Hi All,

Business Objective
Outside users (users travelling) should be able to access their email through NGINX and it should redirect the connection to my Internal Exchange server for authentication and access:
1. OWA
2. Outlook Anyway
3. ActiveSync


My environment info:
Client email access through External Proxy server is mail.example.com, IP 223.153.119.18.
External DNS A record for mail.example.com point to IP 223.153.119.18

Internal Exchange server is EX-01.example.com with internal IP 10.10.10.11
Internal DNS A record for mail.example.com point to 10.10.10.11

So, if you noticed, all the outside user's email client will look for mail.example.com with external IP 223.153.119.18.


Problem:
From outside my office, i used my laptop to test.

1. Open browser, https://mail.example.com/owa
Authentication is pop up and i entered my credentials but it keep failing.

2. Outlook Anywhere got the pop up for authentication but it still keep failing too.

Remark: Remember mail.example.com i entered in my browse will point to my external ip 223.153.119.18





Hope ny looking at my below nginx config file, the NGINX or the Exchange expert can spot my mistake.




Below is my NGINX config:
worker_processes 1;

events {
worker_connections 1024;
}

http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;

sendfile on;
#tcp_nopush on;

#keepalive_timeout 0;
keepalive_timeout 65;

#gzip on;

server {
listen 80;
server_name www.example.com;

location / {
root html;
index index.html index.htm;
}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

access_log logs/www.access.log main;
error_log logs/www.error.log;
}


# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;

# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;

# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;

# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;

# location / {
# root html;
# index index.html index.htm;
# }
#}

server {
listen 443 ssl;
server_name mail.example.com autodiscover.example.com;

ssl_certificate /etc/ssl/certs/mail.example.com.crt;
ssl_certificate_key /etc/ssl/private/mail.example.com.rsa;
ssl_session_timeout 5m;

client_max_body_size 3G;
tcp_nodelay on;

proxy_request_buffering off;
proxy_http_version 1.1;
proxy_read_timeout 360;
proxy_pass_header Date;
proxy_pass_header Server;
proxy_pass_header Authorization;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
proxy_set_header Accept-Encoding "";
proxy_buffering off;
proxy_set_header Connection "Keep-Alive";

location / {
#return 301 https://$host$request_uri;
#return 301 https://ex-01.esuria.local/owa;
#return 301 https://10.10.11.11/owa;
return 301 https://mail.example.com/owa;
}

location ~* ^/owa {
proxy_pass https://EX-01.example.com;
}

location ~* ^/Microsoft-Server-ActiveSync {
proxy_pass https://EX-01.example.com;
}

location ~* ^/rpc {
proxy_pass https://EX-01.example.com;
}

location ~* ^/ews {
proxy_pass https://EX-01.example.com;
}

location ~* ^/autodiscover {
proxy_pass https://EX-01.example.com;
}

access_log /usr/local/nginx/logs/mail.access.log main;
error_log /usr/local/nginx/logs/mail.error.log;
}
}