Question

haproxy and authentication

I’ have two nodes with roundcube mail server and postfix. the goal i wish to recive is to be able to balance users to use serwer1 or server2 if logging users are big. the problem i have is that , I cant authenticate to any of servers when haproxy is on. the ssession is terminated and node ares switched. how to fix that ?

haproxy config:

global
        maxconn         300
        daemon


defaults
        mode            http
        timeout connect 50s
        timeout client  50s
        timeout server  50s


frontend http
        bind *:443 ssl crt /etc/ssl/certs/final_efektum.crt
        mode http
        reqadd X-Forwarded-Proto:\ https
        default_backend servers

backend servers
        http-request set-header X-Forwarded-Port %[dst_port]
        http-request add-header X-Forwarded-Proto https if { ssl_fc }
        balance roundrobin
        option httpclose
         balance roundrobin
        cookie SERVERID insert indirect nocache
        cookie JSESSIONID prefix nocache
        option forwardfor
        reqadd X-Forwarded-Proto:\ http


        server poczta2  127.0.0.1:85 check cookie poczta2 maxconn 1
        server digitalocean 165.22.68.126:85 check cookie digitalocean maxconn 1

frontend ldap
        mode                  tcp
        log                   global
        bind                  :389
        description           LDAP Service
        option                tcplog
        option                logasap
        option                socket-stats
        option                tcpka
        timeout client        5s
        default_backend       ad_server

backend ad_server
        server                ad 10.172.90.3:389 check fall 1 rise 1 inter 2s
        mode                  tcp
        balance               source
        timeout server        2s
        timeout connect       1s
        option                tcpka
        option                tcp-check
        tcp-check             connect port 389
        tcp-check             send-binary 300c0201            # LDAP bind request "<ROOT>" simple
        tcp-check             send-binary 01                  # message ID
        tcp-check             send-binary 6007                # protocol Op
        tcp-check             send-binary 0201                # bind request
        tcp-check             send-binary 03                  # LDAP v3
        tcp-check             send-binary 04008000            # name, simple authentication
        tcp-check             expect binary 0a0100            # bind response + result code: success
        tcp-check             send-binary 30050201034200      # unbind request



Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hello,

I’ve had a similar issue recently. I believe that without an SSL certificate HAProxy is not being able to connect to the backend of Roundcube.

You could try adding a valid SSL certificate and see if this solves the problem.

Hope that this helps! Regards, Bobby