Untitled

user www-data;
worker_processes auto;
error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;

events {
        worker_connections 1024;
}

http {

upstream inside.example.lcl {
        server 192.168.1.1:443;
        keepalive 16;
        }

server {
        listen 80;
        listen [::]:80;
        server_name owa.contoso.com autodiscover.contoso.com;
        return 301 https://$host$request_uri;
}

server {
        listen 443;
        listen [::]:443;
        client_max_body_size 2G;

        ssl                     on;
        ssl_certificate         /etc/ssl/certs/chain.crt;
        ssl_certificate_key     /etc/ssl/private/priv.key;
        ssl_session_timeout     5m;
        ssl_session_cache shared:SSL:60m;

        ssl_prefer_server_ciphers On;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
        ssl_dhparam /etc/ssl/dhparams.pem;

        server_name owa.contoso.com;
        location / { return 301 https://owa.contoso.com/owa; }

        proxy_read_timeout 360;
        proxy_pass_header Date;
        proxy_pass_header Server;
        proxy_pass_header Authorization;

        proxy_pass_request_headers on;
        proxy_http_version 1.1;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Connection "Keep-Alive";
        proxy_request_buffering off;
        proxy_buffering off;

        location ~* ^/owa { proxy_pass https://inside.example.lcl;
        proxy_next_upstream error timeout invalid_header http_500 http_503; }
        location ~* ^/Microsoft-Server-ActiveSync { proxy_pass https://inside.example.lcl;
        proxy_next_upstream error timeout invalid_header http_500 http_503; }
        location ~* ^/ecp { proxy_pass https://inside.example.lcl;
        proxy_next_upstream error timeout invalid_header http_500 http_503; }
        location ~* ^/rpc { proxy_pass https://inside.example.lcl;
        proxy_next_upstream error timeout invalid_header http_500 http_503; }
        location ~* ^/ews { proxy_pass https://inside.example.lcl;
        proxy_next_upstream error timeout invalid_header http_500 http_503; }
        location ~* ^/OAB { proxy_pass https://inside.example.lcl;
        proxy_next_upstream error timeout invalid_header http_500 http_503; }
        location ~* ^/AutoDiscover { proxy_pass https://inside.example.lcl;
        proxy_next_upstream error timeout invalid_header http_500 http_503; }
        location ~* ^/mapi { proxy_pass https://inside.example.lcl;
        proxy_next_upstream error timeout invalid_header http_500 http_503; }

        error_log /var/log/nginx/owa-err.log;
        access_log /var/log/nginx/owa-acc.log;
        }
}