Finding a reverse proxy for Exchange
We didn't want to expose our MS Exchange servers directly to the internet, so we decided to use a reverse proxy.
We wanted to use free software. I always wanted to do something with nginx, so I gave it a try. The configuration was mostly based on this article. At first it seemed to work fine, the Connectivity Analyzer showed good results (except for RPC, but this is OK, because it is deprecated).
But after a while, we faced some strange problems: From time to time, clicking on OWA's menu items did nothing. Connecting to Exchange using MAPI over HTTP worked in the beginning, but after a while, it ceased to work.
But it worked fine for ActiveSync and that was the most important thing.
Because of the small shortcomings of the nginx reverse proxy, I wanted to give Apache a try. I created a configuration based on this german tutorial, but it didn't work. I never figured out the reason, but somehow, requests passed to the Exchange were denied by the Exchange. So I abandoned the idea of using Apache very quickly.
Despite its small shortcomings, the nginx reverse proxy worked fine for nearly two years. But in 2023 it was suddenly broken. I had to reboot it every few hours to make it work again.
So I tried HAProxy on a virtual machine with OPNsense. I have to admit that I'm impressed. It just works :) Everything is fine for the Connectivity Analyzer, even MAPI over HTTP works (although it is a little bit slow).
I used a german tutorial for creating the basic config and made some enhancements like using ACLs and monitors.
When my config is mature enough, I will publish it here.
So, I think HAProxy is the best way to go for our Exchange servers. No offense to nginx and Apache, I guess they work fine for most environments. I don't know what is wrong in ours.
Published on 2023-04-12, 18:36 +0000