haproxy and authentication

Posted May 20, 2019 7k views
NginxLoad BalancingDebian 9

I’ have two nodes with roundcube mail server and postfix.
the goal i wish to recive is to be able to balance users to use serwer1 or server2 if logging users are big.
the problem i have is that , I cant authenticate to any of servers when haproxy is on. the ssession is terminated and node ares switched. how to fix that ?

haproxy config:

        maxconn         300

        mode            http
        timeout connect 50s
        timeout client  50s
        timeout server  50s

frontend http
        bind *:443 ssl crt /etc/ssl/certs/final_efektum.crt
        mode http
        reqadd X-Forwarded-Proto:\ https
        default_backend servers

backend servers
        http-request set-header X-Forwarded-Port %[dst_port]
        http-request add-header X-Forwarded-Proto https if { ssl_fc }
        balance roundrobin
        option httpclose
         balance roundrobin
        cookie SERVERID insert indirect nocache
        cookie JSESSIONID prefix nocache
        option forwardfor
        reqadd X-Forwarded-Proto:\ http

        server poczta2 check cookie poczta2 maxconn 1
        server digitalocean check cookie digitalocean maxconn 1

frontend ldap
        mode                  tcp
        log                   global
        bind                  :389
        description           LDAP Service
        option                tcplog
        option                logasap
        option                socket-stats
        option                tcpka
        timeout client        5s
        default_backend       ad_server

backend ad_server
        server                ad check fall 1 rise 1 inter 2s
        mode                  tcp
        balance               source
        timeout server        2s
        timeout connect       1s
        option                tcpka
        option                tcp-check
        tcp-check             connect port 389
        tcp-check             send-binary 300c0201            # LDAP bind request "<ROOT>" simple
        tcp-check             send-binary 01                  # message ID
        tcp-check             send-binary 6007                # protocol Op
        tcp-check             send-binary 0201                # bind request
        tcp-check             send-binary 03                  # LDAP v3
        tcp-check             send-binary 04008000            # name, simple authentication
        tcp-check             expect binary 0a0100            # bind response + result code: success
        tcp-check             send-binary 30050201034200      # unbind request

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer


I’ve had a similar issue recently. I believe that without an SSL certificate HAProxy is not being able to connect to the backend of Roundcube.

You could try adding a valid SSL certificate and see if this solves the problem.

Hope that this helps!