Configuration example


#1

Hello, I have a pair of HAproxy servers in front of a bunch of web and application servers with a single public IP address and at this time they are not using https. We also have an Exchange 2016 server which is not going though HAP and instead is nated on the Cisco ASA to another internal IP so https is on a separate path now.

We use the web server’s name to distribute the traffic as shown in the config below and we would like to put all the web and app servers to use https and also put the Exchange server behind HAP and also make sure that the IP address of the external clients are visible on the backend hosts. In the event of an attack/issue we should be able to see the real IP address being used on each backend servers.

I guess this would also require that each backend server had their own ssl certificate which is Ok.

Can this be done with HAP and can anyone share a sample config if possible?

Really appreciated!

frontend http-in
bind 192.168.0.53:80

option httpclose

ACL

acl is_server1.domain.com            hdr_end(host) -i server1.domain.com

USE_BACKEND

use_backend server1.domain.com       if is_server1.domain.com

BACKEND_SERVER

backend server1.domain.com
     server domain 192.168.0.100:80 weight 1 maxconn 50 check