LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 03-13-2012, 02:19 PM   #1
rvicker
Member
 
Registered: Jul 2005
Distribution: Fedora
Posts: 34

Rep: Reputation: 15
Question Linux/Apache front end to Exchange 2007


I've posted a couple of threads before and haven't gotten any real feedback.

Using Apache (on Fedora 16 now) as a front end (reverse proxy) to Exchange 2007 and a config that worked on Fedora 8 I get an SSL error because Apache doesn't trust the self-signed cert from Exchange.

If I change the reverse proxy to not use SSL between it and Exchange I get farther but every page comes back in the browser address bar missing "https://". If I manually place it in front of the returned address I can get the pages until the one after the login.

Both of these issues were the same when previously trying Fedora 14.

What I am looking for is:

1) How to import (I can export from Exchange) the self-signed certificate so that it doesn't conflict with Apache's self-signed certificate for the WAN side.

2) Instead. Get the returned addresses to the browsers to be properly formatted.

I would prefer #1 as it keeps a tighter network but am also not sure if #2 still won't be necessary once past #1.

Thanks.


ProxyReceiveBufferSize 1024


#Exchange

<VirtualHost *:443>
# DocumentRoot /var/www/html/

RequestHeader set Front-End-Https "On"

RewriteEngine On

SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

SSLEngine On
SSLProxyEngine On
SSLProxyVerify Optional

SetEnv HTTPS_PORT 443

ExpiresActive On
ExpiresDefault "access plus 300 seconds"

# UserDir /var/www/html/

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPreserveHost On
ProxyBadHeader StartBody
ProxyVia On

#OWA % character in email subject fix
# RewriteMap percentsubject int:escape
# RewriteCond $1 ^/owa/.*\%.*$
# RewriteRule (/owa/.*) ${percentsubject:$1} [P]

RewriteRule ^/owa$ owa/ [R]

<Location /owa>
ProxyPass http://exchange.public.org/owa
ProxyPassReverse http://exchange.public.org/owa
SSLRequireSSL

# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=www.public.org"
</Location>

<Location /OAB>
ProxyPass http://exchange.public.org/OAB
ProxyPassReverse http://exchange.public.org/OAB
SSLRequireSSL

# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=www.public.org"
</Location>

<Location /rpc>
ProxyPass http://exchange.public.org/rpc
ProxyPassReverse http://exchange.public.org/rpc
SSLRequireSSL

# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=www.public.org"
</Location>

<Location /ecp>
ProxyPass http://exchange.public.org/ecp
ProxyPassReverse http://exchange.public.org/ecp
SSLRequireSSL

# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=www.public.org"
</Location>

<Location /RpcWithCert>
ProxyPass http://exchange.public.org/RpcWithCert
ProxyPassReverse http://exchange.public.org/RpcWithCert
SSLRequireSSL

# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=www.public.org"
</Location>

# Enables Windows Mobile ActiveSync
<Location /Microsoft-Server-ActiveSync>
ProxyPass http://exchange.public.org/Microsoft-Server-ActiveSync
ProxyPassReverse http://exchange.public.org/Microsoft-Server-ActiveSync
SSLRequireSSL

# Rewrite the WWW-Authenticate header to strip out Windows Integrated
# Authentication (NTLM) and only use Basic-Auth
SetEnvIf User-Agent ".*MSIE.*" value
SetEnvIf User-Agent ".*MSIE.*" BrowserMSIE
Header Always Unset WWW-Authenticate
Header Always Add WWW-Authenticate "Basic realm=www.public.org"
</Location>

</VirtualHost>
#/Exchange
 
Old 03-14-2012, 11:29 PM   #2
xeleema
Member
 
Registered: Aug 2005
Location: D.i.t.h.o, Texas
Distribution: Slackware 13.x, rhel3/5, Solaris 8-10(sparc), HP-UX 11.x (pa-risc)
Posts: 987
Blog Entries: 4

Rep: Reputation: 248Reputation: 248Reputation: 248
Greetingz!

1) Please use "code" tags around outputs ( [code] & [/code] )
2) Having problems with a Self-Signed Cert? Why not setup a quick Certificate Authority for your domain? (Assuming it's not public-facing, else try CAcert)
It's quick, free (as in $$ and as in 'libre'), and it'll address a whole lot of other problems you have with SSL down the road.
 
Old 03-20-2012, 08:47 AM   #3
rvicker
Member
 
Registered: Jul 2005
Distribution: Fedora
Posts: 34

Original Poster
Rep: Reputation: 15
xeleema, First, for some reason the board didn't email me that you had responded, so sorry for the delay.

Second, oops, didn't see the [code] tags button.

Third, the only problem I am having is finding the correct procedure to import the Exchange's self signed certificate so that Apache will trust the Exchange server as a client to the reverse proxy. That or at least getting Apache to return web pages so that the browsers continue to use HTTPS:// rather than dropping them and back to HTTP://
 
  


Reply

Tags
exchange, frontend, proxypass


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] apache as a front end to a tomcat application jamesbon Linux - Server 17 02-03-2011 03:57 AM
Apache as front end for rtmp stream tkmsr Linux - Server 0 08-06-2010 07:29 AM
using Apache as a front end to a running Tomcat instance tkmsr Linux - Server 4 07-20-2010 09:32 AM
Multiple Apache - Front-end & Back-end in one server grant-skywalker Linux - Server 3 08-27-2008 02:04 PM
Apache+php => database front-end sylvaticus Linux - Server 0 01-09-2007 08:28 AM


All times are GMT -5. The time now is 02:04 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration