Debian and Apache2 as an OWA Front-end
Posted by eddor1614 on Fri 30 Jun 2006 at 09:11
My company has only one external IP address and a DNS host name from the same Internet Provider. There are also two Exchange 2000 servers, mxbsas and mxrng. Until now the users could access OWA (Outlook Web Access) from outside the company only via mxbsas, this is because you can't use IIS as a front-end and the Standard version of MSEX2000 does not support this feature.
We have other alternatives for this, like buying another IP address and host name or Install MSEX Enterprise, but we already have a Linux Debian server running as a anti-virus/anti-spam for incoming/outgoing mail. I decided to try Apache2 and mod_proxy. This is what we do:
1) Install apache2, it's easy on Debian:
# apt-get install apache2
2) Activate mod_proxy, mod_headers and mod_rewrite:
# a2enmod proxy # a2enmod headers # a2enmod rewrite
3) The Exchange servers are setup to work only on HTTPS, we can configure apache to have mod_ssl enabled. We already have a Certificate from Thawte for exchange which at the time of this configuration was about to expire, so we ask our provider to give us a certificate for Apache2. Anyway, this could be done with a Self Signed Certificate, this configuration was explained previously here.
4) Create a new site in /etc/apache2/sites-available, named owa (or whatever):
<VirtualHost *:443> DocumentRoot "/var/www/owa" ServerName mail.mycompany.com:443 ServerAdmin email@example.com DirectoryIndex index.html index.php SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl/server.crt SSLCertificateKeyFile /etc/apache2/ssl/server.key SSLProxyEngine on RewriteEngine On RewriteRule ^/$ /exchange [L,R] RequestHeader set Front-End-Https On ProxyRequests On ProxyPreserveHost On ProxyVia full <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /exchange https://mxbsas.example.local/exchange ProxyPassReverse /exchange https://mxbsas.example.local/exchange ProxyPass /exchweb https://mxbsas.example.local/exchweb ProxyPassReverse /exchweb https://mxbsas.example.local/exchweb ProxyPass /public https://mxbsas.example.local/public ProxyPassReverse /public https://mxbsas.example.local/public ProxyPass /exchangerng https://mxrng.example.local/exchangerng ProxyPassReverse /exchangerng https://mxrng.example.local/exchangerng </VirtualHost>
5) Enable the new site and restart apache2:
# a2ensite owa # /etc/init.d/apache2 reload
6) The directory /exchange of server mxrng has to be renamed, in my config I use /exchangerng. Open IIS and rename the directory.
That's all, now to access the OWA you can use:
mxbsas users: https://mail.mycompany.com/exchange
mxrng users: https://mail.mycompany.com/exchangerng
Note: each exchange has its own /exchweb and /public directory, we only use the one from mxbsas. The directory /exchange from mxrng should be renamed or OWA won't work. The directories /excheb and /public could not be renamed because OWA does not work.