// // Leave a Comment

Step By Step Guide to Configure Apache as a Reverse Proxy for Lync 2010 & Lync 2013

As everyone knows Microsoft discontinued Microsoft Forefront solutions from next releases. So in order to publish Lync web services now users are depends on third party solutions such as IIS ARR and Apache server. Today I am going to install and configure Apache 2.4 in my test set-up as a reverse proxy for my co-existence Lync 2010 & Lync 2013.
For this article all credit goes to Drago 
For Revere proxy server you will need to network cards. One for Inside network without Gateway & DNS & second one for Outside network with gateway & DNS as shown below.

Inside Network Settings

Outside Network Settings

Now lets start the Apache installation, Download Apache Server from http://httpd.apache.org/download.cgi
Start the installation,

Next make sure Apache service is bind to the reverse proxy outside interface which is connected internet. Now navigate to C:\Program Files (x86)\Apache Group\Apache2\conf folder to modify httpd.conf in notepad.

Now locate the line “#Listen” and add below line after that 
Listen 443
 (i.e. outside interface IP address which is going to listen traffic)

Now go to Windows Services & check Apache Service is up & running as shown below,

Now to test wheher Apache server is working or not, open Internet explorer & open below URL,  i.e. IP address of outside interface which is listening port 80 & 443 traffic.

Add below firewall exception on apache server to allow port 80 & https traffic,

netsh advfirewall firewall add rule name="Apache-80" dir=in action=allow protocol=TCP localport=80
netsh advfirewall firewall add rule name="Apache-443" dir=in action=allow protocol=TCP localport=443

Now we have allowed port 80 & 443 on Windows firewall. Next open 443 & 80 on your firewall (gateway in my case cisco asa) & NAT it to public IP address. Open NATed IP address from Internet public computer. You will get below screen means you'r test passed.

Now all our tests are passed, we are going to use Apache as reverse proxy to publish lync web services via Apache. So we will need SSL certificates to be imported in Apache. So we will need to modify httpd.conf same as above steps,
Open httpd.conf in notepad & uncomment below lines as shown,
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule ssl_module modules/mod_ssl.so
Save https.conf & restart Apache service.

Now we are going to SSL certificate, I am going to use GoDaddy UCC Certificate for reverse proxy
I have already exported my GoDaddy certificate from Edge server to Reverse proxy server. Now we need to convert certificate format that Apache server can read for that we are going to use OpenSSL.

Open command prompt as Administrator & Navigate to "C:\Program Files (x86)\Apache Group\Apache2\bin" folder. Copy exported certificate file to C:\ or any folder.
Now extract private key from certificate using below command,
openssl pkcs12 -in c:\PublicCert.pfx -nocerts -out c:\vmwareandme.key.pem

Now extract the certificate from the .pfx file using below command,
openssl pkcs12 -in c:\PublicCert.pfx -clcerts -nokeys -out c:\vmwareandme.cer

Now convert your key file in RCA format using below command,
openssl rsa -in c:\vmwareandme.key.pem -out c:\vmwareandme.key

Now navigate to "C:\Program Files (x86)\Apache Group\Apache2\conf" and create new folder named "SSL" & copy certificates from C:\ to "C:\Program Files (x86)\Apache Group\Apache2\conf\SSL" folder.

Now open ssl.conf  (location C:\Program Files (x86)\Apache Group\Apache2\conf) & configure SSL properties,

locate for <VirtualHost _default_:443> and add the following line below

SSLProxyEngine On

Uncomment below lines in ssl.conf,
SSLSessionCache         dbm:logs/ssl_scache

#SSLSessionCache        shmcb:logs/ssl_scache(512000)

Now we are going to specify the location of certificate and key files. Open SSL.conf & search the line “SSLCertificateFile” and modify the certificate path accordingly.

Save ssl.conf and restart Apache service and from public internet try to access https://dilain.vmwareandme.com
Now last step would be configuration of Apache as proxy server to configure the same open httpd.conf & search for "Main' server configuration" add the below settings,

ProxyRequests Off
Order Deny,Allow
Allow from all
ProxyReceiveBufferSize 4096
ProxyPass / https://uspool.lynclog.com:4443/
ProxyPassReverse / https://uspool.lynclog.com:4443/
ProxyPreserveHost On
KeepAlive On

Now open DianIn, Meet URLS from public internet.

After implementing Apache as resverse proxy in my environment I was able to IM from Lync mobile client to any Lync desktop client & vice versa. But I was not able to join conference & to make voice & video calls. The problem was due to DefaultType text/plain setting which is in httpd.conf. 

So I set DefaultType None & restarted Apache service. Boom Voice & video calls works..:)


Post a Comment