Proxy Error – Reason: Error reading from remote server

Written by James McDonald

August 18, 2014

Using Apache as a Reverse Proxy to connect to an SBS 2011 server which runs Exchange Outlook Web Access and I kept getting “Proxy Error – Reason: Error reading from remote server” this occurred when I first connected to the reverse proxy server as follows:

<SBS 2011 OWA>—<Apache Reverse Proxy>—<Internet>—<client>

and discovered that a couple of environment variables added fixes the problem.

These are the settings:

# add these
SetEnv force-proxy-request-1.0 1 
SetEnv proxy-nokeepalive 1 
SetEnv proxy-initial-not-pooled 1 

This is the full config of the virtual host

<VirtualHost _default_:443>
  ServerName proxy01.example.com:443
  ErrorLog logs/ssl_error_log
  TransferLog logs/ssl_access_log
  LogLevel warn
  SSLEngine on
  SSLProtocol all -SSLv2
  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
  SSLCertificateFile /etc/httpd/ssl/crt/example_com.crt
  SSLCertificateKeyFile /etc/httpd/ssl/myserver.key
  SSLCertificateChainFile /etc/httpd/ssl/crt/example_com.ca-bundle
  <Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
  </Files>
  <Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
  </Directory>
  CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 ProxyPreserveHost On
 ProxyRequests Off
 ProxyVia On
 RewriteEngine On
 Timeout 600
 ProxyTimeout 600
 SetEnv force-proxy-request-1.0 1 
 SetEnv proxy-nokeepalive 1 
 SetEnv proxy-initial-not-pooled 1 
 SSLProxyEngine on
 RequestHeader set front-end-https "on"
 Header unset "WWW-Authenticate: NTLM"
 Header add WWW-Authenticate "Basic realm=NETBIOSDOMAINNAME"
 UseCanonicalName        Off
 RewriteRule ^/$ /owa [R]
        RewriteRule     ^(.*)?/iisadmin/? - [F]
        RewriteRule     ^(.*)?/samples/? - [F]
	# outlook web access 
	# 2010 doesn't work with scripts blocked
        # RewriteRule     ^(.*)?/scripts/? - [F]
        RewriteRule     ^(.*).ida$ - [F]
        RewriteRule     ^(.*).htw$ - [F]
        RewriteRule     ^(.*)./_vti/_. - [F]
        RewriteRule     ^(.*).idq$ - [F]
        RewriteRule     ^(.*).exe$      -       [F]
        RewriteRule     ^(.*)?/winnt/?    -       [F]
        RewriteRule     ^(.*)?/windows/?   -    [F]
        ProxyPass /Microsoft-Server-ActiveSync https://sbs01.local/Microsoft-Server-ActiveSync/
        ProxyPassReverse /Microsoft-Server-ActiveSync https://sbs01.local/Microsoft-Server-ActiveSync/
        ProxyPass /owa https://sbs01.local/owa
        ProxyPassReverse /owa https://sbs01.local/owa
        ProxyPass /OWA https://sbs01.local/OWA
        ProxyPassReverse /OWA https://sbs01.local/OWA
        ProxyPass /ecp https://sbs01.local/ecp
        ProxyPassReverse /ecp https://sbs01.local/ecp
        ProxyPass /Exchange https://sbs01.local/Exchange
        ProxyPassReverse /Exchange https://sbs01.local/Exchange
        ProxyPass /Public https://sbs01.local/Public
        ProxyPassReverse /Public https://sbs01.local/Public
        ProxyPass /ExchWeb https://sbs01.local/ExchWeb
        ProxyPassReverse /ExchWeb https://sbs01.local/ExchWeb
              
</VirtualHost>

 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Ubuntu on Hyper-v

It boils town to installing linux-azure # as root or sudo apt-get update apt-get install linux-azure...