Mayo 15

HAPROXY ssl bridging

global
 log /dev/log local0
 log /dev/log local1 debug
 chroot /var/lib/haproxy
# user haproxy
# group haproxy
 daemon
 maxconn 20000
 pidfile /var/run/haproxy.pid
 stats socket /var/run/haproxy.stat level admin
listen stats
 bind :8880
 mode http
 stats enable
 stats hide-version
 stats uri /
 stats show-legends
 stats refresh 10s
 stats realm HAProxy\ Statistics
 stats auth admin:admin
 timeout client 30s

defaults
 option dontlognull
 option redispatch
 option contstats
 retries 3
 timeout client 5s
 timeout connect 5s
 timeout server 150s
 timeout http-keep-alive 1s
 # Slowloris protection
 timeout http-request 15s
 timeout queue 30s
 timeout tarpit 1m # tarpit hold tim
 backlog 10000
 errorfile 403 /etc/haproxy/errors/403.http
frontend https-in
 option httplog
 log global
 mode http
 bind *:80 name http
 bind *:443 name https ssl crt /etc/haproxy/certs/webmail.pem transparent
# option http-server-close
 option forwardfor
 reqadd X-Forwarded-Proto:\ https
# by HMU
 http-request add-header X-Proto https if { ssl_fc }
##
 http-request redirect scheme https code 302 if !{ ssl_fc }
 http-request redirect location /owa/ code 302 if { hdr(Host) webmail.xxx-services.com} { path / }
log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%sslv/%sslc/%[ssl_fc_sni]/%[ssl_fc_session_id]}\ %{+Q}r
#Definitions des ACL pour le routage par domaine
 acl host_site_sharepoint hdr(host) -i extranet.xxx-service.com
 acl host_site_exchange hdr(host) -i webmail.xxx-services.com
#Regles de routage si une ACL est respectee
 use_backend site_sharepoint if host_site_sharepoint
 use_backend site_exchange if host_site_exchange
#Routage par defaut si erreur
 default_backend site_exchange
backend site_sharepoint
 mode http
 balance leastconn
# option http-server-close
 option redispatch
 cookie SERVERID insert nocache
 option forwardfor
# server sharepoint 192.168.93.4:80
 server sharepoint 192.168.93.4:443 check ssl verify required ca-file /etc/haproxy/certs/webmail.pem
backend site_exchange
 mode http
 balance leastconn
 #option http-server-close <= Plante l'authentification NTLM
# option http-server-close
 option forwardfor
 server exfe 192.168.93.2:443 check ssl verify required ca-file /etc/haproxy/certs/webmail.pem
Category: HAPROXY | Los comentarios están deshabilitados en HAPROXY ssl bridging