication on Exchange, Nginx doesn't work.
Usually I get the error:
2014/11/25 14:33:33 [error] 14524#0: *37 upstream prematurely closed connection while reading response header from upstream, client: 145.45.218.140, server: mail.domen.ru, request: "OPTIONS /Microsoft-Server-ActiveSync HTTP/1.1", upstream: "https://172.16.11.14:443/Microsoft-Server-ActiveSync", host: "mail.dome.ru"
I use config like this:
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/nginx/mail.dome.ru.crt;
ssl_certificate_key /etc/ssl/nginx/mail.dome.ru.open.key;
ssl_session_timeout 5m;
server_name mail.dome.ru;
location / {
return 301 https://mail.dome.ru/owa;
}
proxy_read_timeout 360;
proxy_pass_header Date;
proxy_pass_header Server;
#proxy_pass_header Authorization;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location ~* ^/owa { proxy_pass https://exch1.test.local; }
location ~* ^/Microsoft-Server-ActiveSync { proxy_pass https://exch1.test.local; }
location ~* ^/ecp { proxy_pass https://exch1.test.local; }
location ~* ^/rpc { proxy_pass https://exch1.test.local; }
error_log /var/log/nginx/owa-ssl-error.log;
access_log /var/log/nginx/owa-ssl-access.log;