On 11/07/18 23:50, Mike Surcouf wrote: > I am sure Amos wont mind me saying but nginx is the right tool for that scenario. I don't mind the saying, but I disagree. The HTTP behaviour bugs I keep hearing about NGinX having tend to make other non-Squid proxies / servers be better when Squid itself is not top of the list. The only situation I recommend NGinX is when the admin in question already has a strong preference for using it. eg, being more trouble to learn something different to solve the problem at hand. That aside, the trouble with OWA is that it is email / SMTP software which grew limited HTTP capabilities, and is proprietary so nobody in our FOSS world actually knows what is intending to do with its messages and connections. Since HTTP and SMTP share message syntax but require very different behaviour decrypting the TLS is a bit risky and may break rather badly if the wrong connection happens to terminate at an HTTP proxy. Bugs and limitations in the OWA HTTP(S) code make for a rather tricky situation unless you can see exactly what is going on down to the TCP/IP level when troubleshooting. > -----Original Message----- > From: Pedro Guedes > > Hi > > I have been reading some material on this and > trying to reverse proxying squid on a diferent ssl port > like 2020 an then connect to port 443 on the exchange. > > Al the examples follow the configs on the 443 port, same > on squid and exchange. > > Looks like is no possible to putsquid listening on a diferent > port than 443 and then connecting to port 443 on > exchange. > > Is this true? No. Squid can easily do that. Just setup the http(s)_port [OWA client->Squid] and cache_peer [Squid->Exchange/OWA server] directives however you want. Whether it "works" in context of what OWA is doing is the questionable part, and not related to Squid. The problem is what the OWA server can do, what the client software can do - and what they tell each other in their messages. All of which has to cope perfectly with the custom port you told Squid to use. Otherwise you just see "broken". * Absolutely avoid URL-rewrite. This will only break things. Use proper HTTP redirect if you really have to, and avoid changing anything at the proxy if you can. * Avoid TPROXY and NAT intercept of the traffic. It can be coped with, but adds MANY problems that are best to avoid here. * Be careful of the TLS settings on the proxy. OWA has some odd and quite Microsoft specific things that is requires, and prefers. As you found OWA itself does not permit port changes (easily?). I'm not sure if it has improved in recent years with the "365" software conversions, used to be not possible at all. HTH Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
