This is a continuation of the thread titled "Reverse proxy with SSL,
redirects to non-SSL vhost."
I promised that after I figured things out I would post a solution
here. First, a brief description of the problem. I wanted to use
Apache 2.0 to serve as a reverse proxy to Outlook Web Access from
Exchange Server 2003. I wanted the browser-to-proxy connection to be
secured via SSL, but the proxy-to-OWA connection to be straight HTTP
(to reduce the SSL overhead). Finally, I wanted to only proxy the
specific directories that OWA uses, since I have other URLs for other
web-based applications on the same FQDN.
So, here's the solution. This configuration (as of my testing thus far) works.
<VirtualHost 1.2.3.4:443>
ServerAdmin webmaster DeleteThis @domain.com
ServerName extranet.domain.com
DocumentRoot /var/www/extranet
RequestHeader set Front-End-Https "On"
ProxyRequests Off
ProxyPreserveHost On
SSLEngine On
SSLCertificateFile conf/extranet-ssl-cert.pem
<Location /exchange>
ProxyPass
http://mail.domain.com/exchange
ProxyPassReverse
http://mail.domain.com/exchange
SSLRequireSSL
</Location>
<Location /exchweb>
ProxyPass
http://mail.domain.com/exchweb
ProxyPassReverse
http://mail.domain.com/exchweb
SSLRequireSSL
</Location>
<Location /public>
ProxyPass
http://mail.domain.com/public
ProxyPassReverse
http://mail.domain.com/public
SSLRequireSSL
</Location>
</VirtualHost>
I also added an entry to the HOSTS file on the OWA server that linked
extranet.domain.com to the OWA's own IP address, and linked the
extranet.domain.com host name to the Default Web Site on IIS. I don't
know yet if these made any difference.
The RequestHeader directive was the real key--this notified OWA to
construct all URLs using "https" instead of "http". It also seemed
that the ProxyPreserveHost directive was also necessary, or else the
proxy's FQDN was replaced with the internal FQDN.
I hope this configuration helps someone else.
--
Scott Lowe
FAQ
Profile
Private Messages
Log in
