haproxy and authentication

May 20, 2019 127 views
Nginx Load Balancing Debian 9

I' have two nodes with roundcube mail server and postfix.
the goal i wish to recive is to be able to balance users to use serwer1 or server2 if logging users are big.
the problem i have is that , I cant authenticate to any of servers when haproxy is on. the ssession is terminated and node ares switched. how to fix that ?

haproxy config:

global
        maxconn         300
        daemon


defaults
        mode            http
        timeout connect 50s
        timeout client  50s
        timeout server  50s


frontend http
        bind *:443 ssl crt /etc/ssl/certs/final_efektum.crt
        mode http
        reqadd X-Forwarded-Proto:\ https
        default_backend servers

backend servers
        http-request set-header X-Forwarded-Port %[dst_port]
        http-request add-header X-Forwarded-Proto https if { ssl_fc }
        balance roundrobin
        option httpclose
         balance roundrobin
        cookie SERVERID insert indirect nocache
        cookie JSESSIONID prefix nocache
        option forwardfor
        reqadd X-Forwarded-Proto:\ http


        server poczta2  127.0.0.1:85 check cookie poczta2 maxconn 1
        server digitalocean 165.22.68.126:85 check cookie digitalocean maxconn 1

frontend ldap
        mode                  tcp
        log                   global
        bind                  :389
        description           LDAP Service
        option                tcplog
        option                logasap
        option                socket-stats
        option                tcpka
        timeout client        5s
        default_backend       ad_server

backend ad_server
        server                ad 10.172.90.3:389 check fall 1 rise 1 inter 2s
        mode                  tcp
        balance               source
        timeout server        2s
        timeout connect       1s
        option                tcpka
        option                tcp-check
        tcp-check             connect port 389
        tcp-check             send-binary 300c0201            # LDAP bind request "<ROOT>" simple
        tcp-check             send-binary 01                  # message ID
        tcp-check             send-binary 6007                # protocol Op
        tcp-check             send-binary 0201                # bind request
        tcp-check             send-binary 03                  # LDAP v3
        tcp-check             send-binary 04008000            # name, simple authentication
        tcp-check             expect binary 0a0100            # bind response + result code: success
        tcp-check             send-binary 30050201034200      # unbind request


Be the first one to answer this question.