global
log 127.0.0.1 local0 info
maxconn 10000000
daemon
quiet
debug
tune.ssl.default-dh-param 2048

defaults
log global
mode http
option httplog
option dontlognull
timeout connect 1600000ms
timeout client 1600000ms
timeout server 1600000ms
timeout check 1600000ms
stats enable
stats uri /stats

# в браузере вылезает окно с авторизацией перед входом
userlist basic-auth-list
user TEST insecure-password Pass123

frontend fe_http_all
bind *:80
mode http
maxconn 10000000
 acl autodiscover url_beg /Autodiscover
 acl autodiscover url_beg /autodiscover
# use_backend be_h_ex2013 if autodiscover
 use_backend be_ex2013

frontend fe_https
mode http
maxconn 10000000
#bind *:443 ssl crt /etc/ssl/certs/final7.pem
bind *:443 ssl crt /etc/ssl/certs/exchange_certificate_and_key_nopassword.pem
acl Autodiscover url_beg /Autodiscover
acl autodiscover url_beg /autodiscover
acl bad_ip src 223.72.82.215 185.25.51.234 78.128.92.106 185.86.150.196 104.196.214.152
acl good_ip_ews src -f /etc/haproxy/good_ip_ews.lst
#acl legacy_host hdr_beg(host) -i legacy.
#acl mail_host hdr_beg(host) -i mail.
acl q_host hdr_beg(host) -i q.
#acl mapi url_beg /mapi
#acl rpc url_beg /rpc
#acl RPC url_beg /RPC
acl owa url_beg /owa
#acl eas url_beg /microsoft-server-activesync
#acl Eas url_beg /Microsoft-Server-Activesync
#acl ecp url_beg /ecp
acl ews url_beg /ews
acl EWS url_beg /EWS
acl calendar url_beg /owa/calendar/
acl Calendar url_beg /OWA/calendar/
 use_backend be_ntpserv_owa if bad_ip
# use_backend be_secure_ex2013 if q_host owa
 use_backend be_secure_ex2013 if q_host
 use_backend be_ntpserv_owa if Calendar
 use_backend be_ntpserv_owa if calendar
# use_backend be_cas01_ex2013 if owa
 use_backend be_cas02_ex2013 if ews good_ip_ews # менять на активный be_cas0X_ex2013 for_change
 use_backend be_cas02_ex2013 if EWS good_ip_ews # менять на активный be_cas0X_ex2013 for_change
 use_backend be_ntpserv_owa if ews
 use_backend be_ntpserv_owa if EWS
default_backend be_ex2013 # менять на активный be_cas0X_ex2013 for_change
#default_backend be_ex2007

frontend fe_imap
mode tcp
bind *:993
default_backend be_imap_ex2013

frontend fe_tls
mode tcp
bind *:143
default_backend be_tls_ex2013

#frontend fe_smtp
#mode tcp
#bind *:25
#default_backend be_smtp_ex2007

#backend be_ecp_ex2013
#maxconn 10000000
#mode http
#balance roundrobin
#server cas01 192.168.5.111:443 check
#server cas02 192.168.5.112:443 check

backend be_secure_ex2013
#acl q-auth http_auth(basic-auth-list)
#http-request auth realm cas01 unless q-auth
maxconn 10000000
mode http
balance roundrobin
server cas01 192.168.5.111:443 check ssl inter 15s verify required ca-file /usr/share/ca-certificates/certs/root2.pem maxconn 30000
server cas02 192.168.5.112:443 check ssl inter 15s verify required ca-file /usr/share/ca-certificates/certs/root2.pem maxconn 30000

backend be_ex2013
maxconn 10000000
mode http
balance roundrobin
server cas01 192.168.5.111:443 check ssl inter 15s verify required ca-file /usr/share/ca-certificates/certs/root2.pem maxconn 30000
server cas02 192.168.5.112:443 check ssl inter 15s verify required ca-file /usr/share/ca-certificates/certs/root2.pem maxconn 30000

backend be_cas01_ex2013
maxconn 10000000
mode http
balance roundrobin
server cas01 192.168.5.111:443 check ssl inter 15s verify required ca-file /usr/share/ca-certificates/certs/root2.pem maxconn 30000

backend be_cas02_ex2013
maxconn 10000000
mode http
balance roundrobin
server cas02 192.168.5.112:443 check ssl inter 15s verify required ca-file /usr/share/ca-certificates/certs/root2.pem maxconn 30000

backend be_ntpserv
maxconn 10000000
mode http
balance roundrobin
server ntpserv 192.168.5.184

backend be_ntpserv_owa
maxconn 10000000
mode http
balance roundrobin
server ntpserv88 192.168.5.184:88

backend be_imap_ex2013
mode tcp
balance roundrobin
server cas01 192.168.5.111:993
server cas02 192.168.5.112:993

backend be_tls_ex2013
mode tcp
balance roundrobin
server cas01 192.168.5.111:143
server cas02 192.168.5.112:143

#listenstats :7000
#stats enable
#stats uri /
#optionhttpclose
#stats auth admin:P@ssw0rd