Squi 0.4.0 Reverse proxy for Exchange 2013



  • Hello

    First of all everything is working fine in the reverse proxy
    EXCEPT for MAPI HTTP

    I needed to create
    web servers https with ip for Exchange

    Then a mapping
    mapp to webserver 443 Exchange
    URIs mydomaine.com/mapi

    Mapi over HTTP then works

    Is therer an issue with reverse proxy or my exchange config ?

    Thanks for help


  • Banned

    You are welcome to sponsor me with Exchange 2013 SP1 or newer box. Not to mention, I cannot figure out how would someone automate what you have described either. If you expect tick click done, I'd say it's extremely unrealistic. If you are willing to write a coherent one short paragraph of instructions, it can be put into the GUI.



  • Thank you

    Everything is working through the GUI

    When Mapi is thicked
    This ruled is in the conf

    acl OWA_URI_pfs url_regex -i ^https://mydomain.com/mapi.*$

    I think that you need to have also
    acl OWA_URI_pfs url_regex -i ^http://mydomain.com/mapi.*$

    Maybe I could write the rule in the conf file ?

    EDIT:
    this rule could work
    acl OWA_URI_pfs url_regex -i mydomain.com/mapi


  • Banned

    Lets put it in a different way; here's the relevant code:

    https://github.com/pfsense/pfsense-packages/blob/master/config/squid3/34/squid_reverse.inc#L205

    (On your machine, the file is in /usr/local/pkg/squid_reverse.inc. Make a backup, do the changes and post a unified diff (diff -u) adding whatever is needed there after you have tested that it works.)



  • I have identified 3 things not working for my config

    Here are the setup installed by the GUI for mapi and autodiscover

    acl OWA_URI_pfs url_regex -i ^https://mydomain.com/mapi.*$
    acl OWA_URI_pfs url_regex -i ^http://mydomain.com/AutoDiscover/AutoDiscover.xml
    acl OWA_URI_pfs url_regex -i ^https://mydomain.com/AutoDiscover/AutoDiscover.xml
    acl OWA_URI_pfs url_regex -i ^http://autodiscover.com/AutoDiscover/AutoDiscover.xml
    acl OWA_URI_pfs url_regex -i ^https://autodiscover.com/AutoDiscover/AutoDiscover.xml

    Here what is working for me:
    acl OWA_URI_pfs url_regex -i ^http://autodiscover.mydomain.com/.$
    acl OWA_URI_pfs url_regex -i ^https://autodiscover.mydomain.com/.
    $

    For mapi
    I don't know exactly how to write the rule but in the GUI the URI is:
    mydomain.com/mapi

    nothing before
    nothing after

    I have no idea how to commit this to github ?


  • Banned

    Starting to get an impression that you simply need to configure your Exchange properly, rather than messing with the package code.

    Autodiscover service



  • Sorry but those lines

    acl OWA_URI_pfs url_regex -i ^http://autodiscover.com/AutoDiscover/AutoDiscover.xml
    acl OWA_URI_pfs url_regex -i ^https://autodiscover.com/AutoDiscover/AutoDiscover.xml

    could not work at all
    http://autodiscover.com/

    this is a single domain

    at least this sould be

    http://autodiscover.MYDOMAIN.com/

    And in this case my settings are fine ;)
    (and I check …I think they are)



  • Made a little tweaking on exchange with this

    Get-AutodiscoverVirtualDirectory -server MYEXCHANGESERVER | Set-AutodiscoverVirtualDirectory -ExternalUrl ‘https://autodiscover.MYDOMAIN.com/Autodiscover/Autodiscover.xml’ -InternalUrl ‘https://autodiscover.MYDOMAIN.com/Autodiscover/Autodiscover.xml’

    After that
    Squid reverse is working perfectly for autodiscover

    Thank you for the issue in exchange

    BUT the issue with mapi resides
    and I have doubt on one of the syntax for autodiscover (uper comment)



  • OK for MAPI
    issue too on my part

    Get-MapiVirtualDirectory | Set-MapiVirtualDirectory -ExternalUrl https://MYDOMAIN.com/mapi
    IISRESET /noforce

    Everything is fine with Exchange

    MY BAD  :-X


  • Banned

    So, there are no more problems with this? As said, it's possible to put some hints in the GUI if you provide them, however I cannot see the package being the issue here?



  • You're 90% right

    acl OWA_URI_pfs url_regex -i ^http://autodiscover.com/AutoDiscover/AutoDiscover.xml
    acl OWA_URI_pfs url_regex -i ^https://autodiscover.com/AutoDiscover/AutoDiscover.xml

    are not correct

    this should work better
    acl OWA_URI_pfs url_regex -i ^http://autodiscover.mydomain.com/AutoDiscover/AutoDiscover.xml
    acl OWA_URI_pfs url_regex -i ^https://autodiscover.mydomain.com/AutoDiscover/AutoDiscover.xml

    Thanks for tips
    ;D


  • Banned

    But that's NOT what the code is doing? https://github.com/pfsense/pfsense-packages/blob/master/config/squid3/34/squid_reverse.inc#L211

    
    if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) {
    		$reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.');
    		$conf .= "acl OWA_URI_pfs url_regex -i ^http://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n";
    		$conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n";
    		$conf .= "acl OWA_URI_pfs url_regex -i ^http://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n";
    		$conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n";
    	}
    }
    
    

    You are still misconfiguring something somewhere… Are you putting things like example.com there, instead of hostname.example.com? You can try this via System Patches:

    
    --- a/usr/local/pkg/squid_reverse.inc       2015-10-12 20:05:27.278005880 +0200
    +++ b/usr/local/pkg/squid_reverse.inc    2015-10-14 10:14:29.035540786 +0200
    @@ -209,7 +209,11 @@
                    }
    
                    if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) {
    -                       $reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.');
    +                       if (substr_count($settings['reverse_external_fqdn'], ".") > 1) {
    +                               $reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.');
    +                       } else {
    +                               $reverse_external_domain = $settings['reverse_external_fqdn'];
    +                       }
                            $conf .= "acl OWA_URI_pfs url_regex -i ^http://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n";
                            $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n";
                            $conf .= "acl OWA_URI_pfs url_regex -i ^http://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n";
    
    


  • My settings are good this time
    In your 0.4.1 … All is good

    Thank again


  • Banned

    Thanks for testing.



  • Double checked the squid.conf

    Still an issue

    Now it's right
    Autodiscover.mydomai.com

    BUT missing The point between autodicover and mydomain
    In mynconf it's
    Autodiscovermydomain.com

    :-\


  • Banned

    Kindly test this. I won't be doing another 25 pull requests for this nonsense.

    
    --- /usr/local/pkg/squid_reverse.inc    2015-10-15 20:07:31.681133006 +0200
    +++ /usr/local/pkg/squid_reverse.inc    2015-10-16 08:23:52.568083417 +0200
    @@ -212,7 +212,7 @@
                            if (substr_count($settings['reverse_external_fqdn'], ".") > 1) {
                                    $reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.');
                            } else {
    -                               $reverse_external_domain = $settings['reverse_external_fqdn'];
    +                               $reverse_external_domain = ".{$settings['reverse_external_fqdn']}";
                            }
                            $conf .= "acl OWA_URI_pfs url_regex -i ^http://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n";
                            $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n";
    
    

    This will be fixed in 0.4.1.1; if it still doesn't work for you, kindly produce some fixes here yourself.



  • ok my pleasure

    How do I test this ?
    thanks again and again


  • Banned

    Use the system patches package. Or edit the one line manually.



  • working

    and in patch 4.1.1

    YOU ROCK !


  • Banned

    Uh, finally… Thanks for report.



  • You're very welcome


Log in to reply