技术解析
我想在两台 Exchange2016 前加入 nignx ( Tengine )做反向代理和负载均衡。 现在遇到的问题是:OWA 可以正常访问,但是 Outlook ( Mac 端)配置时一直弹窗提示输入用户名和密码,正确输入后说用户名和密码错误。Windows 端也是类似的错误。
配置如下: #mail.test.com.conf
upstream test {
server xx.xx.xx.xx;
server xx.xx.xx.xx;
}
server {
listen 443 ssl;
server_name mail.test.com autodiscover.test.com;
include rules/ssl.conf; # 设置了服务器证书
location / {
index index.php;
proxy_pass http://test/;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_next_upstream error timeout;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_ignore_client_abort on;
}
}
server {
listen 80;
server_name mail.test.com autodiscover.test.com;
return 301 https://$host$request_uri;
}
#nginx.conf
worker_processes auto;
worker_cpu_affinity auto;
events {
worker_connections 65535;
use epoll;
}
http {
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
gatekeeper_module on;
fastcgi_connect_timeout 5;
fastcgi_send_timeout 10;
fastcgi_read_timeout 10;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
keepalive_timeout 60;
keepalive_requests 1024;
client_header_buffer_size 4k;
large_client_header_buffers 4 32k;
client_max_body_size 10m;
client_body_buffer_size 512k;
client_body_timeout 30;
client_header_timeout 10;
send_timeout 240;
proxy_connect_timeout 10s;
proxy_send_timeout 50s;
proxy_read_timeout 60s;
proxy_buffers 64 8k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 64k;
proxy_redirect off;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css text/xml application/xml+css application/json text/javascript;
gzip_vary on;
log_format main '$server_addr\t$host\t'
'$remote_addr\t$remote_user\t$http_x_forwarded_for\t'
'$time_local\t'
'$scheme\t$request\t'
'*#06#$status*#06#\t$upstream_status\t'
'$request_time\t$upstream_addr\t$upstream_response_time\t'
'$request_length\t$bytes_sent\t'
'$operationid\t$HTTP_DIDI_HEADER_SPANID\t'
'$http_referer\t$http_cookie\t$http_user_agent\t'
'$limit_rate';
access_log logs/access.log main;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 100.64.0.0/10;
real_ip_header X-Real-IP;
include conf.d/*.conf;
include sites-enabled/*;
}
另:当 Exchange 中的认证方式从 Windo美国服务器ws 认证改成 Basic 认证后,MAC 端 Outlook 配置成功了,但是 Win 端还不行。