HAProxy for Exchange 2019 with different internal and external domain names

Hello to everyone. I’m a newbie in proxying anything, please give me some help.

I have 1 Exchange 2019 server.
Internal domain name (inside organisation perimeter) is mail.a.local
External domain name is mail.b.com

I want to set up a reverse proxy for it because i will connect several new external domains to it mail.c.com, mail.d.com etc. I mean i want to redirect external requests to sites mail.b.com, mail.c.com, mail.d.com to just one local server with internal name mail.a.local. Ideally, when i type mail.b.com i want to see mail.a.local Exchange Login Page with only two domain in certificate mail.b.com and autodiscover.b.com. And when i type mail.c.com in browser it should be the same mail.a.local Exchange Login Page but with mail.c.com and autodiscover.c.com domains in certificate.

I setuped ARR ISS with no luck.
I also tried Nginx and almost works except mobile clients.

I think the problem is with different local and external domain names, but i don’t understand how to setup it right.

For now i try HAProxy and i hope it will work.
I have pretty simple config:

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
        ssl-default-bind-options no-sslv3

defaults
        log     global
        mode    tcp
        option  dontlognull

frontend fe_exch_443
        bind LOCALHAPROXYADDRESS:443
        default_backend be_exch_443

backend be_exch_443
        server exch LOCALEXCHADDRESS:443 check

It works for one domain only and i dont know hot to setup it for multiple domains.

Thank you in advance.

The question is still opened.

Is it possible to setup different certificates on different interfaces in Haproxy?

g

I want my clients to connect to Haproxy with Let’s Encrypt cert while Haproxy makes SSL Bridge with Exchange by Active Directory certificate.

Can someone tell me please is it possible?

If you have only 1 server hosting all the domains you only need 1 certificate for autodiscover & server public fqdn. For example you have domain-a.com that you get the certificate for exchange urls. you set that up as the public url in exchange services. For domain-b/domain-c etc. you block https to autodiscover url ,allow http and set a autodiscover redirect on the exchange or any other server using http pointing to the https://domain-a.com. It won’t complain about the certificate as long as the redirect is made from http to https.

edit:
10.10.10.1 = exchange public autodiscover
10.10.10.2= exchange all other domains http redirect to 10.10.10.1 https fqdn