Reverse Proxy and Load Balancer for Exchange 2013

This is how to configure a reverse proxy for Microsoft Exchange.

We will be using Debian 8 Jessie with HAProxy 1.6 and we will load balance HTTP, HTTPS, SMTP, SMTPS and IMAPS

We will also redirect all http

This is the network diagram I am going to use as example:

reverse_proxy_diag
Network Diagram

Example variables:

My internet FQDN is mail.domain.com

My Exchange servers FQDN and IPs are:

mail1.domain.local (192.168.1.10)

mail2.domain.local (192.168.1.11)

mail3.domain.local (192.168.1.12)

The IP of the Reverse Proxy server is 192.168.20.10

Let’s start.

1 – Enable the backports repository.

2 – Enable a dedicated repository.

3 – Make HAProxy persistent on the system.

add the line:

4 – Install HAProxy.

5 – Create the logs folder.

6 – Change permissions of the log folder.

7 – Configure the reverse proxy and load balancer.

First save the original configuration file, so you can always restore it back.

Then create a new one.

With the following configuration:

8 – Enable HAProxy Logging.

Edit /etc/rsyslog.conf and add/edit the lines to this settings:

Edit /etc/rsyslog.d/49-haproxy.conf and make it look like this:

Restart rsyslog

9 – Configure the certificate.

In  line 52 of the configuration file, you can see that I use the certificate mail.domain.com.pem. There are to ways to create this certificate, either you configure your own Certification Authority (CA) and generate it by yourself, or, if you have a verified certificate generated by a trusted CA you can just download it in pfx format and convert it to pem by running the following command.

10 – Final tests.

You can check your website connectivity here.

You can access your statistics page if you visit:

https://your-url/haproxy?stats

Leave a Reply