Hi Anton and forum users,
Thanks for your kind reply.
You provided detailed config and i am confused.
Sorry if my EARLIER post was not clear. My connection should be like this:
[Users] —> [HAProxy server (mail.example.com:443 with Public IP 202.100.100.10)] —> [Internal Exchange2010 server (mail.example.com:443 with Internal IP 10.10.10.11)]
My certificate signed as mail.example.com. I also required to use mail.example.com for both my HAProxy server and my Internal Exchange 2010 server. I assumed, If i dont use mail.example.com for both servers, i will received certificate & other errors.
Based on some googling, i did tried this config internally for testing and it looks to work;
global
#log 127.0.0.1 local0 notice
log 127.0.0.1 local0 debug
daemon
defaults
option dontlognull # Do not log connections with no requests
option redispatch # Try another server in case of connection failure
option contstats # Enable continuous traffic statistics updates
retries 3 # Try to connect up to 3 times in case of failure
timeout connect 5s # 5 seconds max to connect or to stay in queue
timeout http-keep-alive 1s # 1 second max for the client to post next request
timeout http-request 15s # 15 seconds max for the client to send a request
timeout queue 30s # 30 seconds max queued on load balancer
timeout tarpit 1m # tarpit hold tim
backlog 10000 # Size of SYN backlog queue
balance roundrobin # load balancing algorithm
mode tcp # protocol analyzer
option tcplog # log format
log global # log activation
timeout client 300s # client inactivity timeout
timeout server 300s # server inactivity timeout
default-server inter 3s rise 2 fall 3 # default check parameters
frontend FrontEnd_HAProxy_SSL
bind *:443 name ssl
maxconn 10000
default_backend BackEnd_Exchange_SSL
backend BackEnd_Exchange_SSL
server mail.example.com 10.10.10.11 check port 443 check-ssl crt /etc/ssl/private/mail.example.com_sslCert+privKey.pem ca-file /etc/ssl/certs/CAroot.pem
listen stats # Define a listen section called “stats”
bind :8181 # Listen on localhost:7777
mode http
stats enable # Enable stats page
stats hide-version # Hide HAProxy version
stats realm Haproxy\ Statistics # Title text for popup window
stats uri /haproxy_stats # Stats URI
stats auth admin:123456 # Authentication credentials
stats admin if TRUE
I am sure the above config is simple, not checking my signed certificate and not secure.
Hope someone there can point me to the right direction.