Configuring HTTP SSL Forward Mode

HAProxy provides the following template to help you configure HTTP SSL forward mode.

You may have to modify these parameters to suit your environment:

peer directive statements: HAProxy server names and associated administrative IP
bind: The listening IP (usually an IP address configured over VRRP)
server: The server name and IP addresses

Note

You can use the defaults XCHANGE2010_TCP, peers and backend sourceaddr sections for other Exchange 2010 TCP based services. There is no need to duplicate them.

peers hapeelb
  peer hapee1 10.0.0.1:1023
  peer hapee2 10.0.0.2:1023

# Persistence table
  backend sourceaddr
  stick-table size 10k type ip peers hapeelb

defaults XCHANGE2010_TCP
  mode tcp
  log global
  option tcplog
  balance leastconn
  option dontlognull
  option redispatch
  option contstats
  option socket-stats
  timeout server 600s
  timeout client 600s
  timeout connect 5s
  timeout queue 60s
  retries 3
  default-server inter 15s rise 2 fall 2
  backlog 10000

# Redirection to SSL frontend
  frontend ft_xchange2010_http
  bind 10.0.0.3:80 name http tcp-ut 30s
  mode http
  option httplog
  timeout client 10s
  timeout http-request 10s
  redirect scheme https

frontend ft_xchange2010_ssl_forward
  bind 10.0.0.3:443 name https tcp-ut 30s
  default_backend bk_xchange2010_ssl_forward

backend bk_xchange2010_ssl_forward
  stick on src table sourceaddr
  option tcp-chec
  tcp-check connect port 43 ssl
  server CAS1 10.0.0.15:443 check
  server CAS2 10.0.0.16:443 check

HAProxy Enterprise 1.7r2 Documentation

Searching HAProxy Enterprise 1.7r2