The following howto describes how to set up FreeBSD to use as a reverse web proxy.
This example sets up FreeBSD as a reverse proxy for Exchange 2010 Outlook Web Access and Exchange ActiveSync.
I will be using Pound: http://www.apsis.ch/pound
The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web server(s). Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively.
Environment Setup:
FreeBSD IP Address: 192.168.2.26
Exchange Server IP Address: 192.168.2.22
OWA/ActiveSync Address: mail.contoso.com
Requirements
SSL Certificate in .pem format without strong key protection
Certificate must have private/public key pair.
Step 1: Install Pound from Ports
Step 2: Configure pound to start automatically
edit /etc/rc.conf and add
Step 3: Edit pound configuration
Edit /usr/local/etc/pound.cfg and add the follwing
This example sets up FreeBSD as a reverse proxy for Exchange 2010 Outlook Web Access and Exchange ActiveSync.
I will be using Pound: http://www.apsis.ch/pound
The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web server(s). Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively.
Environment Setup:
FreeBSD IP Address: 192.168.2.26
Exchange Server IP Address: 192.168.2.22
OWA/ActiveSync Address: mail.contoso.com
Requirements
SSL Certificate in .pem format without strong key protection
Certificate must have private/public key pair.
Step 1: Install Pound from Ports
Code:
#cd /user/ports/www/pound
#make install
Step 2: Configure pound to start automatically
edit /etc/rc.conf and add
Code:
pound_enable="YES"
Step 3: Edit pound configuration
Edit /usr/local/etc/pound.cfg and add the follwing
Code:
#Pound Conifguration
#IgnoreCase, xHTTP and TimeOuts are mandatory settings specific to OWA/ActiveSync
#TimeOut must me 3600 or greater to support ActiveSync
TimeOut 3600
LogLevel 5
IgnoreCase 1
#Basic HTTP Listener forwards all requests to the OWA URL
ListenHTTP
Address 192.168.2.26
Port 80
Service
Redirect "https://mail.contoso.com/owa/"
End
End
#The SSL Listener responsible for OWA and ActiveSync
ListenHTTPS
Address 192.168.2.26
Port 443
xHTTP 4
Cert "/usr/local/etc/pound/server.pem"
#Service Provides OWA Access
Service
Redirect "https://mail.contoso.com/owa/"
End
End
#The SSL Listener responsible for OWA and ActiveSync
ListenHTTPS
Address 192.168.2.26
Port 443
xHTTP 4
Cert "/usr/local/etc/pound/server.pem"
#Service Provides OWA Access
Service
Url "/owa*"
Backend
Address 192.168.2.22
Port 80
End
End
#Service Provides ActiveSync Access
Service
Url "/Microsoft-Server-ActiveSync*"
Backend
Address 192.168.2.22
Port 80
End
End
#Service Redirects all other URLs to the OWA page
Service
Redirect "https://mail.contoso.com/owa/"
End