Searching HAProxy Enterprise 1.7r2
Configuring HTTP-based Services
Many Microsoft Exchange 2010 services use the HTTP/HTTPs protocol. The table below presents each service with its own settings:
Service name | Default URL path | Type of client | Persistence | |
---|---|---|---|---|
Autodiscover | AS | /autodiscover/ | Outlook | N/A |
Exchange ActiveSync | EAS | /microsoft-server-activesync/ | Mobile phones | Authorization header |
Exchange Control Panel | ECP | /ecp/ | Web browser | LB cookie (shared with OWA) |
Exchange Web Services | EWS | /ews/ | 3rd-party applications | N/A |
Offline Address Book | OAB | /oab/ | Outlook | N/A |
Outlook Anywhere | OA | /rpc/rpcproxy.dll | Outlook | Source IP |
Outlook Web App | OWA | /owa/ | Web browser | LB cookie (shared with ECP) |
For host names, you can apply various policies:
One host name for all services: mail.domain.com
One host name per service: autodiscover.domain.com, owa.domain.com, ews.domain.com, etc...
A mix of the above: Outlook Anywhere over oa.domain.com and all other services over mail.domain.com
There are three main architecture layouts possible for Exchange 2010 services running HTTP/HTTPs:
HTTP reverse proxy on HTTP (TCP/80) and TCP forward on HTTPs (TCP/443)
HTTP reverse proxy on both HTTP and HTTPs, which means activating SSL offloading on HTTPs
SSL bridging (or re-encryption) to enable HTTP reverse proxy on both HTTP and HTTPs and get connected using HTTPs on the server side
HAProxy can accommodate any configuration you choose from the information above.
For most deployments, a configuration in SSL offloading or in HTTPs forward mode is the simplest way.
For larger deployments (2000+ users in SSL offloading or 1000+ users in SSL bridging), we recommend a combination such as:
One host name and one VRRP IP for Outlook Anywhere, configured in TCP forward mode for HTTPs
One host name for all other services, configured in SSL offloading or SSL bridging mode