Exchange Server and Caddy

Hi,

I have a domain pointing to my external address.
Got multiple but wanna see if this is going to work for my second place where I have only 1 external IP.

I want to setup DNS names for other servers / devices inside the network like: dev1.[domain].[com] dev2.[domain].[com] works fine like it supposed with Caddy Proxy:

Example:

dev1.[domain].[com] {
proxy / http[://]192.168.1.4:8080
}

Problem;

Exchange server is not happy with the above. When we try:

[domain].[com] in this example is the external domain that the exchange server is using and clients are connecting to.

[domain].[com] {
	proxy / https[://]10.10.0.83/
}

But when I now go to [domain].[com] I get 502 Bad Gateway.

How can i solve it so that the https traffic of the Main domain gets forwarded transparently if possible to the exchange server so that all other exchange things like active sync etc. also keep working.

The Exchange Server has its own Valid Certificate.

Please let me know

Had to add the [] because I cannot post more than 2 links.

Good to mention; I installed Caddy on a Clean Debian 8 Machine

Hi @kavaa, welcome to the Caddy community.

I’m not all that familiar with Exchange server, but I think that the base domain doesn’t resolve to a webpage over standard HTTP(S), I believe you need to redirect / to /owa.

I also believe Exchange is reverse proxy aware, so setting transparent should give it some additional info about clients connecting through Caddy.

Lastly, it’s highly unlikely that your Exchange server has a valid certificate for a private IP address. Assuming you haven’t issued it via your own CA and distributed the CA certificate to the Caddy machine’s trusted store, you’ll want to skip verification of the SSL certificate.

example.com {
  proxy / https://10.10.0.83 {
    transparent
    insecure_skip_verify
  }
}

I understand that ActiveSync works over :443, so with a working proxy this should function without an issue.

1 Like

Seems to work perfectly.
I’ll test it some more during the day.

Ok I have some additions.

I had to modify the caddy file to get exchange to work.

Current Caddy File:

domain.com {
proxy / https://10.10.0.83 {
    transparent
    insecure_skip_verify
  }
}

db01.domain.com {
proxy / https://10.10.0.83 {
    transparent
    insecure_skip_verify
  }
}

mail.domain.com {
proxy / https://10.10.0.83 {
    transparent
    insecure_skip_verify
  }
}

exchange.domain.com {
proxy / https://10.10.0.83 {
    transparent
    insecure_skip_verify
  }
}

I had to add the “Name of the exchange server witch is Exchange”
I had to add the mail record and the name of the DB (db01)

I found this because there were no messages going in or out.
Than I Opened the Exchange Toolbox and went to the Message Tracker and saw a whole queue in there.

You can see the errors in the image above.
I got to testing and adding the mail and exchange record fixed the outgoing.
And the db01 record fixed the delivery to the mailbox.

Don’t know why this is maybe someone knows but all seems to work now.

1 Like

Glad to hear! Your solution will probably be quite useful for future readers.

If the definition blocks are the same across all those subdomains, you could tidy up the Caddyfile by combining the site labels and sharing the one definition block:

domain.com, db01.domain.com, mail.domain.com, exchange.domain.com {
  proxy / https://10.10.0.83 {
    transparent
    insecure_skip_verify
  }
}

Thanks for the advice.

I only run into a problem with the Exchange Autodiscover.
That does not want to work.
Since I played to mush with the live environment now, i’ll create a test one to test the Exchange Autodiscover.
And see how that works out.

Since the Autodiscover protocol works with multiple steps and weird ways.

Maybe someone knows? And how to get this working with Caddy.
Except Outlook does not agree with auto discover (Windows and Mac)

Everything else works fine even iPhone :smiley: with Autodiscover of settings.

Maybe add autodiscover.domain.com to your list of labels? Your clients might want that endpoint available instead of checking example.com/autodiscover/autodiscover.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.