Resolved myself with heaps of reading...
I have 7.4 with more than one virtual host that has publically accessible fqdn. To achieve this ISP like setup, I built the SME server and all other server with a ficticious domain like private.local and setup everything in the network such that it is not routable from outside. In this scenario, only the SME server is publically accessible (and behind a WAG54GP2 router with ports 80, 443 open). I then went to DYNDNS.ORG and created an account and bought two domains for my own interests:
domainA.com
domainB.co.nz
and used the DynDNS administrator to setup cnames like:
www.domainA.com -> domainA.com
remote.domainA.com -> domainA.com
www.domainB -> domainB.co.nz
etc (you get 5 hosts per domain on a standrd account). Also, note, DynDNS does not sell co.nz domains, I had to buy that from domainz.com and point the DNS to DynDNS' DNS servers. In the end, any hosts point to my static IP address the good folks at World Exchange gave me for an extra $20. I know I am not using dynamic dns, but I already had a DynDNS account, which provides redundant DNS, so it seemed easier.
Then, I setup SME server with cool add-ons like Wordpress etc. in each iBay as required such that
www.domainA.com and
www.domainB.co.nz go to different Wordpress blogs by default (I used the FAQ on contribs.org and the instructons on wordpress.org to setup wordpress in an iBay).
On my LAN and on a 192.168.* address (non-routable) I have an exchange server.
My requirements are to have the OWA component available from outside the LAN and a 'home office' webpage.
So, to be difficult, I want
www.domainA.com to go to SME iBay and homeoffice.domainA.com to go to Windows server - iis.private.local and have iis.private.local/owa work correctly.
This is so that I can 'hide' IIS and my Exchange behind Apache, and later, a single certificate (I have not done this yet).
To achieve this, Apache must resolve everything to iBays, as it does, except that one virtual host and it's /owa directories.
1. Enable SSLProxy:
- create a file /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/35SSLProxyEngine containing only the words "SSLProxyEngine on" on a single line, no quotes.
2. Using this threads info as above, except, include a VirtualHosts directive for the remote domain:
- create a file /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/76ProxyPass
which looks like this:
# Forward remote.domainA.com to iis.private.local
<VirtualHost 0.0.0.0:80>
ServerName remote.domainA.com
ProxyPass / http://iis.private.local/
ProxyPassReverse / http://iis.private.local/
</VirtualHost>
<VirtualHost 0.0.0.0:443>
ServerName remote.domainA.com
ProxyPass / https://iis.private.local/
ProxyPassReverse / https://iis.private.local/
# Preserve meta info in the http line as a resolvable request
ProxyPreserveHost On
#OWA % character in email subject fix
RewriteEngine On
RewriteMap percentsubject int:escape
RewriteCond $1 ^/exchange/.*\%.*$
RewriteRule (/exchange/.*) ${percentsubject:$1} [P]
#OWA
ProxyPass /exchange https://iis.private.local/exchange
ProxyPassReverse /exchange https://iis.private.local/exchange
ProxyPass /owa https://iis.private.local/owa
ProxyPassReverse /owa https://iis.private.local/owa
ProxyPass /Exchange https://iis.private.local/exchange
ProxyPassReverse /Exchange https://iis.private.local/exchange
ProxyPass /exchweb https://iis.private.local/exchweb
ProxyPassReverse /exchweb https://iis.private.local/exchweb
ProxyPass /public https://iis.private.local/public
ProxyPassReverse /public https://iis.private.local/public
ProxyPass /iisadmpwd https://iis.private.local/iisadmpwd
ProxyPassReverse /iisadmpwd https://iis.private.local/iisadmpwd
#OMA
ProxyPass /oma https://iis.private.local/oma
ProxyPassReverse /oma https://iis.private.local/oma
#ActiveSync (for WM5+ devices)
ProxyPass /Microsoft-Server-ActiveSync https://iis.private.local/Microsoft-Server-ActiveSync
ProxyPassReverse /Microsoft-Server-ActiveSync https://iis.private.local/Microsoft-Server-ActiveSync
# End of Exchange settings
</VirtualHost>where iis.private.local is the private instance of IIS. and remote.domainA.com is a publically addressable domain that resolves to the public side of the SME server. To be sure this works, you must be able to resolve iis.private.local from the sme server (add a hostname record with correct internal IP address). Ensure the Integrated Authentication is disabled for OWA (leave basic auth on).
3. Expand template
- expand-template /etc/httpd/conf/httpd.conf
4. Restart the E-Smith webserver
- sv restart httpd-e-smith
Note: You can use IPaddresses, but I find this cumbersome to maintain and open to error. All fqdns must be resolvable internally and externally respectively. If this is confusing, start small. Also, IIS will not have a default page for you except to say the site is under construction, you must create a basic webpage with a link to the owa page if you wish to have good WAF (wife acceptance factor).
Testing:
From another computer at your mates place/internet cafe, go to
http://www.domainA.com, it should go to the wordpress server as you have setup.
http://www.domainB.com should go to that other wordpress server as setup by yourself. If you go to any https site, it should also give you a certificate and open the respective wordpress server as setup.
But. If you go to
http://remote.domainA.com or
https://remote.domainA.com it should go to the IIS server and on no other address (allowing you to start selling webhosting without fear your customer stumbles onto your IIS). Next step, create a default page on IIS that has useful information for your own home office and includes links to webamil for people who cannot remember long or confusing urls etc.
Resources that matter apart from this excellent thread:
http://bugs.contribs.org/show_bug.cgi?id=1612http://wiki.contribs.org/SME_Server:Documentation:FAQ#Proxy_Pass - does not work for https!
..and the usual apache doco and where would I be without Google?