Configuring Apache based, Reverse Proxy for OWA 
Notes before we begin
You will need Debian Linux installed, in this guide I’m using a clean install of Debian etch.
You will need SSL Certificate in order this guide to work for you. You may also use a self signed certificate, but it is recommended to use trusted certificate in production environment.
You must run all commands in this guide with root privileges.
Make sure you have updated your packages repository, and upgraded to latest packages. In Debian type:
# apt-get update
# apt-get upgrade
# apt-get dist-upgrade
In this guide I will install Apache 2 with apache2-mpm-prefork, this is, because with recommended (apache2-mpm-worker) MPM I had some proxy errors related to the Apache with mod_proxy module.
You may not experience this problem, so first try to install with recommended MPM first.
Here are some explanation about those MPMs:
apache2-mpm-worker: The worker MPM provides a threaded implementation for Apache2. It is considerably faster than the traditional model, and is the recommended MPM.
apache2-mpm-prefork: This Multi-Processing Module (MPM) implements a non-threaded, pre-forking web server that handles requests in a manner similar to Apache 1.3. It is appropriate for sites that need to avoid threading for compatibility with non-thread-safe libraries.
For easier understanding I will use an example names for Exchange and Internet Domain Name for OWA:
Exchange Server: exchange.local
OWA Internet address: owa.planetit.ws
You will need to replace them to you real names.
This guide may also work on other Debian based distributions, like Ubuntu, Xandros, Mint, or Nexenta Core (an OpenSolaris based distribution with Debian package base).
Install apache2, it's easy on Debian
# apt-get install apache2 apache2-mpm-prefork
Activate all required Apache modules
# a2enmod proxy
# a2enmod proxy_http
# a2enmod headers
# a2enmod rewrite
# a2enmod ssl
Make Apache to listen on port 443 (SSL)
# echo Listen 443 >> /etc/apache2/ports.conf
Create directories for certificates:
# mkdir /etc/apache2/ssl.crt
# mkdir /etc/apache2/ssl.key
Copy your certificate file to: /etc/apache2/ssl.crt/
Copy your certificate key file to: /etc/apache2/ssl.key/
Configure Apache for OWA
Create a dummy/fake placeholder for OWA WWW Root:
# mkdir /var/www/owa
Edit virtual host file for Apache, this is the main configuration for our OWA reverse proxy:
# jmacs /etc/apache2/sites-available/owa
Paste the following configuration to the host file, remember to replace example names to real names:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName owa.planetit.ws
ServerAdmin alex@planetit.ws
DocumentRoot /var/www/owa
DirectoryIndex index.htm index.html
RedirectMatch ^/$ https://owa.planetit.ws/exchange
RedirectMatch ^/exchange$ https://owa.planetit.ws/exchange
</VirtualHost>
NameVirtualHost *:443
<VirtualHost *:443>
ServerName owa.planetit.ws
ServerAdmin alex@planetit.ws
DocumentRoot /var/www/owa
DirectoryIndex index.htm index.html
# Set up SSL to work with this host
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/apache2/ssl.crt/owa.planetit.ws.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/owa.planetit.ws.key
# Redirect to '/exchnage' from '/'
RedirectMatch ^/$ /exchange
RewriteEngine On
# Fix a problem when '%' symbols are in the subject line of OWA email
# (the email subject is used in the web query)
RewriteMap percentsubject int:escape
RewriteCond $1 ^/exchange/.*\%.*$
RewriteRule (/exchange/.*) ${percentsubject:$1} [P]
RequestHeader set Front-End-Https "On"
ProxyRequests Off
ProxyPreserveHost On
ProxyVia On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /exchange https://exchange.local/exchange
ProxyPassReverse /exchange https://exchange.local/exchange
ProxyPass /exchweb https://exchange.local/exchweb
ProxyPassReverse /exchweb https://exchange.local/exchweb
ProxyPass /public https://exchange.local/public
ProxyPassReverse /public https://exchange.local/public
ProxyPass /iisadmpwd https://exchange.local/iisadmpwd
ProxyPassReverse /iisadmpwd https://exchange.local/iisadmpwd
ProxyPass /oma https://exchange.local/oma
ProxyPassReverse /oma https://exchange.local/oma
ProxyPass /Microsoft-Server-ActiveSync https://exchange.local/Microsoft-Server-ActiveSync
ProxyPassReverse /Microsoft-Server-ActiveSync https://exchange.local/Microsoft-Server-ActiveSync
ErrorLog /var/log/apache2/mailus-ssl-error_log
CustomLog /var/log/apache2/mailus-ssl-access_log common
</VirtualHost>
I will not go through each of the configuration in this file, it is beyond this guide, in shortly this configuration tells Apache forward all requests that come from “https://owa.planetit.ws” to Exchange server “exchange.local”. Also it is automatically redirects the entry requests from HTTP to HTTPS and from root “/” to “/exchange”.
After saving this file, you will need to enable this site:
# a2ensite owa
If from DMZ segment you cannot resolve internal LAN Domain Names, then add a local Exchange name to “/etc/hosts” file:
# echo 192.168.0.16 exchange.local >> /etc/hosts
Then, restart Apache:
# invoke-rc.d apache2 restart