HAProxy provides the following template to help you configure HTTP SSL forward mode.

You may have to modify these parameters to suit your environment:

peer directive statements

HAProxy server names and associated administrative IP


The listening IP (usually an IP address configured over VRRP)


The server name and IP addresses


You can use the defaults XCHANGE2010_TCP, peers and backend sourceaddr sections for other Exchange 2010 TCP based services. There is no need to duplicate them.

peers hapeelb
  peer hapee1
  peer hapee2

# Persistence table
  backend sourceaddr
  stick-table size 10k type ip peers hapeelb

defaults XCHANGE2010_TCP
  mode tcp
  log global
  option tcplog
  balance leastconn
  option dontlognull
  option redispatch
  option contstats
  option socket-stats
  timeout server 600s
  timeout client 600s
  timeout connect 5s
  timeout queue 60s
  retries 3
  default-server inter 15s rise 2 fall 2
  backlog 10000

# Redirection to SSL frontend
  frontend ft_xchange2010_http
  bind name http tcp-ut 30s
  mode http
  option httplog
  timeout client 10s
  timeout http-request 10s
  redirect scheme https

frontend ft_xchange2010_ssl_forward
  bind name https tcp-ut 30s
  default_backend bk_xchange2010_ssl_forward

backend bk_xchange2010_ssl_forward
  stick on src table sourceaddr
  option tcp-chec
  tcp-check connect port 43 ssl
  server CAS1 check
  server CAS2 check