Forum Discussion
How to do Port forwarding from 443 to 80 ?
My VIP is enabled with HTTPS and running on 443 and i have pool configured with 80. My underlying JBoss is configured with 8080. When I hit the VIP with HTTPS , it does not reach any of the pool instances which are HTTPD instances. At the same time, when i configure VIP with HTTP:80 it works perfectly. Kindly help to me to understand the problem and explain the solution
- BinaryCanary_19Historic F5 Account
As long as Translate Port/Service is enabled on the VIP, the VIP will automatically translate the destination port to match the target pool member, so you just need to add your pool members to the pool with the correct port.
- BinaryCanary_19Historic F5 AccountA common mistake people make is to also put a ServerSSL profile on the VIP when the pool members are not doing SSL (because they think a 443 VIP needs it). You only need serverssl when the F5 is supposed to do SSL to the pool members (it has nothing to do with the ports)
- Alex_Dominic_SaNimbostratus
Thanks all, I resolved this issue by enabling Virtual Servers -> HTTP Profile to rewriteredirectall. Now got a different issue where I am able to hit deployed JBoss application with HTTPS VIP URL but the subsequent requests are not going HTTPS and when I try other links inside the application, it goes to HTTP and I get Page cannot be displayed. Please advice. I tried the iRule but nothing works , even it does not hit the Apache HTTPD using VIP address. when HTTP_REQUEST { HTTP::redirect "https://[HTTP::host][HTTP::uri]" }
- BinaryCanary_19Historic F5 Account
The problem has nothing to do with port forwarding at all, but is simply trying to patch a limitation in your app that hard-codes links as "HTTP" (absolute urls), when it should use relative URLs, and allow the browser to decide whether it should be HTTP or HTTPS.
Apart from actually fixing the app itself (which may be as simple as flipping a setting somewhere), you may be able to use a "stream" or "rewrite" profile to rewrite all possible links from HTTP to HTTPS, and to make sure that the host part of the links points to the same F5 VIP. Using an irule that redirects HTTP to HTTPS may work too, but that is going to cause POSTS that get a 302 response to be lost.
The best and easiest way is to find a solution in the application itself. Failing that, you're gonna have to play around with the stream and rewrite profile, and irules and hope you catch every case.
- Alex_Dominic_SaNimbostratus
I created another Virtual Server with same VIP on F5 where I configured it with the same application port 8080. Added the rule to redirect HTTP request to HTTPS and it is working. But now i have another problem , I unable to log out from the application. When I click on log out it goes to application home page.
- BinaryCanary_19Historic F5 Account
Quite likely, somewhere in all the redirects, you have a redirect that discards the PATH of the URL.
Example, if the logout page has link: http://example.com:8080/logout.php
and your 8080 VIP sends a redirect to https://example.com , then the logout will not work, because /logout.php has been discarded in the redirect.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com