On Apr 10, 2013, at 2:36 PM, Phil Daws wrote:
> Hello,
>
> have just started to explore HAProxy and am finding it amazing! As a long
> time Zimbra user I wanted to see how one could balance the front-end web
> client so had a play around. What I have at present is the following
> configuration:
>
> frontend zimbra-zwc-frontend-https
> bind 172.30.8.21:443 ssl crt /etc/haproxy/certs/zimbra.pem
> mode tcp
> option tcplog
> reqadd X-Forwarded-Proto:\ https
> default_backend zimbra-zwc-backend-http
What version of HAProxy are you running? If you are on 1.5-dev12 or newer, you
should be using 'mode http' for this frontend.
>
> backend zimbra-zwc-backend-http
> mode http
> balance roundrobin
> stick-table type ip size 200k expire 30m
> stick on src
> server zwc1 zm1:80 check port 80
> server zwc2 zm2:80 check port 80
>
> I admit that the configuration has been cobbled together from other peoples
> thoughts and ideas; though it does actually work! I did try to go the route
> of HTTPS -> HTTPS but that completely fell apart due to Zimbra using NGINX
> and automatically re-routing HTTP -> HTTPS. The other stumbling block was I
> could not see how to check that the report HTTPS (443) port was available. I
> have seen "check port" and "check id" used but neither worked as expected.
> So at present I have HAProxy acting as the SSL terminator and backing off the
> requests to a HTTP backend. I can take one backend node down, upgrade it,
> and restart it with affecting any new connections again a single destination
> IP address; NICE! :)
If you are using 1.5, SSL backends are easy.
backend https-backend
mode http
balance source
server server1 server1:443 check ssl
server server2 server2:443 check ssl
