server {
  listen 80;
  server_name mail.example.com;

  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl;
  server_name mail.example.com;
  set $exchange 'https://192.168.1.2';

  ssl_certificate '/etc/ssl/_ssc/proxy.exchange.crt';
  ssl_certificate_key '/etc/ssl/_ssc/proxy.exchange.key';
  ssl_verify_client off;

  if ($http_user_agent ~* (wget|curl|Dark|Python-urllib)) { return 403; }

  location = / {
    return 301 /owa/;
  }

  location = /favicon.ico {
    empty_gif;
    access_log off;
  }

  location / {
    proxy_pass $exchange;

    proxy_buffering off;
    proxy_http_version '1.1';
    proxy_request_buffering off;

    proxy_set_header 'Host' $http_host;
    proxy_set_header 'X-Real-IP' $remote_addr;
    proxy_set_header 'X-Forwarded-For' $proxy_add_x_forwarded_for;
    proxy_set_header 'Connection' 'Keep-Alive';

    proxy_hide_header 'X-Owa-Version';
    proxy_hide_header 'X-Powered-By';
  }

  client_max_body_size 2G;
  proxy_pass_request_headers on;
  proxy_pass_header 'Date';
  proxy_pass_header 'Server';
  proxy_pass_header 'Authorization';
  proxy_read_timeout 3h;
  keepalive_timeout 3h;
  tcp_nodelay on;

  access_log '/var/log/angie/proxy.exchange.access.log';
  error_log '/var/log/angie/proxy.exchange.error.log';
}