Forum Discussion
HTTPS 8443 Redirect to a pool with 8080 and an URI
Hi Guys,
I am having difficulties accessing an internal pool with port 8080 and a extra URI. Curl -vvv gives me an error based on SSL. I think that is not the case here, because I see the request coming in but not redirected properly. My BIGIP version is 16.1.5
Backend pool is not accessible from Internet and does not have a internal / external DNS entry. So statically added backend member with port 8080 only gives response to an API call only if an extra URI being used. So while redirecting will happened at the backend I need to preserve the original request URL:8443/<URI> while getting the response.
I have tried many articles and iRule / LTM policies. But still no success!
So far I have configured the following:
Virtual server listening to 8443 and pool listening to 8080.
Heal monitor is OK!
Client side certificate is uploaded
SSL offloading is enabled on the Client Side
HTTP profile added
SNAT added with a IP from a Pool.
Address / Port Translation is enabled.
And a curl from the F5 itself to the backend pool with http://xx.xx.xx.xx:8080/uri gives proper response. It means end to end connectivity should be there.
Last iRule which I have tried with:
--------------
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::uri]] {
"/uri/" {
pool <pool_based_on_member_with_port_8080>
return
}
}
}
-----------------
Is there anyone out there help me with this setup?
Hey there!
I still did not understand your question fully. Correct me if my understanding is not right.
You have vServer listening on port 8443 with SSL/TLS terminated on F5 itself. You have backend pool running on port 8080.
Now if someone accesses the VIP as given below
https://<VIP-IP/URL:8443/URI then response should come from pool-member-ip:8080/URI
If above is your requirement, then I don't think if you need any iRule for this. Mapping desired pool to the vServer should work. iRule / LTM policy are required when you want to achieve any conditional use cases.
Feel free to correct me if I didn't understood your question properly.
Thanks,
M
- zamroni777Nacreous
does the problem only happen for /uri/?
btw, if there is no need for uri based pool selection, then it will be simple vserver setup.
i suggest use the iapp wizard so most important settings are easily configured correctly (snat etc.)
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com