Jonathan Matthews Wrote: ------------------------------------------------------- > On 14 August 2013 18:20, spacecwoboy <[email protected]> wrote: > > Hi. > > > > Trying to configure a reverse proxy to allow external access to an > outlook > > web access server. I am able to route traffic through the NGINX to > the OWA > > server, present the web page, and place the username & pw into the > form. > > OWA rejects valid username/pwd's with a: "Your session has timed > out...." > > error. > > > > Looking through my custom log files, somehow the session ID and the > expired > > values are munged in the GET & POST process through the proxy. > There may be > > a simple fix that I'm not able to find. Any suggestions will be > > appreciated! > > I have a vague recollection that OWA uses a nasty form of > authentication which *requires* that each client's end-to-end > connection to the backend be long-lived, and only used by that one > client (as the auth is done in the first few packets and not > repeated). I don't know how you'd configure that in nginx. > > I may be wrong about it, however. I've never tried Nginx in front of > OWA myself. This question comes up on the HAProxy list sometimes, and > it seems solvable by HAP users. > > Jonathan
Much Appreciated Jonathan - it prompted me to take some different testing steps. I pointed ngnix to a 'test' OWA back-end, which is a mirror of the prod environment, less the rigid SSL certs. Authentication passed right on through, everything was jive. I'll likely take a different route of trunking SSL to nginx, remove the OWA cert, then ipsec'ing the nginx server to the OWA server host-to-host. Seems that's the fairly common approach? ( This thread helped btw: http://forum.nginx.org/read.php?2,234641,234654#msg-234654 ) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,241856,241939#msg-241939 _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
