HAProxy NTLM + Reporting services


I created a HaProxy configuration that terminates SSL and routes to the Reporting Services server.
Unfortunately, there is a problem with NTLM, which causes that every request does not authorize the user, causing the report viewer to not find the bound url and after refreshing the page it loads correctly.

I tried several different options and updated HAProxy to version 2.7.2-1ppa1~focal 2023/01/20


log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
#logs only errors
option dontlog-normal
# log healt issues
option log-health-checks
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2
tune.ssl.default-dh-param 2048

log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

frontend raporty
bind ssl crt /etc/ssl/certs/haproxy.pem
option http-keep-alive
default_backend reportserver
option forwardfor

backend reportserver
mode http
balance roundrobin
option http-keep-alive
option httpchk uri /reports
http-check expect status 401
server sql01 check
server sql02 check