Forum Discussion

venu_96110's avatar
venu_96110
Icon for Nimbostratus rankNimbostratus
Feb 20, 2009

how to make https work

Hello,

 

 

I have two domains say abc.com and xyz.com which are running on same server. Now i would like to have https for both of them and since i cannot run two https on single ip and same port, i have used 443 for abc.com and port 444 for xyz.com. It works fine when i access the sites thru internal IP(by adding a hosts entry) but the thru F5, the second url, https://xyz.com:444 doesn't work(page timeout)? what should i do to make it work?

 

 

Thanks in advance,

 

Venu.
config
design

5 Replies

Sort By
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Feb 23, 2009
    Hi Venu,

     

     

    If you have two separate fully qualified domain names that you want to support with HTTPS, it would be ideal if you could configure the DNS so each hostname resolves to a separate IP address on the LTM. You could then configure separate VIPs pointing to separate pools. If you need to use the same server IP for both applications, then as you've said, you could use separate ports.

     

     

    If the application references the 444 port in URLs, you would need to remove the non-standard port from the response (headers and/or body). You can use an iRule to do this. If you do end up needing to this reply and we can give you some links on how to do this.

     

     

    Aaron
  • venu_96110's avatar
    venu_96110
    Icon for Nimbostratus rankNimbostratus
    Feb 24, 2009
    Hello Aaron,

     

     

    Please give me the example links.

     

     

    Thanks,

     

    Venu.
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Feb 24, 2009
    You can rewrite the port in redirects using an iRule like this: 

     
 when HTTP_RESPONSE {  
  
     Check if response is a redirect  
    if {[HTTP::is_redirect]}{  
  
        Replace port :444/ with / 
       HTTP::header replace Location [string map -nocase {:444/ /} [HTTP::header value Location]]  
    }  
 }

    If the response content contains references to the 444 port, you could rewrite those using a blank stream profile and the following iRule. You may also need to add a custom HTTP profile with Response Chunking set to Rechunk. Check the STREAM::expression wiki page (Click here) for details. 

     
 when HTTP_RESPONSE { 
  
     Disable the stream filter by default 
    STREAM::disable 
  
     Check if response type is text 
    if {[HTTP::header value Content-Type] contains "text"}{ 
  
        Replace :444/ with / 
       STREAM::expression "@:444/@/@" 
  
        Enable the stream filter for this response only 
       STREAM::enable 
    } 
 }

    Aaron
  • venu_96110's avatar
    venu_96110
    Icon for Nimbostratus rankNimbostratus
    Feb 24, 2009
    Thanks for the prompt reply. I have one final question. Since i have two ssl certificates for 2 different domains pointed to same IP. What are the changes i need to make on F5 so that the ssl certificates gets pulled from server such that https://xyz.com pulls its own cert and https://abc.com the respective one.

     

     

    Thanks for all the help,

     

    Venu.
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Feb 24, 2009
    Hi Venu,

     

     

    Check this post for details:

     

     

    Same VIP Multiple SSL Certs (Click here)

     

     

    Aaron