Hi,
Happy to share my config. This is based on HAProxy Version 1.5-Dev17.
It's by no means perfect, but's working for us at the moment:
global
# Default Maximum Number of Connections. Used to set ulimit -n
maxconn 20000
# Run as a Daemon Service in the Background
daemon
# Define the Number of Processor Cores - Not Essential
#nbproc 2
# Allows Turning Off of Kernel TCP Splicing - Not Essential
#nosplice
# Logging Setting. Local to Local Syslog and Control from There
log 127.0.0.1 daemon
log-send-hostname
log-tag haproxy
# Define a UNIX Socket so that you can Admin the Service interactively
stats socket /usr/local/sbin/haproxy-socket level admin
defaults
# Do Not Log Connections with No Requests
option dontlognull
# Force Clients to try and Reconnect to an Alternative Server if one is Down
option redispatch
# Ensure that Streaming HTTP Works Correctly - Vital for Outlook Anywhere
option http-no-delay
# Enable Continuous Stats for Long Running Connections
option contstats
# Log All HTTP Date
option httplog
# Log Request and Responses as Fast as Possible
option logasap
# Set Logging to the Setting in Global
log global
# Define the Method of Load Balancing - source = Source IP Hash
balance source
# Client Inactivity Timeout
#timeout client 900s
timeout client 3600s
# Server Inactivity Timeout
#timeout server 900s
timeout server 3600s
# Maximum Time a Request is Queued on the Load Balancer
timeout queue 30s
# Other Timeouts - Need Investigating
timeout connect 5s
timeout http-keep-alive 1s
timeout http-request 15s
timeout tarpit 1m
# Define the Default Server Checking Behaviour - 10 seconds, 3 Missed Checks is Failure, 2 Successful Check Brings Server Back
default-server inter 10s fall 3 rise 2
userlist stats-auth
# User / Password for Admin Access to Stats Page
group stats-admin users admin
user admin password [Remvoed]
# User / Password for Monitor Access to Stats Page
group stats-readonly users monitor
user monitor password [Removed]
listen stats
# Define the Mode
mode http
# Bind to an IP Address/Port
bind 10.2.1.1:8080
# Define ACLs to be Used in the Stats Authentication Process
acl AUTH-readonly http_auth_group(stats-auth) stats-readonly
acl AUTH-admin http_auth_group(stats-auth) stats-admin
acl net-allowed src 10.3.1.8/29 10.4.1.8/29
# Enable Various Stats Features
stats enable
stats show-desc Load Balancer for Exchange
stats uri /
stats refresh 10s
# Enable Stats Auth
stats http-request auth unless AUTH-admin OR AUTH-readonly
stats admin if AUTH-admin
# Block Access Unless in the Allow Network Range
block unless net-allowed
frontend ft_exchange
# Define the Mode
mode http
# Define the Maximum Number of Connections for the Frontend
maxconn 8000
# Bind to an IP Address/Port, Select SSL and specific the Certificate
# The Ciphers option for SSL can be Added: ciphers
bind 10.2.1.1:443 ssl crt /etc/ssl/crt.domain.com.pem ciphers TLSv1+SSLv3+HIGH:!aNULL:!eNULL
# Define a List of Accepted ACLs for Future use
acl all-exchange path_beg -i /autodiscover /owa /oab /ews /public /microsoft-server-activesync /rpc
acl root url_len 1
acl autodiscover path_beg -i /autodiscover
acl owa path_beg -i /owa
acl oab path_beg -i /oab
acl ews path_beg -i /ews
acl public path_beg -i /public
acl activesync path_beg -i /microsoft-server-activesync
acl outlook-anywhere path_beg -i /rpc
# Block All Request Except Those to Exchange Virtual Directories
block unless all-exchange OR root
# Redirect is the URL is a Single Character, which can only mean /
redirect location /owa if root
# Capture the User-Agent Header, so that it is Added to the Log
capture request header User-Agent len 50
capture request header Content-Length len 120
capture response header Content-Length len 120
# Define Which Set of Backend Servers to Use
default_backend bk_exchange_all
backend bk_exchange_all
# Define the Mode
mode http
# Define the Overal Maximum Number of Connections for the Backend
fullconn 8000
# Define the Backend Servers
server exchange01 10.1.1.1:80 check
server exchange02 10.1.1.2:80 check
(IP addresses and names have been changed to protect to innocent).
