Jonathan Matthews Wrote:
-------------------------------------------------------
> On 14 August 2013 18:20, spacecwoboy <nginx-forum@nginx.us> wrote:
> > Hi.
> >
> > Trying to configure a reverse proxy to allow external access to an
> outlook
> > web access server. I am able to route traffic through the NGINX to
> the OWA
> > server, present the web page, and place the username & pw into the
> form.
> > OWA rejects valid username/pwd's with a: "Your session has timed
> out...."
> > error.
> >
> > Looking through my custom log files, somehow the session ID and the
> expired
> > values are munged in the GET & POST process through the proxy.
> There may be
> > a simple fix that I'm not able to find. Any suggestions will be
> > appreciated!
>
> I have a vague recollection that OWA uses a nasty form of
> authentication which *requires* that each client's end-to-end
> connection to the backend be long-lived, and only used by that one
> client (as the auth is done in the first few packets and not
> repeated). I don't know how you'd configure that in nginx.
>
> I may be wrong about it, however. I've never tried Nginx in front of
> OWA myself. This question comes up on the HAProxy list sometimes, and
> it seems solvable by HAP users.
>
> Jonathan


Much Appreciated Jonathan - it prompted me to take some different testing steps.

I pointed ngnix to a 'test' OWA back-end, which is a mirror of the prod environment, less the rigid SSL certs. Authentication passed right on through, everything was jive.

I'll likely take a different route of trunking SSL to nginx, remove the OWA cert, then ipsec'ing the nginx server to the OWA server host-to-host.

Seems that's the fairly common approach?

( This thread helped btw: http://forum.nginx.org/read.php?2,234641,234654#msg-234654 )

SpaceCwoboy
==========