Debian Administration

Debian and Apache2 as an OWA Front-end

My company has only one external IP address and a DNS host name from the same Internet Provider. There are also two Exchange 2000 servers, mxbsas and mxrng. Until now the users could access OWA (Outlook Web Access) from outside the company only via mxbsas, this is because you can't use IIS as a front-end and the Standard version of MSEX2000 does not support this feature.

We have other alternatives for this, like buying another IP address and host name or Install MSEX Enterprise, but we already have a Linux Debian server running as a anti-virus/anti-spam for incoming/outgoing mail. I decided to try Apache2 and mod_proxy. This is what we do:

1) Install apache2, it's easy on Debian:

	# apt-get install apache2

2) Activate mod_proxy, mod_headers and mod_rewrite:

	# a2enmod proxy
	# a2enmod headers
	# a2enmod rewrite

3) The Exchange servers are setup to work only on HTTPS, we can configure apache to have mod_ssl enabled. We already have a Certificate from Thawte for exchange which at the time of this configuration was about to expire, so we ask our provider to give us a certificate for Apache2. Anyway, this could be done with a Self Signed Certificate, this configuration was explained previously here.

4) Create a new site in /etc/apache2/sites-available, named owa (or whatever):

<VirtualHost *:443>

DocumentRoot "/var/www/owa"
ServerName mail.mycompany.com:443
ServerAdmin support@mycompany.com
DirectoryIndex index.html index.php

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key

SSLProxyEngine on

RewriteEngine On
RewriteRule	^/$	/exchange	[L,R]

RequestHeader set Front-End-Https On
ProxyRequests On
ProxyPreserveHost On
ProxyVia full

<Proxy *>
	Order deny,allow
	Allow from all
</Proxy>

    ProxyPass        /exchange https://mxbsas.example.local/exchange
    ProxyPassReverse /exchange https://mxbsas.example.local/exchange

    ProxyPass        /exchweb https://mxbsas.example.local/exchweb
    ProxyPassReverse /exchweb https://mxbsas.example.local/exchweb

    ProxyPass        /public https://mxbsas.example.local/public
    ProxyPassReverse /public https://mxbsas.example.local/public

    ProxyPass        /exchangerng https://mxrng.example.local/exchangerng
    ProxyPassReverse /exchangerng https://mxrng.example.local/exchangerng

</VirtualHost>

5) Enable the new site and restart apache2:

# a2ensite owa
# /etc/init.d/apache2 reload

6) The directory /exchange of server mxrng has to be renamed, in my config I use /exchangerng. Open IIS and rename the directory.

That's all, now to access the OWA you can use:

mxbsas users: https://mail.mycompany.com/exchange
mxrng users: https://mail.mycompany.com/exchangerng

Note: each exchange has its own /exchweb and /public directory, we only use the one from mxbsas. The directory /exchange from mxrng should be renamed or OWA won't work. The directories /excheb and /public could not be renamed because OWA does not work.

Add Comment Printable version

 

<<< A simple introduction to working with LVM Hosting multiple websites with Apache2 >>>