Forum Discussion

Thusi's avatar
Thusi
Icon for Nimbostratus rankNimbostratus
Oct 16, 2024

HTTPS 8443 Redirect to a pool with 8080 and an URI

Hi Guys,

 

I am having difficulties accessing an internal pool with port 8080 and a extra URI. Curl -vvv gives me an error based on SSL. I think that is not the case here, because I see the request coming in but not redirected properly. My BIGIP version is 16.1.5

Backend pool is not accessible from Internet and does not have a internal / external DNS entry. So statically added backend member with port 8080 only gives response to an API call only if an extra URI being used. So while redirecting will happened at the backend I need to preserve the original request URL:8443/<URI> while getting the response.

I have tried many articles and iRule / LTM policies. But still no success!

 

So far I have configured the following:

Virtual server listening to 8443 and pool listening to 8080.

Heal monitor is OK!

Client side certificate is uploaded

SSL offloading is enabled on the Client Side

HTTP profile added

SNAT added with a IP from a Pool.

Address / Port Translation is enabled.

 

And a curl from the F5 itself to the backend pool with http://xx.xx.xx.xx:8080/uri gives proper response. It means end to end connectivity should be there.

 

Last iRule which I have tried with:

--------------

when HTTP_REQUEST {
switch -glob [string tolower [HTTP::uri]] {
"/uri/" { 
    pool <pool_based_on_member_with_port_8080>
    return
    }
}
}

-----------------

Is there anyone out there help me with this setup?

bigip LTM GUI
  • Mayur_Sutare's avatar
    Mayur_Sutare
    Icon for MVP rankMVP
    Oct 23, 2024

    Hey there! 

    I still did not understand your question fully. Correct me if my understanding is not right.

    You have vServer listening on port 8443 with SSL/TLS terminated on F5 itself. You have backend pool running on port 8080.

     

    Now if someone accesses the VIP as given below 

    https://<VIP-IP/URL:8443/URI then

response should come from pool-member-ip:8080/URI

     

    If above is your requirement, then I don't think if you need any iRule for this. Mapping desired pool to the vServer should work. iRule / LTM policy are required when you want to achieve any conditional use cases.

     

    Feel free to correct me if I didn't understood your question properly.

     

    Thanks,

    M