Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    First attempt on HAProxy

    Scheduled Pinned Locked Moved Cache/Proxy
    5 Posts 2 Posters 553 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SalSolo
      last edited by SalSolo

      Hi all.
      This is my first attempt at using HAproxy so I just want to get my setup validated ..I haven't found something that matches what I want to do exactly but I have of course sought help in a lot of other post.

      This is what I want to happen.
      1 external IP providing access to 1 Exchange server and 1 IIS server. I have a wildcard certificate I am using for both.
      External dns is mail.example.com for mailservice and webservice should handle all the others e.g. www.example.com, example.com, test.example.com and so on.

      I have created 2 backends (mailservice & webservice) and 1 frontend.
      The frontend have 1 acl specifying mail.example.com and then I put default backend to webservice.

      Will that work? Do I need to specify all the websites dns in the acl?

      e3fb056a-2c69-440b-b42d-cda6a3dff1dd-image.png

      Thx!!

      P 1 Reply Last reply Reply Quote 0
      • P
        PiBa @SalSolo
        last edited by

        @salsolo
        It should work like you have it, no need to list all website domains if they all need to go the the same default backend. So what you have seems good to me.. does it indeed work.?

        S 1 Reply Last reply Reply Quote 0
        • S
          SalSolo @PiBa
          last edited by

          @piba Just tested it and no it did not work... neither web nor mail traffic got through.

          I did remember to put in a rule in the firewall for it so it is not that :)

          Probably something simple I missed so I am going to go through the installation step by step again but thank you for confirming the ACL bit .. that was what I was most worried about as many post talks about multiple frontends, sharing and need to put in rules for a lot of things ..when looking at it it seems totally overkill for what I intend to do and from how I understood it I thought I could make it quite simple.

          I will probably focus on getting the exchange to work first and then see if I can expand the rueset to handle webservice as well.

          P 1 Reply Last reply Reply Quote 0
          • P
            PiBa @SalSolo
            last edited by

            @salsolo
            Ok, so what did work? Could the browser connect to haproxy or does that timeout? Does it show any error ? 503 or other? If you enable haproxy statistics, do the configured servers show up in 'green' ?

            S 1 Reply Last reply Reply Quote 0
            • S
              SalSolo @PiBa
              last edited by

              @piba Just network error with not much to go on... but I think I got it to work :)

              Several small things needed to be changed.

              I have an external spamfilter I forgot to take into considerations so I needed a firewall rule that I disabled when testing this. After enabling that rule I get a bit further.

              Then I saw somewhere else where they have been struggling that the 2 settings under Certficate: Add ACL for certificate... was something to play around with and after disabling those I got further.. then I realised that my backend might be missing the SSL setting .. that fixed the last things. so right now it seems to be working. I need to do more tests but at least I can now get data through.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.