I have an Exchange 2007 Environment that I am upgrading to Exchange 2010. I have Squid configured as a reverse proxy, and I placed it in front of my Exchange 2007 CAS server. Both servers are located in the same Active Directory site.
Exchange 2010 does not allow OWA proxying to Exchange 2007 servers in the same AD site, and Microsoft requires OWA redirection during the co-existence period (fortunately, this is not the case with ActiveSync). Since I have a very limited pool of public IP addresses (translation: none to spare), and I need to have OWA available for users during the testing phase, I was hoping to configure Squid to act as the reverse proxy for both CAS servers.
The issue that I am running into, though, is that when I configure Squid to handle both OWA2007 and OWA2010, it will only serve traffic to the first OWA item listed in the config, and any traffic addressed to the other OWA site gets redirected to the first.
If I list owa2010.domain.local as the first item in the config, and I attempt to go to owa2007.domain.local, Squid directs me to the OWA2010 site.
Here is a copy of the configuration that I am testing.
visible_hostname OWA2010.domain.local
extension_methods RPC_IN_DATA RPC_OUT_DATA
https_port 443 cert=/usr/local/squid/certs/cert.crt key=/usr/local/squid/certs/cert.nopass.key defaultsite=OWA2010.domain.local
cache_peer 192.168.1.254 parent 443 0 no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER sslcert=/usr/local/squid/certs/exchange.crt sslkey=/usr/local/squid/certs/nopassexchange.key name=owa2010
acl OWA dstdomain OWA2010.domain.local
cache_peer_access owa2010 allow OWA
never_direct allow OWA
http_access allow OWA
miss_access allow OWA
visible_hostname OWA2007.domain.local
extension_methods RPC_IN_DATA RPC_OUT_DATA
https_port 443 cert=/usr/local/squid/certs/cert2.crt key=/usr/local/squid/certs/webmail2nopass.key defaultsite=OWA2007.domain.local
cache_peer 192.168.1.1 parent 443 0 no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER sslcert=/usr/local/squid/certs/exchange.crt sslkey=/usr/local/squid/certs/nopassexchange.key name=owa2007
acl OWA2 dstdomain OWA2007.domain.local
cache_peer_access owa2007 allow OWA2
never_direct allow OWA2
http_access allow OWA2
miss_access allow OWA2
I'm not sure what I need to change to make Squid work as a reverse proxy for two OWA servers. Can anyone help me find what I'm doing wrong?
Edit: I forgot to mention that this is the Squid 2.6 package that ships with CentOS 5. My squid machine is running CentOS 5.7.
Best Answer
I found a solution using NginX, and I've decided to replace Squid.
Edit Per comment from Warren, I am going to expand upon this solution. I apologize for the brevity of the previous answer.
I was unable to find a way to make Squid work for multiple OWA sites, and I could not get my configuration to work. I did find a configuration example for NginX that supported multiple SSL sites, and I combined that with the configuration for OWA. Based on my testing, the NginX configuration provided a method for me to do what I was looking for and I decided to replace Squid.
The particular issue that it solved was that Squid would not redirect to owa2007.domain.local when owa2010.domain.local was the first site listed in the config (and vice versa). My testing with the config I built after reading the sites below has shown that this is not a problem with NginX.
Sources: http://planetit.ws/linux/debian/configuring-nginx-based-reverse-proxy-for-owa.html http://blog.peacon.co.uk/wiki/NginX_Reverse_Proxy_Configuration http://nginx.org/en/docs/http/configuring_https_servers.html