A ready-made configuration for Exchange

Help!
1

Hello. We have an Exchange server. Right now we are balancing it with DNS. I want to implement HAProxy.

Can someone show me a working configuration?

2

Doing a search on these forums should have given you what you need, but still, and this is a snipped old config so YMMV…

global
    h1-case-adjust accept Accept
	h1-case-adjust authorization Authorization
	h1-case-adjust authrequired AuthRequired
	h1-case-adjust cache-control Cache-Control
	h1-case-adjust client-request-id Client-Request-Id
	h1-case-adjust connection Connection
	h1-case-adjust content-length Content-Length
	h1-case-adjust content-type Content-Type
	h1-case-adjust cookie Cookie
	h1-case-adjust date Date
	h1-case-adjust host Host
	h1-case-adjust persistent-auth Persistent-Auth
	h1-case-adjust pragma Pragma
	h1-case-adjust request-header Request-Header
	h1-case-adjust response-header Response-Header
	h1-case-adjust server Server
	h1-case-adjust set-cookie Set-Cookie
	h1-case-adjust status-code Status-Code
	h1-case-adjust transfer-encoding Transfer-Encoding
	h1-case-adjust user-agent User-Agent
	h1-case-adjust www-authenticate WWW-Authenticate
	h1-case-adjust x-anchormailbox X-AnchorMailbox
	h1-case-adjust x-clientapplication X-ClientApplication
	h1-case-adjust x-clientInfo X-ClientInfo
	h1-case-adjust x-content-type-options X-Content-Type-Options
	h1-case-adjust x-deviceinfo X-DeviceInfo
	h1-case-adjust x-elapsedtime X-ElapsedTime
	h1-case-adjust x-expirationinfo X-ExpirationInfo
	h1-case-adjust x-feserver X-FEServer
	h1-case-adjust x-mapihttpcapability X-MapiHttpCapability
	h1-case-adjust x-pendingperiod X-PendingPeriod
	h1-case-adjust x-powered-by X-Powered-By
	h1-case-adjust x-requestid X-RequestId
	h1-case-adjust x-requesttype X-RequestType
	h1-case-adjust x-responsecode X-ResponseCode
	h1-case-adjust x-serverapplication X-ServerApplication
	h1-case-adjust x-starttime X-StartTime
	h1-case-adjust x-user-identity X-User-Identity




defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option                  forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 5
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          15m
    timeout server          15m
    timeout http-keep-alive 45m
    timeout check           10s
    maxconn                 100000




frontend fe_ex2019
  http-response set-header X-Frame-Options SAMEORIGIN
  http-response set-header X-Content-Type-Options nosniff
  mode http
  bind 1.2.3.30:80
  bind 1111:2222:3333:4444::30:80 transparent
  bind 1.2.3.30:443 ssl crt /etc/ssl/certs/exchcert.pem
  bind 1111:2222:3333:4444::30:443 transparent ssl crt /etc/ssl/certs/exchcert.pem
  redirect scheme https code 301 if !{ ssl_fc }   # redirect 80 -> 443 (for owa)
  acl autodiscover url_beg /Autodiscover
  acl autodiscover url_beg /autodiscover
  acl autodiscover url_beg /AutoDiscover
  acl mapi url_beg /mapi
  acl mapi url_beg /Mapi
  acl rpc url_beg /rpc/rpcproxy.dll
  acl owa url_beg /owa
  acl owa url_beg /OWA
  acl eas url_beg /Microsoft-Server-ActiveSync
  #acl ecp url_beg /ecp
  acl ews url_beg /EWS
  acl ews url_beg /ews
  acl oab url_beg /OAB
  option h1-case-adjust-bogus-client
  use_backend be_ex2019_autodiscover if autodiscover
  use_backend be_ex2019_mapi if mapi
  use_backend be_ex2019_rpc if rpc
  use_backend be_ex2019_owa if owa
  use_backend be_ex2019_eas if eas
  #use_backend be_ex2019_ecp if ecp 
  use_backend be_ex2019_ews if ews
  use_backend be_ex2019_oab if oab
  default_backend be_ex2019

 

backend be_ex2019_autodiscover
  mode http
  balance roundrobin
  option httpchk GET /autodiscover/healthcheck.htm
  option log-health-checks
  http-check expect status 200
  server server1-ipv4 1.2.3.94:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server1-ipv6 1111:2222:3333:4444::1:1:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server2-ipv4 1.2.3.95:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server2-ipv6 1111:2222:3333:4444::1:2:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt


backend be_ex2019_mapi
  mode http
  balance roundrobin
  option httpchk GET /mapi/healthcheck.htm
  option log-health-checks
  http-check expect status 200
  server server1-ipv4 1.2.3.94:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server1-ipv6 1111:2222:3333:4444::1:1:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server2-ipv4 1.2.3.95:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server2-ipv6 1111:2222:3333:4444::1:2:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt


backend be_ex2019_rpc
  mode http
  balance roundrobin
  option httpchk GET /rpc/healthcheck.htm
  option log-health-checks
  http-check expect status 200
  server server1-ipv4 1.2.3.94:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server1-ipv6 1111:2222:3333:4444::1:1:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server2-ipv4 1.2.3.95:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server2-ipv6 1111:2222:3333:4444::1:2:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt


backend be_ex2019_owa
  mode http
  balance roundrobin
  option httpchk GET /owa/healthcheck.htm
  option log-health-checks
  http-check expect status 200
  server server1-ipv4 1.2.3.94:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server1-ipv6 1111:2222:3333:4444::1:1:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server2-ipv4 1.2.3.95:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server2-ipv6 1111:2222:3333:4444::1:2:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt


backend be_ex2019_eas
  mode http
  balance roundrobin
  option httpchk GET /microsoft-server-activesync/healthcheck.htm
  option log-health-checks
  http-check expect status 200
  server server1-ipv4 1.2.3.94:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server1-ipv6 1111:2222:3333:4444::1:1:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server2-ipv4 1.2.3.95:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server2-ipv6 1111:2222:3333:4444::1:2:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt

### Do you REALLY need to make this publicly available? ####
#backend be_ex2019_ecp
#  mode http
#  balance roundrobin
#  option httpchk GET /ecp/healthcheck.htm
#  option log-health-checks
#  http-check expect status 200
#  server server1-ipv4 1.2.3.94:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
#  server server1-ipv6 1111:2222:3333:4444::1:1:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
#  server server2-ipv4 1.2.3.95:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
#  server server2-ipv6 1111:2222:3333:4444::1:2:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt


backend be_ex2019_ews
  mode http
  balance roundrobin
  option httpchk GET /ews/healthcheck.htm
  option log-health-checks
  http-check expect status 200
  server server1-ipv4 1.2.3.94:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server1-ipv6 1111:2222:3333:4444::1:1:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server2-ipv4 1.2.3.95:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server2-ipv6 1111:2222:3333:4444::1:2:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt


backend be_ex2019_oab
  mode http
  balance roundrobin
  option httpchk GET /oab/healthcheck.htm
  option log-health-checks
  http-check expect status 200
  server server1-ipv4 1.2.3.94:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server1-ipv6 1111:2222:3333:4444::1:1:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server2-ipv4 1.2.3.95:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server2-ipv6 1111:2222:3333:4444::1:2:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt


backend be_ex2019
  mode http
  balance roundrobin
  server server1-ipv4 1.2.3.94:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server1-ipv6 1111:2222:3333:4444::1:1:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server2-ipv4 1.2.3.95:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt
  server server2-ipv6 1111:2222:3333:4444::1:2:443 check ssl inter 15s verify required ca-file /etc/ssl/certs/ca-certificates.crt

 


#frontend fe_exchange_smtp We don't use exchange for SMTP, have a different hosts doing that...
#    mode tcp
#    option tcplog
#    bind x.x.x.x:25 name smtp # VIP
#    default_backend be_exchange_smtp
# 
#backend be_exchange_smtp
#    mode tcp
#    option tcplog
#    balance roundrobin
#    option log-health-checks
#    server exchange1 1.1.1.1:25 weight 10 check
#    server exchange2 2.2.2.2:25 weight 20 check
1 Like