help converting Apache Vhost to irule

There are a couple of things to cover here:

First, you need two virtual servers. Create a port 80 virtual server for IP 192.168.0.98, add a generic HTTP profile, and then add the built-in _sys_https_redirect iRule. This iRule will automatically redirect all incoming port 80 (http://) requests to https://. You then need a port 443 virtual server for IP 192.168.0.98, add an HTTP profile, your client SSL profile (to allow you to terminate the client side SSL), server SSL profile (it appears you're passing traffic to another SSL server so you'll want to re-encrypt), a SNAT profile as required, and any other profiles as required. Also create two pools. The first pool would be for the service at 192.168.2.82:443. I'm assuming that's the default pool, so assign that pool to the virtual server. The second pool is for the service at 192.168.2.82.8382 (also SSL) - I'll call that "sso_pool".

Then you just need an iRule to switch pools based on the request URI. Something like this:

 
when CLIENT_ACCEPTED {
     set default_pool [LB::server pool]
}
when HTTP_REQUEST {
     if { [string tolower [HTTP::uri]] starts_with "/sso" } {
          pool sso_pool
     } else {
          pool default_pool
     }
}

If you need anything more elaborate than that, then I'd recommend looking at the ProxyPass iRule.

thanks

This method somehow seems very cumbersome to me... Suppose you had a lot of these vHosts, say 1000 or more. Is it necessary to create 1000 individual virtual hosts each using this kind of an iRule but each with their own uniquely-named pool and maybe even their own unique Data Group (in the case of ProxyPass), or is there a better way to create some kind of translation matrix for this?

 

-Tom

 

Well, if you simply need a 1-1 mapping from a URI to a specific IP and port, then a single managed data group would probably work best.