(SOLVED) I need an os-caddy user with an Exchange Server who can test something

Started by Monviech (Cedrik), July 03, 2024, 08:49:57 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 03, 2024, 08:49:57 PM Last Edit: July 04, 2024, 08:45:36 AM by Monviech
Hey,

I am going to roll out a change to the os-caddy plugin that needs some testing.

I need somebody who runs os-caddy and an Exchange Server 2016 or higher and is currently reverse proxying it with os-caddy, and also uses an external Outlook 2016 or higher client. (Maybe I'm lucky xD)

There's this feature called NTLM transport in Caddy that is compiled in. In these PRs, I have implemented HTTP version and HTTP keepalive in order to see if they can replace NTLM in the future.

The NTLM module says, it is essentially doing HTTP "versions 1.1" and "keepalive off".
https://github.com/caddyserver/ntlm-transport

So, if anybody could test if these options will still make an Outlook 2016 or higher Client connect successfully to a reverse proxied Exchange Server, would be highly appreciated.

Instead of "NTLM", HTTP Version "HTTP1.1" and HTTP Keepalive "0" have to be chosen.

It works when Outlook has no authentication popup that won't go away.

I want to be able to decide if I can phase the NTLM module out or not.

PRs:
https://github.com/opnsense/plugins/pull/4072
https://github.com/opnsense/plugins/pull/4071

Thank you~
Hardware:
DEC740
July 04, 2024, 08:45:22 AM #1
I was lucky and got my hands on Exchange 2019 and Outlook 2019 behind Caddy, and I could verify that the transport http_ntlm module is still needed. It can't be replicated with the transport http module. So, NTLM will stay indefinitely until it won't work anymore.
Hardware:
DEC740
Today at 07:38:43 PM #2
Hello

Old thread, I know... Next time you need some one please count me in. I am 20y+ lead Exchange Engineer for an international company. Running exchange cluster with load balancer at home and so on... I can test probably anything you could ask for.

Just finished migrating from Sophos UTM to OPNsense. Very last missing piece is my beloved exchange... Had reverse proxy, waf, form-based custom login page with reverse auth etc. So let's see if I can get all this up and running with Caddy. :)

Best,
Houbi
Today at 08:07:16 PM #3
I also added the exchange feature and more in OPNWAF (which is Apache based) so it might be the better choice if you have some more enterprise requirements.

Its only in the business edition though but I know of quite a few customers using it successfully.

https://docs.opnsense.org/vendor/deciso/opnwaf.html#exchange-server

But in caddy it works too, still, as far as I know.
Hardware:
DEC740
Print
Go Up Pages1
User actions