On Apr 10, 2013, at 2:36 PM, Phil Daws wrote: > Hello, > > have just started to explore HAProxy and am finding it amazing! As a long > time Zimbra user I wanted to see how one could balance the front-end web > client so had a play around. What I have at present is the following > configuration: > > frontend zimbra-zwc-frontend-https > bind 172.30.8.21:443 ssl crt /etc/haproxy/certs/zimbra.pem > mode tcp > option tcplog > reqadd X-Forwarded-Proto:\ https > default_backend zimbra-zwc-backend-http
What version of HAProxy are you running? If you are on 1.5-dev12 or newer, you should be using 'mode http' for this frontend. > > backend zimbra-zwc-backend-http > mode http > balance roundrobin > stick-table type ip size 200k expire 30m > stick on src > server zwc1 zm1:80 check port 80 > server zwc2 zm2:80 check port 80 > > I admit that the configuration has been cobbled together from other peoples > thoughts and ideas; though it does actually work! I did try to go the route > of HTTPS -> HTTPS but that completely fell apart due to Zimbra using NGINX > and automatically re-routing HTTP -> HTTPS. The other stumbling block was I > could not see how to check that the report HTTPS (443) port was available. I > have seen "check port" and "check id" used but neither worked as expected. > So at present I have HAProxy acting as the SSL terminator and backing off the > requests to a HTTP backend. I can take one backend node down, upgrade it, > and restart it with affecting any new connections again a single destination > IP address; NICE! :) If you are using 1.5, SSL backends are easy. backend https-backend mode http balance source server server1 server1:443 check ssl server server2 server2:443 check ssl