Posted by eddor1614 on Fri 30 Jun 2006 at 09:11
My company has only one external IP address and a DNS host name from the same Internet Provider. There are also two Exchange 2000 servers, mxbsas and mxrng. Until now the users could access OWA (Outlook Web Access) from outside the company only via mxbsas, this is because you can't use IIS as a front-end and the Standard version of MSEX2000 does not support this feature.
We have other alternatives for this, like buying another IP address and host name or Install MSEX Enterprise, but we already have a Linux Debian server running as a anti-virus/anti-spam for incoming/outgoing mail. I decided to try Apache2 and mod_proxy. This is what we do:
1) Install apache2, it's easy on Debian:
# apt-get install apache2
2) Activate mod_proxy, mod_headers and mod_rewrite:
# a2enmod proxy # a2enmod headers # a2enmod rewrite
3) The Exchange servers are setup to work only on HTTPS, we can configure apache to have mod_ssl enabled. We already have a Certificate from Thawte for exchange which at the time of this configuration was about to expire, so we ask our provider to give us a certificate for Apache2. Anyway, this could be done with a Self Signed Certificate, this configuration was explained previously here.
4) Create a new site in /etc/apache2/sites-available, named owa (or whatever):
<VirtualHost *:443>
DocumentRoot "/var/www/owa"
ServerName mail.mycompany.com:443
ServerAdmin support@mycompany.com
DirectoryIndex index.html index.php
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
SSLProxyEngine on
RewriteEngine On
RewriteRule ^/$ /exchange [L,R]
RequestHeader set Front-End-Https On
ProxyRequests On
ProxyPreserveHost On
ProxyVia full
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /exchange https://mxbsas.example.local/exchange
ProxyPassReverse /exchange https://mxbsas.example.local/exchange
ProxyPass /exchweb https://mxbsas.example.local/exchweb
ProxyPassReverse /exchweb https://mxbsas.example.local/exchweb
ProxyPass /public https://mxbsas.example.local/public
ProxyPassReverse /public https://mxbsas.example.local/public
ProxyPass /exchangerng https://mxrng.example.local/exchangerng
ProxyPassReverse /exchangerng https://mxrng.example.local/exchangerng
</VirtualHost>
5) Enable the new site and restart apache2:
# a2ensite owa # /etc/init.d/apache2 reload
6) The directory /exchange of server mxrng has to be renamed, in my config I use /exchangerng. Open IIS and rename the directory.
That's all, now to access the OWA you can use:
mxbsas users: https://mail.mycompany.com/exchange
mxrng users: https://mail.mycompany.com/exchangerng
Note: each exchange has its own /exchweb and /public directory, we only use the one from mxbsas. The directory /exchange from mxrng should be renamed or OWA won't work. The directories /excheb and /public could not be renamed because OWA does not work.
This article can be found online at the Debian Administration website at the following bookmarkable URL:
This article is copyright 2006 eddor1614 - please ask for permission to republish or translate.