How can I use nginx to act as a proxy for axigen?

penguin · August 4, 2020, 7:26pm

I have a nginx web server set up to host on port 80 and 443, which means I can’t access the axigen web portal. Is there a way I can tell nginx to simply go to where it needs to when on the mail.X subdomain? Here is my nginx config right now:

server {
listen 80;
listen [::]:80;
server_name mail.epenguin.net www.mail.epenguin.net;
server_tokens off;
client_max_body_size 250m;
location / {
gzip off;

proxy_read_timeout	3600;
proxy_connect_timeout	300;
proxy_redirect		off;

proxy_set_header	Host			$http_host;
proxy_set_header	X-Real-IP		$remote_addr;
proxy_set_header	X-Forwarded-Ssl		on;
proxy_set_header	X-Forwarded-For		$proxy_add_x_forwarded_for;
proxy_set_header	X-Forwarded-Proto	https;
proxy_set_header	X-Frame-Options		SAMEORIGIN;
    
proxy_pass http://localhost:443;
}

}

campbep · January 31, 2021, 11:29pm

Hi penguin,

were you ever able to get your reverse proxy working? I am trying to do this myself and I can get to the webmail page, but can’t login after that .

The internet seems void of this issue , like no one has done it before.

actexas · August 12, 2021, 2:26pm

server {
#############Begin Server and Listener Specific Configuration##########
listen 443 ssl;
server_name mail(dot)domain(dot)net www(dot)mail(dot)domain(dot)net;
access_log /var/log/nginx/access.log combined_ssl;
#Certificate & Key .PEM Format
ssl_certificate /etc/nginx/pub/ssl.crt;
ssl_certificate_key /etc/nginx/ssl.key;
#PFS
ssl_dhparam /etc/nginx/dhparam2.pem;
#CIPHERS AND COMMON ATTRIBUTES
ssl_session_cache shared:SSL:10m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES256+EECDH:AES256+EDH:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:!ECDHE-RSA-AES128-SHA256:!AES-256-CBC:!ECDHE-RSA-AES128-GCM-SHA256:!ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:!AES128-GCM-SHA256:DHE-RSA-AES256-SHA:!RC4-SHA:!RC4:HIGH:!MD5:!aNULL:!EXP:!EDH:!ADH:!LOW;

#Listener Specific Settings Below
client_max_body_size 250M;
#End Configuration Parameters Global to this Listener

Our Axigen Webmail sits behind nginx;
#Active Sync Forwarding/Routing
location ~* ^/Microsoft-Server-ActiveSync {
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#Added for viewing client IP and SSL protocol in security.log of Axigen.
proxy_set_header User-Agent “${remote_addr}///${ssl_protocol}__${ssl_cipher}///${http_user_agent}”;
proxy_set_header X-Real-IP $remote_addr;
proxy_read_timeout 500s;
proxy_send_timeout 500s;
fastcgi_read_timeout 500s;
fastcgi_send_timeout 500s;
proxy_pass http:/ /127.0.0.1:8080;
}
location /EWS/ {
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http:// 127.0.0.1:8080/EWS;
}

#End Active Sync
############################
#Root Webhost - WebMail Access Portal
location / {
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#Added for viewing client IP and SSL protocol in security.log of Axigen.
proxy_set_header User-Agent “${remote_addr}///${ssl_protocol}__${ssl_cipher}///${http_user_agent}”;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http:/ / 127.0.0.1:8080;
proxy_read_timeout 90s;
}
#Root Webhost - End WebMail Portal
#######################################
}

server {
listen 80;
#We don’t want any non ssl traffic so redirect them all…
server_name mail(dot)domain(dot)net www(dot)mail(dot)domain(dot)net;
return 301 https:/ /$server_name$request_uri;
}