This documentation is for HAProxy Enterprise 1.7r2, if you are looking for the latest version see here.
Searching HAProxy Enterprise 1.7r2
Configuring HTTP SSL Forward Mode
HAProxy provides the following template to help you configure HTTP SSL forward mode.
You may have to modify these parameters to suit your environment:
-
peer
directive statements -
HAProxy server names and associated administrative IP
bind
-
The listening IP (usually an IP address configured over VRRP)
server
-
The server name and IP addresses
Note
You can use the defaults XCHANGE2010_TCP
, peers
and backend sourceaddr
sections for other Exchange 2010 TCP based services. There is no need to duplicate them.
peers hapeelb
peer hapee1 10.0.0.1:1023
peer hapee2 10.0.0.2:1023
# Persistence table
backend sourceaddr
stick-table size 10k type ip peers hapeelb
defaults XCHANGE2010_TCP
mode tcp
log global
option tcplog
balance leastconn
option dontlognull
option redispatch
option contstats
option socket-stats
timeout server 600s
timeout client 600s
timeout connect 5s
timeout queue 60s
retries 3
default-server inter 15s rise 2 fall 2
backlog 10000
# Redirection to SSL frontend
frontend ft_xchange2010_http
bind 10.0.0.3:80 name http tcp-ut 30s
mode http
option httplog
timeout client 10s
timeout http-request 10s
redirect scheme https
frontend ft_xchange2010_ssl_forward
bind 10.0.0.3:443 name https tcp-ut 30s
default_backend bk_xchange2010_ssl_forward
backend bk_xchange2010_ssl_forward
stick on src table sourceaddr
option tcp-check
tcp-check connect port 43 ssl
server CAS1 10.0.0.15:443 check
server CAS2 10.0.0.16:443 check