Hello.
Please help me set up a redirect to another server when accessing a specific port.
I need to make haproxy forward the entire request to another server.
I have a link like this:
https://haproxy.domain.ltd:8006/quarantine?ticket=PMGQUAR%253Ait%2540domain.ltd%253A6466930F%253A%253AwyofexbtcxjOlLN9W9tiM5bm%252BM7A6KnpG8E7EE3
I want to make the user, opening this link, be transferred to another server (antispam) while maintaining the entire link.
Was:
https://haproxy.domain.ltd:8006/quarantine?ticket=PMGQUAR%253Ait%2540domain.ltd%253A6466930F%253A%253AwyofexbtcxjOlLN9W9tiM5bm%252BM7A6KnpG8E7EE3
It became:
https://antispam.domain.ltd:8006/quarantine?ticket=PMGQUAR%253Ait%2540domain.ltd%253A6466930F%253A%253AwyofexbtcxjOlLN9W9tiM5bm%252BM7A6KnpG8E7EE3
I tried a bunch of options but none of them worked.
Thank you in advance for your cooperation.
Thanks for your reply. This is a fairly well-known version of the haproxy config for exchange.
root@alb02:/etc/haproxy# cat haproxy.cfg
global
log /dev/log local0
maxconn 10000
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
######## Outlook 2010 fix ######################################################
h1-case-adjust accept Accept
h1-case-adjust authorization Authorization
h1-case-adjust authrequired AuthRequired
h1-case-adjust cache-control Cache-Control
h1-case-adjust client-request-id Client-Request-Id
h1-case-adjust connection Connection
h1-case-adjust content-length Content-Length
h1-case-adjust content-type Content-Type
h1-case-adjust cookie Cookie
h1-case-adjust date Date
h1-case-adjust host Host
h1-case-adjust persistent-auth Persistent-Auth
h1-case-adjust pragma Pragma
h1-case-adjust request-header Request-Header
h1-case-adjust response-header Response-Header
h1-case-adjust server Server
h1-case-adjust set-cookie Set-Cookie
h1-case-adjust status-code Status-Code
h1-case-adjust transfer-encoding Transfer-Encoding
h1-case-adjust user-agent User-Agent
h1-case-adjust www-authenticate WWW-Authenticate
h1-case-adjust x-anchormailbox X-AnchorMailbox
h1-case-adjust x-clientapplication X-ClientApplication
h1-case-adjust x-clientInfo X-ClientInfo
h1-case-adjust x-content-type-options X-Content-Type-Options
h1-case-adjust x-deviceinfo X-DeviceInfo
h1-case-adjust x-elapsedtime X-ElapsedTime
h1-case-adjust x-expirationinfo X-ExpirationInfo
h1-case-adjust x-feserver X-FEServer
h1-case-adjust x-mapihttpcapability X-MapiHttpCapability
h1-case-adjust x-pendingperiod X-PendingPeriod
h1-case-adjust x-powered-by X-Powered-By
h1-case-adjust x-requestid X-RequestId
h1-case-adjust x-requesttype X-RequestType
h1-case-adjust x-responsecode X-ResponseCode
h1-case-adjust x-serverapplication X-ServerApplication
h1-case-adjust x-starttime X-StartTime
h1-case-adjust x-user-identity X-User-Identity
################################################################################
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
#If you want to enable TLS 1.0 & TLS 1.1 also then use below line.
#ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:@SECLEVEL=1
# This ciphers should be on production: This should be used if u want to disable TLS1.0 & TLS1.1
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
tune.ssl.default-dh-param 2048
#tune.ssl.capture-cipherlist-size 800
defaults
log global
mode http
option httplog
option dontlognull
option redispatch
retries 3 # Try to connect up to 3 times in case of failure
timeout connect 10s # 5 seconds max to connect or to stay in queue
timeout http-keep-alive 10s # 1 second max for the client to post next request
timeout http-request 15s # 15 seconds max for the client to send a request
timeout queue 30s # 30 seconds max queued on load balancer
timeout client 15m
timeout server 15m
timeout check 10s
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
#no option http-use-htx
#---------------------------------------------------------------------
#HAProxy Monitoring Config
#---------------------------------------------------------------------
listen stats
bind :1111
mode http
option forwardfor
option httpclose
stats enable
stats uri /
stats refresh 15s
stats show-legends
stats realm Haproxy\ Statistics
stats auth superadmin:123123123
#-----------------------
# FrontEnd Begins
#-------------------
frontend fe_prom_exporter
bind :8404
option http-use-htx
http-request use-service prometheus-exporter if { path /metrics }
stats enable
stats uri /stats
stats refresh 10s
frontend fe_mail
option h1-case-adjust-bogus-client
# receives traffic from clients
bind :80
http-response set-header X-Frame-Options SAMEORIGIN
http-response set-header X-Content-Type-Options nosniff
http-response set-header Strict-Transport-Security max-age=63072000
mode http
maxconn 10000
option accept-invalid-http-request
option h1-case-adjust-bogus-client
# Allow Exchange Admin Center to certain private network only
acl private_network src 10.20.30.0/24 10.30.20.0/24 10.10.10.0/24
acl ecp_req url_beg /ecp
http-request deny if ecp_req !private_network
redirect scheme https code 301 if !{ ssl_fc } # redirect 80 -> 443 (for owa)
bind *:443 ssl crt /etc/haproxy/proxy.pem alpn h2,http/1.1 ssl-min-ver TLSv1.0
acl xmail hdr(host) -i mail.domain.ltd www.mail.domain.ltd mx1.domain.ltd www.mx1.domain.ltd autodiscover.domain.ltd www.autodiscover.domain.ltd
acl autodiscover url_beg /Autodiscover
acl autodiscover url_beg /autodiscover
acl mapi url_beg /mapi
acl rpc url_beg /rpc
acl owa url_beg /owa
acl owa url_beg /OWA
acl eas url_beg /Microsoft-Server-ActiveSync
acl eas url_beg /Microsoft-Server-activeSync
acl ecp url_beg /ecp
acl ews url_beg /EWS
acl ews url_beg /ews
acl oab url_beg /OAB
acl default_for_mail url_beg /
use_backend be_ex2019_owa if xmail owa
use_backend be_ex2019_autodiscover if xmail autodiscover
use_backend be_ex2019_mapi if xmail mapi
use_backend be_ex2019_activesync if xmail eas
use_backend be_ex2019_ews if xmail ews
use_backend be_ex2019_rpc if xmail rpc
use_backend be_ex2019_default if xmail default_for_mail
default_backend be_ex2019_default
frontend fe_exchange_imaps
mode tcp
option tcplog
bind :993 name imaps # ssl crt /etc/ssl/certs/exchange_certificate_and_key_nopassword.pem <-- No need, certificate is read straight from the Exchange servers.
default_backend be_exchange_imaps
frontend fe_exchange_smtp
mode tcp
option tcplog
bind :25 name smtp
default_backend be_exchange_smtp
frontend fe_exchange_smtp587
mode tcp
option tcplog
bind :587 name smtp587
default_backend be_exchange_smtp587
frontend fe_exchange_imap
mode tcp
option tcplog
bind :143 name imap
default_backend be_exchange_imap
#------------------------------
# Back-end section
#------------------------------
backend be_ex2019_autodiscover
mode http
# balance source
option httpchk GET /autodiscover/healthcheck.htm
option log-health-checks
http-check expect status 200
server aex01 aex01.in.domain.ltd:443 check maxconn 1000 ssl ca-file /etc/ssl/certs/ca-certificates.crt
server aex02 aex02.in.domain.ltd:443 check maxconn 1000 ssl ca-file /etc/ssl/certs/ca-certificates.crt
server aex03 aex03.in.domain.ltd:443 check maxconn 12000 ssl ca-file /etc/ssl/certs/ca-certificates.crt
backend be_ex2019_mapi
mode http
balance source
option httpchk GET /mapi/healthcheck.htm
option log-health-checks
http-check expect status 200
server aex01 aex01.in.domain.ltd:443 check maxconn 1000 ssl ca-file /etc/ssl/certs/ca-certificates.crt
server aex02 aex02.in.domain.ltd:443 check maxconn 1000 ssl ca-file /etc/ssl/certs/ca-certificates.crt
server aex03 aex03.in.domain.ltd:443 check maxconn 1000 ssl ca-file /etc/ssl/certs/ca-certificates.crt
backend be_ex2019_rpc
mode http
balance source
option httpchk GET /rpc/healthcheck.htm
option log-health-checks
http-check expect status 200
server aex01 aex01.in.domain.ltd:443 check maxconn 1000 ssl ca-file /etc/ssl/certs/ca-certificates.crt
server aex02 aex02.in.domain.ltd:443 check maxconn 1000 ssl ca-file /etc/ssl/certs/ca-certificates.crt
server aex03 aex03.in.domain.ltd:443 check maxconn 1000 ssl ca-file /etc/ssl/certs/ca-certificates.crt
backend be_ex2019_owa
mode http
balance source
option httpchk GET /owa/healthcheck.htm
option log-health-checks
http-check expect status 200
server aex01 aex01.domain.ltd:443 check maxconn 1000 ssl ca-file /etc/ssl/certs/ca-certificates.crt
server aex02 aex02.domain.ltd:443 check maxconn 1000 ssl ca-file /etc/ssl/certs/ca-certificates.crt
server aex03 aex03.domain.ltd:443 check maxconn 1000 ssl ca-file /etc/ssl/certs/ca-certificates.crt
backend be_ex2019_activesync
mode http
#balance source
option httpchk GET /microsoft-server-activesync/healthcheck.htm
option log-health-checks
http-check expect status 200
server aex01 aex01.in.domain.ltd:443 check ssl verify none
server aex02 aex02.in.domain.ltd:443 check ssl verify none
server aex03 aex03.in.domain.ltd:443 check ssl verify none
backend be_exchange_imaps
mode tcp
#option tcplog
balance source
option log-health-checks
server aex01 aex01.in.domain.ltd:993 weight 10 check
server aex02 aex02.in.domain.ltd:993 weight 20 check
server aex03 aex03.in.domain.ltd:993 weight 30 check
backend be_exchange_imap
mode tcp
#balance source
balance source
option log-health-checks
server aex01 aex01.in.domain.ltd:143 weight 10 check
server aex02 aex02.in.domain.ltd:143 weight 20 check
server aex03 aex03.in.domain.ltd:143 weight 30 check
backend be_ex2019_ews
mode http
balance source
option httpchk GET /ews/healthcheck.htm
option log-health-checks
http-check expect status 200
server aex01 aex01.in.domain.ltd:443 check ssl verify none
server aex02 aex02.in.domain.ltd:443 check ssl verify none
server aex03 aex03.in.domain.ltd:443 check ssl verify none
backend be_ex2019_default
mode http
balance source
server aex01 aex01.in.domain.ltd:443 check ssl verify none
server aex02 aex02.in.domain.ltd:443 check ssl verify none
server aex03 aex03.in.domain.ltd:443 check ssl verify none
backend be_exchange_smtp
mode tcp
#balance source
balance source
option log-health-checks
server aex01 aex01.in.domain.ltd:25 weight 10 check
server aex02 aex02.in.domain.ltd:25 weight 20 check
server aex03 aex03.in.domain.ltd:25 weight 30 check
backend be_exchange_smtp587
mode tcp
#balance source
balance source
option log-health-checks
server aex01 aex01.in.domain.ltd:587 weight 10 check
server aex02 aex02.in.domain.ltd:587 weight 20 check
server aex03 aex03.in.domain.ltd:587 weight 30 check
Please, I really need help with this issue.
Did you view logs when attempting this?