Configuration example

Hello, I have a pair of HAproxy servers in front of a bunch of web and application servers with a single public IP address and at this time they are not using https. We also have an Exchange 2016 server which is not going though HAP and instead is nated on the Cisco ASA to another internal IP so https is on a separate path now.

We use the web server’s name to distribute the traffic as shown in the config below and we would like to put all the web and app servers to use https and also put the Exchange server behind HAP and also make sure that the IP address of the external clients are visible on the backend hosts. In the event of an attack/issue we should be able to see the real IP address being used on each backend servers.

I guess this would also require that each backend server had their own ssl certificate which is Ok.

Can this be done with HAP and can anyone share a sample config if possible?

Really appreciated!

frontend http-in

option httpclose


acl            hdr_end(host) -i


use_backend       if


     server domain weight 1 maxconn 50 check