Exchange Autodiscover HTTP 1.1 Required

Traefik Traefik v2 (latest)
1

I am trying to use Traefik for the Exchange Autodiscovery. Exchange Autodiscovery seems to use HTTP 1.1. Whenever I go to autodiscover.example.com I get an Internal Server Error. Looking at the logs I can see this:

time="2019-11-15T09:35:36Z" level=debug msg="'500 Internal Server Error' caused by: stream error: stream ID 385; HTTP_1_1_REQUIRED"

How can I force HTTP 1.1 on this domain? I am not sure what I need to get this working.

This is my config:

http:
  # Add the router
  routers:
    http-exchange:
      entryPoints:
      - web
      - web-secure
      service: exchange-loadbalancer
      rule: "Host(`autodiscover.example.com`,`mail.example.com`)"
      middlewares:
      - https_redirect

  routers:
    https-exchange:
      entryPoints:
      - web-secure
      service: exchange-loadbalancer
      rule: "Host(`autodiscover.example.com`,`mail.example.com`)"
      tls:
        certResolver: certresolver

  middlewares:
    https_redirect:
      redirectScheme:
        scheme: https
        permanent: true

  # Add the service
  services:
    exchange-loadbalancer:
      loadBalancer:
        servers:
        - url: https://mail.corp.example.com/
2

Unless something changed in last two years, this is not possible https://stackoverflow.com/a/47822281/284111

3

Have there been any changes regarding this or at least a workaround for autodiscovery?

I have moved all services to traefik besides Exchange...

4

I'm in the same situation.
Theoretically it should be possible, but it would not work in my configuration.

In my example it is an intranet site, but it should be the same as for Exchange.

Exchange uses IIS and IIS uses http/1.1 and since IIS 10 (Server 2016 onwards) http/2 (h2).
For authentication purposes http/1.1 is necessary and when I open Outlook Web App everything is transferred over http/1.1 from my browsers to IIS.
So I thought that I create a file "tls-options.yml" with this content:

tls:
  options:
    esvdefault:
      alpnProtocols:
        - "http/1.1"

I then added this option to my http router:

http:
  routers:
    to-companyweb-https:
      rule: "Host(`cw.domain.external`) || PathPrefix(`/ESV-companyweb`)"
      entryPoints:
        - "websecure"
      tls:
        certResolver: "myresolver"
        options: "esvdefault"
      service: "companyweb-https"
  services:
    companyweb-https:
      loadBalancer:
        servers:
          - url: "https://remote.domain.internal/"
        passHostHeader: false
        serversTransport: "to-companyweb-https"
  serversTransports:
    to-companyweb-https:
      serverName: "remote.domain.internal"
      insecureSkipVerify: true

This should tell the browser (I use the latest chromium browsers which should support ALPN) that only http/1.1 on this router is supported, as described here:
Traefik TLS Documentation - Traefik.

So traefik could redirect the request to the IIS via http/1.1 (changing protocol as discussed above is not supported in traefik).
In the log I can see, that this router uses this option:
"Adding route for cw.domain.external with TLS options esvdefault@file" entryPointName=websecure
And in the dashboard of Traefik I can see the entry "esvdefault" in the TLS-Options of this router in green.
When I want to access this page I can authenticate but when the transfer of the page starts, I get "Internal Server Error" and in the log I get the same error than Eagleman7:
"'500 Internal Server Error' caused by: stream error: stream ID 5; HTTP_1_1_REQUIRED; received from peer"

Does anybody know, what's wrong with this config?
Or am I thinking wrong?

Best regards, Johann