Hi,
we recently upgraded our HAProxy server from Debian Bookworm to Trixie, thereby updating HAProxy from 2.6.12 to 3.0.11. Since then, a Linux client using Evolution cannot connect to the Exchange server anymore as he repeatedly gets asked for his credentials.
This seems to be caused by ALPN making http/2 available for the frontend by default, which Exchange as the backend is not compatible with as far as I could find.
I want to force HAProxy to use http/1.1 for connections with this backend (not the others) while the frontend should still offer all versions. However, logging shows that this setting seems to be ignored.
/etc/haproxy/haproxy.cfg:
backend ExchangeEWS
option httpchk GET /ews
http-check expect status 401
server atl-ex2019 192.168.120.3:443 ssl verify none alpn http/1.1
Logging is done with:
frontend fe
log-format “%ci:%cp [%tr] %ft %b/%s %ST %B {req_proto=%HV} → {res_proto=%HV}”
Log shows:
Oct 09 13:07:26 atl-proxy haproxy[75200]: 192.168.120.38:34924 [09/Oct/2025:13:07:26.024] fe~ ExchangeEWS/atl-ex2019 401 660 {req_proto=HTTP/2.0} → {res_proto=HTTP/2.0}
What am I doing wrong?
4 posts - 2 participants