Forum Discussion
Big-ip in the middle fo SSL
I have a need to SSL offload a public certificates on a 2 virtual servers. Then connect SSL to the same load balanced servers on port 4443. with different uri's I am a newb so any suggestions would be great. I am not sure whether I need iRules or just the correct config on the ltm to accomplish this.
example : certificate from verisign Virtual server https://myapp.com/ certificates self signed used for encryption only node1 is https://backend.net:4443/uri1/.... node2 is https://backend2.net:4443/uri1/..... certificate from verisign Virtual server https://newapp.com/ certificates self signed used for encryption only node1 is https://backend.net:4443/uri2/.... node2 is https://backend2.net:4443/uri2/.....
5 Replies
- Kevin_Stewart
Employee
Are you specifically talking about decrypting the SSL on the BIG-IP and then re-encrypting to the back end node? If so, that's just a configuration - assign client and server SSL profiles to the virtual server.
- ga_129682
Nimbostratus
Kevin, Thank you so much for the reply. you are correct and I have had that turned on and off for the better part of today but just now realized it is not the F5 complaining it is the server. I have been fighting this all day and see I am not appending the URI to the different URL's. I am assuming this is rather easy but I am very new and attempting to learn fast. do you have a hint?
- Kevin_Stewart
Employee
Okay, so is it safe to say that decryption and re-encryption is working, and that the server is now just complaining about a URI?
If so, do you need to just append the URI to the request if it doesn't exist:
when HTTP_REQUEST { if { [HTTP::uri] equals "/" } HTTP::uri "/uri1" } }or actually redirect the user to the new URI:
when HTTP_REQUEST { if { [HTTP::uri] equals "/" } { HTTP::redirect "https://[HTTP::host]/uri1" } }The first will transparently replace the URI on its way to the server using HTTP::uri, and the second will physical redirect the user to a new URL using HTTP::redirect.
I'm not quite sure I understand yet where uri1 and uri2 fit into all of this.
- ga_129682
Nimbostratus
it is the append function and it works great with the exception of it keeps the :4443 on the response. It appears I can do a regsub on the http response, but is that the best way?
- ga_129682
Nimbostratus
I found the http_response code to rewrite the port... thanks for all of your help. It is very much appreciated.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com