Microsoft Exchange 2010
Recently I had to setup a server where Microsoft Exchange should be accessable through the web through HTTPS and to allow for mail to be delivered through port 25 (the standard SMTP port) on an external address. Naturally I did not want the Exchange Server itself accessable from the outside world:
/-------------\ Linux NAT and Firewall +---------------+
/ / +-----------+ | Exchange 2010 |
| Internet / | Gentoo | +--------+------+
\ +----------+ Lighttpd | |
\-----------/ | +------------------+
+-----------+
We need to forward all SMTP traffic to to Exchange so:
iptables -t nat -A PREROUTING -i eth0 --proto tcp --dport 25 -j DNAT --to-destination 192.168.1.123
Simple enough.
Setup Exchange to Accept Plain HTTP Connections
We are actually implmenting something called SSL Offloading here so all we need to do is tell Exchange that HTTP has been offloaded. This is a registry setting so be careful:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA
Under this key make a new REG_DWORD named
SSLOffloaded and set the value to 1.
Finally, you will need to change the configuration in IIS so that IIS will not insist on SSL.
In IIS manager go to Sites\Default Web Site\owa then
doible click on SSL Settings and remove the tick from
Require SSL.
Lighttpd Setup
Reverse Proxy Configuration for Lighttpd is like any other:
proxy.server = ("/owa" => ("localhost" => ("host" => "192.168.1.123", "port" => 80 ) ) )
Make sure that mod_proxy is loaded in your config and that you have the SSL certificate configured.