Forum Discussion

TSP_94471's avatar
TSP_94471
Icon for Nimbostratus rankNimbostratus
Mar 08, 2016

Append https URL with 8443 port

We have a Pool of servers listening on port 8443 for https for an application 7 the URL is accessed as https://www.abc.com:8443 now we want to host this site on f5 LTM with SSL offloading along with clientssl & serverssl profiles. In addition the users will access the site as https://www.abc.com poitiing to VIP but when request goes to Pool it should be https://www.abc.com:8443 hence port 8443 chould be added in http request.

 

application delivery
iRules
LTM

8 Replies

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Mar 08, 2016

    TSP, by creating a VIP on port 443 and having pool members on port 8443, the BIG-IP will, by default for a standard virtual server, do port address translation automatically. You do not need the VIP to be on port 8443 or an irule to do this.

     

    Hope this helps,

     

    N

     

  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Mar 09, 2016

    Hi TSP,

     

    if you need to change the HOST-header value to match the non-443 port number of your pool members, you could use this code snippet...

     

    when HTTP_REQUEST_SEND { 
    clientside {
        HTTP::header replace "HOST" "[HTTP::header value HOST]:[LB::server port]"
    }
}

    Cheers, Kai

     

    • raduioncu_16351's avatar
      raduioncu_16351
      Icon for Nimbostratus rankNimbostratus
      Mar 14, 2016
      It seems to me that all you need is to have the pool members on port 8443 (or 4443 as in the diagram?). There is no reason why this would not work. Changing the host header to include :8443 would actually break the connection, since the browser does no consider the port part of the HOST.
    • nag_54823's avatar
      nag_54823
      Icon for Cirrostratus rankCirrostratus
      Mar 15, 2016
      Hi TSP, It could be ssl communication issue between LTM and pool members. Are you able to access your application directly bypassing LB ? does 3-way handshake and certificate exchange completed successfully on server side ? openssl & ssldump will be really helpful in this situation to clear out ssl communication issue.
    • TSP_94471's avatar
      TSP_94471
      Icon for Nimbostratus rankNimbostratus
      Mar 18, 2016
      Yes seems to be a SSL issue we have taken a tcpdump & ssldump for same & TAC is analyzing it for us will update with results
  • Jinshu's avatar
    Jinshu
    Icon for Cirrus rankCirrus
    Mar 15, 2016
    1. Create a VIP on port 443
    2. configure pool member with port 8443
    3. configure client SSL profile with your cert
    4. Configure Server SSL profile using F5 default one or using your cert.
    5. Test the access. Verify the /var/log/ltm log file for eny errors.
    6. If still not wotking get a tcpdump and verify if SSL handshakes are happening.

    -Jinshu