HAProxy to multiple internal domains and exchange server

  • So guys I have done some research but I can't seem to fine the answer. What I need is the following:

    https://www.domain01.com -> pfSense -> internalwebserver01
    https://www.domain02.com -> pfSense -> internalwebserver01
    https://www.domain03.com -> pfSense -> internalwebserver01

    https://www.domain01.com/owa -> pfSense -> internal_exchangeserver01
    https://www.domain01.com/ecp -> pfSense -> internal_exchangeserver01
    https://www.domain01.com/EWS/Exchange.asmx -> pfSense -> internal_exchangeserver01
    https://www.domain01.com/mapi -> pfSense -> internal_exchangeserver01
    https://www.domain01.com/Microsoft-Server-ActiveSync -> pfSense -> internal_exchangeserver01
    https://www.domain01.com/OAB -> pfSense -> internal_exchangeserver01

    I have onlye 1 public IP and need to get my domains to be accessible to the internet at the same time publish exchange server with activesync using that same public IP. So far I have not found any article of using pfsense in this exact configuration so any help is greatly appreciated!

  • There are plenty of articles that show how to use haproxy with multiple domains.. The difference for you is that you want to use a acl based on the path instead of the hostheader.. But that shouldnt hinder you from following any article..

    Other than that, have you considered making a mail.domain1.com for the exchange server?. Seems easier to me..

  • Thanks for your suggestion! That would be the way to go indeed. So I started to configure and now I got it working partially.

    See attached screenshots.

    So when I access https://www,vikash.nl it works perfectly. But when I try and access https://leviathan.vikash.nl to reach webmail I just get redirected to my webservers root directory showing the Apache2 default page in stead off the http page webmail of my mailserver.
    As you can see the backend configured are both different servers. Also I am not doing anything with SSL offloading so for now my Webmail page is using a default selfsigned certificate and my websites are using a valid SSL certificate.

    I feel like I am so close..but missing something. Any help is greatly appreciated!

  • Screenshots seem to look good at first sight. Can you post (in # code tags) the haproxy.conf from bottom of setting tab?

    Have you removed any nat-portforward setting that might have been there before in pfSense/firewall/nat?
    Do make sure to add a regular pass firewall rule on the wan though instead.

    Also for the https://levithian.vikash.nl/ i dont get any response.. Where the http://levithian.vikash.nl/ shows a apache page, but thats correct as you are not (yet)  handling 'http' :80 with haproxy.

    On second thought perhaps the server isnt 'up' in haproxy stats?
    Or there is some ssl<>http mismatch?

  • Hi!

    I did some more testing now I am not at home. So it seems like everything is working fine :). Now testing with different SSL certificates. Thanks!

Log in to reply