Did anyone solve this? Im facing the same issue. If needed I will provide more details of course!
Thanks in advance.
Yeah, it’s from 2017, so please fill out the help thread template.
1. Caddy version (caddy:latest
):
2. How I run Caddy:
Docker Compose File
a. System environment:
Docker on Ubuntu
c. Service/unit/compose file:
version: "3.3"
services:
caddy:
image: caddy:latest
restart: unless-stopped
container_name: 'caddy'
hostname: 'caddy'
ports:
- "80:80"
- "443:443"
volumes:
- ./config:/etc/caddy/
- ./site:/srv
- caddy_data:/data
- caddy_config:/config:ro
volumes:
caddy_data:
caddy_config:
networks:
default:
external:
name: reverse-proxy
d. My complete Caddyfile or JSON config:
mail.domain.de {
# internal dns to point on mailserver (owa works, only autodiscover is the problem)
reverse_proxy https://mail.domain.de {
# tls internal
transport http {
tls
tls_insecure_skip_verify
}
}
}
autodiscover.domain.de {
reverse_proxy https://autodiscover.domain.de {
# tls internal
transport http {
tls
tls_insecure_skip_verify
}
}
header {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote.host}
header_up X-Forwarded-For {http.request.remote.host}
header_up X-Forwarded-Port {http.request.port}
header_up X-Forwarded-Proto {http.request.scheme}
}
}
3. The problem I’m having:
I can’t connect from the outside with Outlook clients. OWA works, but Autodiscovery/Exchange Anywhere doesn’t.
4. Error messages and/or full log output:
caddy | {"level":"error","ts":1609339062.029815,"logger":"http.log.error","msg":"read tcp 172.25.0.4:36644->10.56.2.10:443:
read: connection reset by peer","request":{"remote_addr":"109.40.129.178:30478","proto":"HTTP/1.1","method":"RPC_IN_DATA",
"host":"mail.domain.de","uri":"/rpc/rpcproxy.dll?XXXXXXX@domain.de:6001",
"headers":{"Cache-Control":["no-cache"],"Connection":["Keep-Alive"],"User-Agent":["MSRPC"],"Cookie":["OutlookSession=\"{} Outlook=16.0.13231.20110 OS=6.2.9200 CPUArchitecture=9\"; ClientId=XXXXXXX"],"Pragma":["no-cache"],"Accept":["application/rpc"],"Content-Length":["1073741824"],"Authorization":["NTLM TlRMTVNTUAADAAAAGAAYAIIAAAAyATIBmgAAAAwADABYAAAACAAIAGQAAAAWABYAbAAAAAAAAADMAQAABYKIogoAYUoAAAAP0gKYc5+/y4flyXEXih6JaVMAWQBTAEMATwBNAHAAYQB0AHQAUwBNAEIATAAxADAAMQAzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFF7TQc4GStauqw680UmRO0BAQAAAAAAAPYq/Qy53tYBk/nfW3v5YwUAAAAAAgAMAFMAWQBTAEMATwBNAAEACABFAFgAMAAxAAQAFABzAHkAcwBjAG8AbQAuAGkAbgB0AAMAHgBFAFgAMAAxAC4AcwB5AHMAYwBvAG0ALgBpAG4AdAAFABQAcwB5AHMAYwBvAG0ALgBpAG4AdAAHAAgA9ir9DLne1gEGAAAAwAAAAAAAAAAEAAAAAIAAA/U4J9sGr5OnnRAb7gTU2aI29bIDgQMKABAAvxok2vq5qPGWhLl67S0A2QkAMABIAFQAVABQAC8AbQBhAGkAbAAuAHMAeQBzAGMAbwBtAC0AZwBtAGIAaAAuAGQAZQAAAAAAAAAAAA=="]},"tls":{"resumed":false,"version":771,"cipher_suite":49196,"proto":"","proto_mutual":true,"server_name":"mail.domain.de"}},"duration":119.476219477,"status":502,"err_id":"7pcxgbuv3","err_trace":"reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:441)"}
5. What I already tried:
Could this be related to this?:
https://github.com/caddyserver/caddy/issues/2732
When I use the Microsoft Connetion Analyzer, I get a cert error. Is Outlook ok with a let’s encrypt cert, or do I need to export the cert from my Exchange Server?
As this is in productive use, I changed port forwading back pls dont wonder.
FYI this block is not useful; this will try to replace a header called header_up
when it has the value X-Host
to {http.request.host}
, and so on (i.e. find and replace). Doesn’t make sense. See the header
docs:
header_up
is a reverse_proxy
subdirective, it’s not part of the header
directive.
And even then, you don’t need any of those, because the reverse_proxy
’s defaults handle that properly for you anyways:
This is not a subdirective to reverse_proxy
. tls
is its own directive, which allows you to configure TLS for incoming connections to your site.
Anyways, I don’t know much about Microsoft business software. One guess is that it might be using NTLM?
You could try installing this plugin then changing transport http
to transport http_ntlm
and see if it works:
Nevermind I don’t think it’s NTLM. Looking at your error logs, looks like it is MSRPC, because it has the HTTP method set to RPC_IN_DATA
, which is non-standard.
So you can’t realize this with caddy, as this is mentioned here: Reverse proxy MSRPC in Caddy v2 · Issue #2732 · caddyserver/caddy · GitHub?
EDIT: Ah, I saw your comment on GitHub
Yeah, not yet.
If you need this as soon as possible for business reasons, I recommend reaching out for a support contract:
Nah I don’t need it in the near future, was just playing around with it. I think then I’ll use an alternative.
Anyways, thank you very much for your input on this topic. Have a good New Year!
This topic was automatically closed after 30 days. New replies are no longer allowed.