Forum Discussion
mohammadhuq
Nimbostratus
NimbostratusHow to configure F5 as a reverse proxy
Hi All, I am pretty much new in F5 LTM. Currently I am working in a project where client wants to deploy F5 as a reverse proxy. It is band new F5 and has to configure anything till yet. Client has t...
Mayur_Sutare
MVP
MVPHi mohammadhuq ,
First, as your external site will be running on https, you need to do SSL offloading on the F5 vServer. For this, you need to have CA signed certificate for your FQDN i.e. abc.com and you need to configure client ssl profile which will have this certificate & it’s associated key and at the end, this client-ssl profile will be mapped to the vServer.
With this, all the incoming requests from the client to the F5 will be encrypted. F5 vServer will decrypt it and then forward request to the backend app servers.
For redirecting requests based on the URI, you can achieve this requirement using iRule as well as LTM policies.
Below is one sample iRule which is for your use case.
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/sales" }{
pool pool-sales
} elseif { [HTTP::uri] starts_with "/marketing" }{
pool pool-marketing
}
}
There are some other important settings on the vServer that you need to consider.
2. SSL Profiles
Hope it helps!
mohammadhuqHi Mayur,
Thanks for your help. If my vServer is HTTPS and my backend server is HTTP, will it work? For this do I need to create any policy for redirect?
Another question, if backend server is HTTPS and if client wants to do encrypt the traffic F5 to backend server, then I think we need to create SSL profile for server. In this case can we use generic server SSL profile which is by default available in F5 or we need to create SSL profile like client SSL profile.Thanks.
Regards,
Mohammad