Search code examples
exchange-servercashaproxyoutlook-web-appnlb

HAProxy 1.5 Redirect with Exchange 2013 OWA

I've set up HAproxy version 1.5.4 as a NLB for 2 Exchange Multi-role servers.

I'm now trying to get redirection working when a user types in the flat hostname "webmail" into a browser. I would like it redirected to https://webmail.domain.com/owa

Here is my existing haproxy config.

global
log /dev/log    local0
log /dev/log    local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon

defaults
log global
mode    tcp
balance roundrobin
retries 3
option redispatch
maxconn 10000
    timeout connect 5000
    timeout client  50000
    timeout server  50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http


listen OWA 10.20.100.120:443
option httpchk GET /owa/healthcheck.h
http-check expect status 200
server EX2013A.domain.com 10.20.100.126 check port 80
server EX2013B.domain.com 10.20.100.127 check port 80

listen EAC 10.20.100.131:443
option httpchk /eac/healthcheck.h
server EX2013A.domain.com 10.20.100.126 check port 80
server EX2013B.domain.com 10.20.100.127 check port 80

listen EWS 10.20.100.122:443
option httpchk get /ews/healthcheck.h
server EX2013A.domain.com 10.20.100.126 check port 80
server EX2013B.domain.com 10.20.100.127 check port 80

listen OAB 10.20.100.123:443
option httpchk get /oab/healthcheck.h
server EX2013A.domain.com 10.20.100.126 check port 80
server EX2013B.domain.com 10.20.100.127 check port 80


listen Autodiscover 10.20.100.132:443
option httpchk get /autodiscover/healthcheck.h
server EX2013A.domain.com 10.20.100.126 check port 80
server EX2013B.domain.com 10.20.100.127 check port 80

listen OA 10.20.100.133:443
option httpchk get /rpc/healthcheck.h
server EX2013A.domain.com 10.20.100.126 check port 80
server EX2013B.domain.com 10.20.100.127 check port 80

listen SMTP 10.20.100.120:25
option smtpchk
server EX2013A.domain.com 10.20.100.126 check port 25
server EX2013B.domain.com 10.20.100.127 check port 25


listen stats 0.0.0.0:4000
mode http
balance
timeout client 5000
timeout connect 4000
timeout server 30000
stats enable
stats hide-version
stats uri /stats
stats auth admin:password

Thanks

Solution

  • You did not precise which version of HAProxy you're using, so I'm assuming this is 1.5.

    First, creating a listen section with the bound IP:port on the section description line is now deprecated. Second, to make it clearer, I would also add the port 443 on the server line.

    Please write your OWA section like this:

    listen OWA
  bind 10.20.100.120:443
  option httpchk GET /owa/healthcheck.h
  http-check expect status 200
  server EX2013A.domain.com 10.20.100.126:443 check port 80
  server EX2013B.domain.com 10.20.100.127:443 check port 80

    Now, to perform the redirection, you need a frontend dedicated to answer to HTTP clear traffic only:

    frontend OWA_http
  bind 10.20.100.120:80
  http-request redirect location https://%[req.hdr(Host)]/owa/

    Baptiste