Posts Tagged “apache”

ESXi: Take One

March 10th, 2009 - Posted by: Len in General, Technology, tags: , , ,

Took my first kick at setting up VMWare ESXi 3.5 U3 tonight.  Result: Fail.  ESXi wouldn’t recognize the IDE hard drive on my ASUS A8N-SLI Premium motherboard.  Some information online shows ESXi will recognize the IDE drive if I enable RAID mode on the motherboard or if I use a SATA drive instead.  Sooooo might have to buy a 500GB SATA drive from Memory Express – my new personal vendor of choice.  Oh well, can’t really go wrong with another 1/2 terabyte of storage to play with.  The plan is run SATA RAID-1 so I’d be buying two 500gb drives anyways.

Following up to an older blog post, getting Outlook Anywhere (RPC over HTTP) to reverse-proxy with a half-recent version of Apache is pretty damn impossible.  It’s also pretty hard getting an older version of Apache 2.0.x to build cleanly on modern Linux but it’s a good learning experience.

Fun stuff, honest!

Comments No Comments »

Apache as a reverse proxy to Exchange 2007 Outlook Web Access

October 16th, 2008 - Posted by: Len in General, Technology, tags: , ,

In many environments, putting an Exchange 2007 front-end server directly on the Internet is not a desired configuration – either because of technical limitations or security concerns.  One solution is to have an Apache HTTP server on the network perimeter to act as a reverse proxy to an internally located Exchange 2007 server.  The following example is an Apache configuration to:

  • Redirect browsers from http://webmail.domain.com/ to the secure https://webmail.domain.com/
  • Redirect from the root of https://webmail.domain.com to https://webmail.domain.com/exchange – you may wish to redirect to /owa if you use a pure Exchange 2007 environment.
  • Any requests to the https://webmail.domain.com/* will be dynamically tunneled through Apache’s reverse proxy to the internal Exchange system and served back to the client.

The main advantage of the below configuration is that using the ReWriteRule directive with the [P] parameter (Proxy), we can avoid having many individual ProxyPass and ProxyPassReverse directives for each of the Exchange 2007 virtual directories.  Nice, clean, simple.

ProxyRequests Off
<VirtualHost webmail.domain.com:80>
  ServerAdmin hostmaster@domain.com
  ServerName webmail.domain.com
  #ErrorLog /var/log/apache2/webmail.domain.com-error_log
  #CustomLog /var/log/apache2/webmail.domain.com-access_log combined

  ProxyPreserveHost On
  RewriteEngine on
  # Redirect http traffic to https
  RewriteRule ^/(.*)$         https://webmail.domain.com/$1 [L,R]
</VirtualHost>

<VirtualHost webmail.domain.com:443>
  ServerAdmin hostmaster@domain.com
  ServerName webmail.domain.com:443
  #ErrorLog /var/log/apache2/webmail.domain.com-ssl_error_log
  #TransferLog /var/log/apache2/webmail.domain.com-ssl_access_log
  #CustomLog /var/log/apache2/webmail.domain.com-ssl_request_log ssl_combined

  SSLEngine on
  SSLProxyEngine On
  RequestHeader set Front-End-Https "On"
  ProxyPreserveHost On
  RewriteEngine on
  CacheDisable *

  # Rewrite the WWW-Authenticate header to strip out Windows Integrated
  # Authentication (NTLM) and only use Basic-Auth
  SetEnvIf User-Agent ".*MSIE.*" value BrowserMSIE
  Header unset WWW-Authenticate
  Header add WWW-Authenticate "Basic realm=webmail.domain.com"  

  # Redirect / to /exchange
  RewriteRule ^/$             https://webmail.domain.com/exchange/ [R]

  # Reverse proxy all requests to the internal Exchange 2007 server
  RewriteRule ^/(.*)          https://exchange.domain.internal/$1 [P]

  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:RC4-MD5:+HIGH:+MEDIUM:+SSLv3:+SSLv2
  SSLCertificateFile /etc/apache2/ssl.crt/webmail.domain.com.crt
  SSLCertificateKeyFile /etc/apache2/ssl.key/webmail.domain.com.key

  SetEnvIf User-Agent ".*MSIE.*"    \
  nokeepalive ssl-unclean-shutdown  \
  downgrade-1.0 force-response-1.0
</VirtualHost>

Comments 34 Comments »