haproxy 1.4 and ssl

Mon, 16 Jun 2014 05:20:07 -0700 

hi all

i have the following situation:
i have 4 real servers (two exchange2013 and 2 citrix) which should get loadbalanced behind haproxy 1.4 (because this is the version shipped with redhat). 
this backendservers should talk:
exchanges: https, pop3, imap, pop3s, imaps
citix: https
https should get passed through, eg. the certificates are on the real servers and NOT on the loadbalancer.
i would like to have a single check for all exchange-services. this check is https://exchange/ews/healthcheck.html 
if this fails all services for exchange should switch over.
and for citrix i would like to fail if the real-servers fail, eg with httperrorcode 503. it works if a service goes down completely, but not with 503. currently this does not fail, as a connect is possible. 

my configuration:
global
        log 127.0.0.1   local2
        log 127.0.0.1   local2 debug
        maxconn   40000.
        daemon
        nbproc      1.
defaults
        timeout server  86400000
        timeout connect 86400000
        timeout client  86400000
        timeout queue   1000s

listen  exch2013_https 192.168.128.152:443
        mode tcp
        balance source
        reqadd X-Forwarded-Proto:\ http
        server exch1 192.168.129.71:443 weight 1 check
        server exch2 192.168.129.72:443 weight 1 check

listen  exch2013_pop3 192.168.128.152:110
        mode tcp
        balance source
        server tlrexch1 192.168.129.71:110 weight 1 check
        server tlrexch2 192.168.129.72:110 weight 1 check

listen  exch2013_imap 192.168.128.152:143
        mode tcp
        balance source
        server tlrexch1 192.168.129.71:143 weight 1 check
        server tlrexch2 192.168.129.72:143 weight 1 check

listen  exch2013_pop3s 192.168.128.152:995
        mode tcp
        balance source
        server tlrexch1 192.168.129.71:995 weight 1 check
        server tlrexch2 192.168.129.72:995 weight 1 check

listen  exch2013_imaps 192.168.128.152:993
        mode tcp
        balance source
        server tlrexch1 192.168.129.71:993 weight 1 check
        server tlrexch2 192.168.129.72:993 weight 1 check

listen  citrix 192.168.128.153:443
        mode tcp
        option ssl-hello-chk
        balance source
        http-check expect status 200
server xenstore01 192.168.129.40:443 weight 1 check inter 2000 fall 3 server xenstore02 192.168.129.41:443 weight 1 check inter 2000 fall 3 

*) is this possible with haproxy 1.4?
*) can haproxy check for a "local" file residing on the loadbalancer itself? maybe by file:///tmp/healthcheck.txt 
*) is there any release-schedule for the next stable version?

thanks in advance

josef

Reply via email to