Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - martin14

Pages1

25.7, 25.10 Series / Re: HAProxy Exchange 2019

November 05, 2025, 05:17:44 PM

It turned out that the problem was caused by enabling ALPN HTTP/2, leaving only http/1.1 solved the problem.

25.7, 25.10 Series / Re: HAProxy Exchange 2019

November 05, 2025, 11:40:08 AM

Quote from: viragomann on November 04, 2025, 05:25:50 PMAs I wrote:
Quote from: viragomann on November 04, 2025, 04:10:47 PMEdit the rule and change the logical operator to OR.

Rules > autodiscover_contoso_com

Done this but still getting 502 on autodiscover. OWA is workin.

Code Select

#
# Automatically generated configuration.
# Do not edit this file manually.
#

global
    uid                         80
    gid                         80
    chroot                      /var/haproxy
    daemon
    stats                       socket /var/run/haproxy.socket group proxy mode 775 level admin
    nbthread                    4
    hard-stop-after             60s
    no strict-limits
    maxconn                     10000
    httpclient.resolvers.prefer   ipv4
    tune.ssl.default-dh-param   2048
    spread-checks               2
    tune.bufsize                16384
    tune.lua.maxmem             0
    log                         /var/run/log local0 info
    lua-prepend-path            /tmp/haproxy/lua/?.lua

defaults
    log     global
    option redispatch -1
    maxconn 5000
    timeout client 30s
    timeout connect 30s
    timeout server 30s
    retries 3
    default-server init-addr last,libc

# autogenerated entries for ACLs


# autogenerated entries for config in backends/frontends

# autogenerated entries for stats




# Frontend: mail.contoso.com.eu (mail.contoso.com.eu)
frontend mail.contoso.com.eu
    http-response set-header Strict-Transport-Security "max-age=15768000"
    bind 1XX.1XX.1XX.3X:443 name 1XX.1XX.1XX.3X:443 ssl prefer-client-ciphers ssl-min-ver TLSv1.2 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/68f7689ebb8a56.76297715.certlist 
    mode http
    option http-keep-alive
    default_backend WIN-EXCH-DAG-VL1913

    # logging options
    option httplog
    # ACL: autodiscover_contoso_com_pl
    acl acl_6901efd3ec0641.97794324 hdr(host) -i autodiscover.contoso.com.eu
    # ACL: autodiscover_path
    acl acl_69036f717a55d8.11376801 path_beg -i /autodiscover/
    # ACL: mail_contoso_com_pl
    acl acl_68f76755464f75.47994961 hdr(host) -i mail.contoso.com.eu

    # ACTION: autodiscover_mesko_com_pl
    use_backend WIN-EXCH-DAG-VL1913 if acl_6901efd3ec0641.97794324 || acl_69036f717a55d8.11376801
    # ACTION: mail_mesko_com_pl
    use_backend WIN-EXCH-DAG-VL1913 if acl_68f76755464f75.47994961

# Frontend (DISABLED): autodiscover.contoso.com.eu (autodiscover.contoso.com.eu)

# Backend: WIN-EXCH-DAG-VL1913 ()
backend WIN-EXCH-DAG-VL1913
    # health checking is DISABLED
    mode http
    balance roundrobin
    # stickiness
    stick-table type ip size 50k expire 30m  
    stick on src
    http-reuse safe
    option forwarded 
    option forwardfor
    server WIN-EXCH01-DAG01-VL1913 10.198.13.10:443 ssl alpn h2,http/1.1 verify none resolve-prefer ipv4
    server WIN-EXCH02-DAG01-VL1913 10.198.13.11:443 ssl alpn h2,http/1.1 verify none resolve-prefer ipv4

# Backend (DISABLED): WIN-EXCH-DAG-VL1913-Autodiscover ()



# statistics are DISABLED

25.7, 25.10 Series / Re: HAProxy Exchange 2019

November 04, 2025, 05:19:24 PM

Quote from: viragomann on November 04, 2025, 04:10:47 PM
Quote from: martin14 on November 04, 2025, 03:52:17 PMAccessing autodiscover.contoso.com.eu results in a 502 error due to an invalid gateway. Is this due to SNI str?
You don't forward this to the backend.

You only forward:
mail.contoso.com.eu/*
autodiscover.contoso.com.eu/autodiscover/*

Which setting is this in the GUI?
Thank you.

25.7, 25.10 Series / HAProxy Exchange 2019

November 04, 2025, 03:52:17 PM

Hi,
I'm trying to configure HAProxy for Exchange 2019. Below is a simple configuration. OWA is working correctly. Accessing autodiscover.contoso.com.eu results in a 502 error due to an invalid gateway. Is this due to SNI str?

Code Select

#
# Automatically generated configuration.
# Do not edit this file manually.
#

global
    uid                         80
    gid                         80
    chroot                      /var/haproxy
    daemon
    stats                       socket /var/run/haproxy.socket group proxy mode 775 level admin
    nbthread                    4
    hard-stop-after             60s
    no strict-limits
    maxconn                     10000
    httpclient.resolvers.prefer   ipv4
    tune.ssl.default-dh-param   2048
    spread-checks               2
    tune.bufsize                16384
    tune.lua.maxmem             0
    log                         /var/run/log local0 info
    lua-prepend-path            /tmp/haproxy/lua/?.lua

defaults
    log     global
    option redispatch -1
    maxconn 5000
    timeout client 30s
    timeout connect 30s
    timeout server 30s
    retries 3
    default-server init-addr last,libc

# autogenerated entries for ACLs


# autogenerated entries for config in backends/frontends

# autogenerated entries for stats




# Frontend: mail.contoso.com.eu (mail.contoso.com.eu)
frontend mail.contoso.com.eu
    http-response set-header Strict-Transport-Security "max-age=15768000"
    bind 1XX.13X.1XX.XX:443 name 1XX.13X.1XX.XX:443 ssl prefer-client-ciphers ssl-min-ver TLSv1.2 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/68f7689ebb8a56.76297715.certlist 
    mode http
    option http-keep-alive
    default_backend WIN-EXCH-DAG-VL1913

    # logging options
    option httplog
    # ACL: autodiscover_contoso_com
    acl acl_6901efd3ec0641.97794324 hdr(host) -i autodiscover.contoso.com.eu
    # ACL: autodiscover_path
    acl acl_69036f717a55d8.11376801 path_beg -i /autodiscover/
    # ACL: mail_contoso_com_pl
    acl acl_68f76755464f75.47994961 hdr(host) -i mail.contoso.com.eu

    # ACTION: autodiscover_contoso_com_pl
    use_backend WIN-EXCH-DAG-VL1913 if acl_6901efd3ec0641.97794324 acl_69036f717a55d8.11376801
    # ACTION: mail_contoso_com_pl
    use_backend WIN-EXCH-DAG-VL1913 if acl_68f76755464f75.47994961

# Frontend (DISABLED): autodiscover.contoso.com.eu (autodiscover.contoso.com.eu)

# Backend: WIN-EXCH-DAG-VL1913 ()
backend WIN-EXCH-DAG-VL1913
    # health checking is DISABLED
    mode http
    balance roundrobin
    # stickiness
    stick-table type ip size 50k expire 30m  
    stick on src
    http-reuse safe
    option forwarded 
    option forwardfor
    server WIN-EXCH01-DAG01-VL1913 10.198.13.10:443 ssl sni str(mail.contoso.com.eu) alpn h2,http/1.1 verify none resolve-prefer ipv4
    server WIN-EXCH02-DAG01-VL1913 10.198.13.11:443 ssl sni str(mail.contoso.com.eu) alpn h2,http/1.1 verify none resolve-prefer ipv4



# statistics are DISABLED

Pages1