"
For about 1 month, we are using the os-caddy plugin as reverse proxy for Microsoft Exchange 2016 & 2019, because our central gateway will be replaced. Through the reverse proxy, only /Microsoft-Server-ActiveSync and /EWS/Exchange.asmx is accessible. Our customers can use there smartphones or any EWS compatible client (e.g. eM Client) to connect to there mailbox.
All is working fine, except sending emails throw EWS (Exchange Web Services).
In "Services\Caddy\Log File" we got the following error(s):
The Caddyfile:
Before we switched to OPNsense & os-caddy, we used a centralized Sophos UTM with the Web Application Firewall (WAF) and had no problems.
Edit: Currently we are using OPNsense 25.1.10
Can anybody help us?
Kindly,
Christian
All is working fine, except sending emails throw EWS (Exchange Web Services).
- Sending emails without any attachments works like a charme.
- Sending emails with attachments doesn't work since we switched to os-caddy.
In "Services\Caddy\Log File" we got the following error(s):
Code Select
"warn","ts":"2025-07-04T05:13:27Z","logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","upstream":"10.0.250.2:443","duration":0.020832445,"request":{"remote_ip":"xxx.xxx.xxx.xxx","remote_port":"40927","client_ip":"xxx.xxx.xxx.xxx","proto":"HTTP/1.1","method":"POST","host":"fqdn.anonymized.de","uri":"/EWS/Exchange.asmx","headers":{"Content-Type":["text/xml; charset=utf-8"],"Cookie":["REDACTED"],"X-Forwarded-Host":["fqdn.anonymized.de"],"Via":["1.1 Caddy"],"Accept-Encoding":["gzip, deflate"],"X-Clientstatistics":["MessageId=28ab40b6-8961-40aa-83c0-46c73c3f597f,ResponseTime=380,SoapAction=SubscribeToStreamingNotifications;"],"Content-Length":["754"],"User-Agent":["eM Client/10.3.2412.0 (ExchangeServicesClient/10.3.2412.0)"],"Accept":["text/xml"],"X-Forwarded-For":["xxx.xxx.xxx.xxx"],"X-Forwarded-Proto":["https"],"Authorization":["REDACTED"]},"tls":{"resumed":true,"version":771,"cipher_suite":49199,"proto":"","server_name":"fqdn.anonymized.de"}},"error":"reading: context canceled"}The Caddyfile:
Code Select
# DO NOT EDIT THIS FILE -- OPNsense auto-generated file
# caddy_user=root
# Global Options
{
log {
output net unixgram//var/run/caddy/log.sock {
}
format json {
time_format rfc3339
}
}
servers {
protocols h1 h2
}
grace_period 10s
import /usr/local/etc/caddy/caddy.d/*.global
}
# Reverse Proxy Configuration
fqdn.anonymized.de:443 {
tls /var/db/caddy/data/caddy/certificates/temp/684fd0fdd8aef.pem /var/db/caddy/data/caddy/certificates/temp/684fd0fdd8aef.key {
}
handle /Microsoft-Server-ActiveSync {
reverse_proxy https://10.0.250.2:443 {
transport http_ntlm {
tls_insecure_skip_verify
}
}
}
handle /EWS/Exchange.asmx {
reverse_proxy https://10.0.250.2:443 {
transport http_ntlm {
tls_insecure_skip_verify
}
}
}
}
import /usr/local/etc/caddy/caddy.d/*.conf
Before we switched to OPNsense & os-caddy, we used a centralized Sophos UTM with the Web Application Firewall (WAF) and had no problems.
Edit: Currently we are using OPNsense 25.1.10
Can anybody help us?
Kindly,
Christian
