hi here is my haproxy config to redirect mailcow
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main_https_listen
bind :443 v4v6
mode tcp
option tcplog
log global
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
#---------------------------------------------------------------------
# Common HAProxy nodes configuration
#---------------------------------------------------------------------
# -------------------------------
# ACLs
# -------------------------------
acl acl_mailcowseeboxs req.ssl_sni -i mail.seeboxs.com www.mail.seeboxs.com
# -------------------------------
# Conditions
# -------------------------------
use_backend backend_mailcowseeboxs if acl_mailcowseeboxs
#---------------------------------------------------------------------
# Backends
#---------------------------------------------------------------------
# APP 1 MAILCOW SEEBOXS
backend backend_mailcowseeboxs
description MAILCOW SEEBOXS
mode tcp
option ssl-hello-chk
server server_mailcowseeboxs 192.168.1.7:443 check
hi here is my haproxy config to redirect mailcow , with this config you also have the renewal of acmé certificates which are ok
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
daemon
user haproxy
group haproxy
log /dev/log local6 notice
log /dev/log local5 info
maxconn 100000
chroot /var/lib/haproxy
pidfile /run/haproxy.pid
stats socket /var/run/haproxy/admin.sock mode 777 level admin
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode tcp
option tcplog
log global
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
#---------------------------------------------------------------------
# dedicated stats page
#---------------------------------------------------------------------
listen stats
mode http
bind :22222
stats enable
stats hide-version
stats uri /stats
stats realm HAProxy-Statistics
stats auth loguin:password
stats refresh 30s
# stats admin if TRUE
#---------------------------------------------------------------------
# Front end Acme Challenge
#---------------------------------------------------------------------
frontend seeboxs.com:80
bind :80 v4v6
mode http
option tcplog
#---------------------------------------------------------------------
# Check for Acme Challenge and validate url
#---------------------------------------------------------------------
acl acme_challenge path_beg /.well-known/acme-challenge/
acl mcseeboxs_host hdr(host) -i mail.seeboxs.com
acl mcseeboxsautoconfig_host hdr(host) -i autoconfig.seeboxs.com
acl mcseeboxsautodiscover_host hdr(host) -i autodiscover.seeboxs.com
acl mta-sts-seeboxs_host hdr(host) -i mta-sts.seeboxs.com
#---------------------------------------------------------------------
# Renew certificate mailcow server
#---------------------------------------------------------------------
backend le_mcseeboxs_backend
mode http
server letsencrypt_mcseeboxs_server 192.168.1.7:80 check
backend le_mcseeboxsautoconfig_backend
mode http
server letsencrypt_mcseeboxsautoconfig_server 192.168.1.7:80 check
backend le_mcseeboxsautodiscover_backend
mode http
server letsencrypt_mcseeboxsautodiscover_server 192.168.1.7:80 check
backend le_mta-sts-seeboxs_backend
mode http
server letsencrypt_mta-sta-seeboxs_server 192.168.1.7:80 check
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main_https_listen
bind :443 v4v6
mode tcp
option tcplog
log global
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
#---------------------------------------------------------------------
# Common HAProxy nodes configuration
#---------------------------------------------------------------------
# -------------------------------
# ACLs
# -------------------------------
acl acl_mailcowseeboxs req.ssl_sni -i mail.seeboxs.com www.mail.seeboxs.com
# -------------------------------
# Conditions
# -------------------------------
use_backend backend_mailcowseeboxs if acl_mailcowseeboxs
#---------------------------------------------------------------------
# Backends
#---------------------------------------------------------------------
# APP 1 MAILCOW SEEBOXS
backend backend_mailcowseeboxs
description MAILCOW SEEBOXS
mode tcp
option ssl-hello-chk
server server_mailcowseeboxs 192.168.1.7:443 check
be careful I use mta-sts, if you do not use it please delete all the lines that refer to mta-sts for acmé renewal
there is an error in the previous answer but I cannot modify it
hi here is my haproxy config to redirect mailcow , with this config you also have the renewal of acmé certificates which are ok
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
daemon
user haproxy
group haproxy
log /dev/log local6 notice
log /dev/log local5 info
maxconn 100000
chroot /var/lib/haproxy
pidfile /run/haproxy.pid
stats socket /var/run/haproxy/admin.sock mode 777 level admin
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode tcp
option tcplog
log global
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
#---------------------------------------------------------------------
# dedicated stats page
#---------------------------------------------------------------------
listen stats
mode http
bind :22222
stats enable
stats hide-version
stats uri /stats
stats realm HAProxy-Statistics
stats auth loguin:password
stats refresh 30s
# stats admin if TRUE
#---------------------------------------------------------------------
# Front end Acme Challenge
#---------------------------------------------------------------------
frontend seeboxs.com:80
bind :80 v4v6
mode http
option tcplog
#---------------------------------------------------------------------
# Check for Acme Challenge and validate url
#---------------------------------------------------------------------
acl acme_challenge path_beg /.well-known/acme-challenge/
acl mcseeboxs_host hdr(host) -i mail.seeboxs.com
acl mcseeboxsautoconfig_host hdr(host) -i autoconfig.seeboxs.com
acl mcseeboxsautodiscover_host hdr(host) -i autodiscover.seeboxs.com
acl mta-sts-seeboxs_host hdr(host) -i mta-sts.seeboxs.com
#---------------------------------------------------------------------
# If no Acme Challenge redirect HTTPS
#---------------------------------------------------------------------
redirect scheme https code 301 if !acme_challenge
#---------------------------------------------------------------------
# On Acme Challenge forward :80 to backend server
#---------------------------------------------------------------------
use_backend le_mcseeboxs_backend if acme_challenge mcseeboxs_host
use_backend le_mcseeboxsautoconfig_backend if acme_challenge mcseeboxsautoconfig_host
use_backend le_mcseeboxsautodiscover_backend if acme_challenge mcseeboxsautodiscover_host
use_backend le_mta-sts-seeboxs_backend if acme_challenge mta-sts-seeboxs_host
#---------------------------------------------------------------------
# Renew certificate mailcow server
#---------------------------------------------------------------------
backend le_mcseeboxs_backend
mode http
server letsencrypt_mcseeboxs_server 192.168.1.7:80 check
backend le_mcseeboxsautoconfig_backend
mode http
server letsencrypt_mcseeboxsautoconfig_server 192.168.1.7:80 check
backend le_mcseeboxsautodiscover_backend
mode http
server letsencrypt_mcseeboxsautodiscover_server 192.168.1.7:80 check
backend le_mta-sts-seeboxs_backend
mode http
server letsencrypt_mta-sta-seeboxs_server 192.168.1.7:80 check
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main_https_listen
bind :443 v4v6
mode tcp
option tcplog
log global
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
#---------------------------------------------------------------------
# Common HAProxy nodes configuration
#---------------------------------------------------------------------
# -------------------------------
# ACLs
# -------------------------------
acl acl_mailcowseeboxs req.ssl_sni -i mail.seeboxs.com www.mail.seeboxs.com
# -------------------------------
# Conditions
# -------------------------------
use_backend backend_mailcowseeboxs if acl_mailcowseeboxs
#---------------------------------------------------------------------
# Backends
#---------------------------------------------------------------------
# APP 1 MAILCOW SEEBOXS
backend backend_mailcowseeboxs
description MAILCOW SEEBOXS
mode tcp
option ssl-hello-chk
server server_mailcowseeboxs 192.168.1.7:443 check