This documentation is for HAProxy Enterprise 1.7r2, if you are looking for the latest version see here.
Searching HAProxy Enterprise 1.7r2
Configuring Remote Desktop Gateway
You can use HAProxy to load-balance Remote Desktop Gateway. It is an HTTPs based service which you can load-balance in two ways:
SSL bridging mode
SSL pass-through
To install Remote Desktop Gateway on your platform, follow the instructions from Microsoft Technet:
Using SSL bridging mode
In this mode, HAProxy deciphers the traffic in the front end and ciphers it on the server connection:
frontend fe_rdp_tsc
bind 192.168.13.128:443 name rdp_web ssl crt 2013.haproxylab.net
mode http
capture request header Host len 32
log global
option httplog
timeout client 300s
maxconn 1000
acl path_rdweb path_beg -i /RDWeb/
http-request redirect location /RDWeb/ if { path -i / /RDWeb }
http-request deny unless path_rdweb
default_backend be_rdp_tsc
backend be_rdp_tsc
balance leastconn
mode http
log global
option httplog
timeout connect 4s
timeout server 300s
option httpchk GET /RDWeb
cookie RDPWEB insert nocache
default-server inter 3s rise 2 fall 3
server srv01 192.168.13.11:443 maxconn 1000 weight 10 ssl check cookie srv01
server srv02 192.168.13.12:443 maxconn 1000 weight 10 ssl check cookie srv02
Note
In this mode, it is also possible to set up a configuration to protect against brute force.
Using SSL pass-through
In this mode, HAProxy establishes a TCP connection between the client and the server and lets them communicate together:
frontend fe_rdp_tsc
bind 192.168.13.128:443 name rdp_web
mode tcp
log global
option tcplog
timeout client 300s
maxconn 1000
default_backend be_rdp_tsc
backend be_rdp_tsc
balance source
mode tcp
log global
option tcplog
timeout connect 4s
timeout server 300s
option httpchk GET /RDWeb
default-server inter 3s rise 2 fall 3
server srv01 192.168.13.11:443 maxconn 1000 weight 10 check check-ssl
server srv02 192.168.13.12:443 maxconn 1000 weight 10 check check-ssl