• We did not send an email asking for donations - please read this post.

Exchange vs ProxyPass on Apache or NGINX


New Member
Dec 17, 2019
Reaction score
Hello IT, I have a problem with creating "proxypss" for Exchange 2019. If I created the configuration, I have a problem with NTLM :(
My config for Apache:

<VirtualHost *:443>
   ServerName mail.domain.com

   SSLEngine on

    SSLCertificateFile /etc/httpd/certs/2018-wildcard-domain-com.crt
    SSLCertificateKeyFile /etc/httpd/certs/2018-wildcard-domain-com.key
    SSLCertificateChainFile /etc/httpd/certs/GeoTrustRSACA2018.pem

   SSLProxyEngine on
   ProxyPreserveHost On

   Header always set X-Frame-Options SAMEORIGIN
   Header set Server Apache
   Header unset X-AspNet-Version
   Header unset X-OWA-Version
   Header unset X-Powered-By

   RequestHeader unset Expect early

   SetEnvIf User-Agent ".*MSIE.*" value BrowserMSIE
   Header unset WWW-Authenticate
   Header add WWW-Authenticate "Basic realm=mail.domain.com"

## ProxyRequests Off
   ProxyRequests On
   ProxyPreserveHost On
   ProxyReceiveBufferSize 4096

   SSLProxyVerify none
   SSLProxyCheckPeerCN off
   SSLProxyCheckPeerName off
   SSLProxyCheckPeerExpire off

   OutlookAnywherePassthrough On

   # Outlook Web Access(OWA)
   ProxyPass /owa
   ProxyPassReverse /owa

   # Outlook Anywhere / RPC over http(s) 
   ProxyPass /rpc
   ProxyPassReverse /rpc

   ProxyPass /ews
   ProxyPassReverse /ews

   ProxyPass /autodiscover
   ProxyPassReverse /autodiscover

   # Microsoft ActiveSync
   ProxyPass /Microsoft-Server-ActiveSync connectiontimeout=600
   ProxyPassReverse /Microsoft-Server-ActiveSync

   <Directory /Microsoft-Server-ActiveSync>
      SSLRenegBufferSize 31457280

My config for NGinx:
server {
    listen      443 ssl http2;
    server_name mail.domain.com;

    # Certificate(s) and private key
    ssl_certificate             /etc/nginx/certs/2018-wildcard-domain-com.crt;
    ssl_certificate_key         /etc/nginx/certs/2018-wildcard-domain-com.key;
    ssl_trusted_certificate     /etc/nginx/certs/GeoTrustRSACA2018.pem;

    include /etc/nginx/options-ssl-nginx.conf;

        proxy_connect_timeout   360;
        proxy_read_timeout      360;

        proxy_http_version 1.1;
        proxy_pass_request_headers on;

        proxy_pass_header Date;
        proxy_pass_header Server;

        proxy_pass_header       Authorization;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Accept-Encoding "";

        more_set_input_headers 'Authorization: $http_authorization';
        proxy_set_header Accept-Encoding "";
        more_set_headers -s 401 'WWW-Authenticate: Basic realm="$host"';
        #more_set_headers -s 401 'WWW-Authenticate: Basic realm=mail.domain.com';

        location = / {
            return 301 "/owa/";

        location = /favicon.ico {
            access_log off;

        location /rpc {  proxy_pass grpc://; }
        location / {  proxy_pass; }

        error_log /var/log/nginx/haproxy-error.log debug;
        access_log /var/log/nginx/haproxy-access.log;


Always i have error message:
"RPC_IN_DATA /rpc/[email protected]:6001 HTTP/1.1" 400 226 "-" "MSRPC"
"RPC_OUT_DATA /rpc/[email protected]:6001 HTTP/1.1" 500 273 "-" "MSRPC"

[proxy:error] [pid 12762:tid 139679617726208] (20014)Internal error (specific information not available): [client xx.xx.xx.xx:62044] AH01084: pass request body failed to xx.xx.xx.xx:443 (xx.xx.xx.xx)
[proxy:error] [pid 12762:tid 139679617726208] [client xx.xx.xx.xx:62044] AH00898: Error during SSL Handshake with remote server returned by /rpc/rpcproxy.dll
[W[proxy_http:error] [pid 12762:tid 139679617726208] [client xx.xx.xx.xx:62044] AH01097: pass request body failed to xx.xx.xx.xx:443 (xx.xx.xx.xx) from xx.xx.xx.xx ()

Can you help me ..? Thank you Michal.
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation

Members online