Forum Discussion
havijestan_3556
Nimbostratus
NimbostratusHTTPS session on HTTP pool server
Hi all,
I'm new to F5 appliances and to the forum.
I'm setting up a virtual server to serve clients on HTTPS. My server is running on HTTP.
I've created a certificate, a client SSL Profile, SNAT pool and a pool with just one server.
I'm having no problem making this work over HTTP from end to end, but I would like to do is to terminate the SSL connection at F5 level to make it HTTPS for end users.
Using the GUI, I specify the virtual server running on HTTPS, and on the advanced configuration, I use the "Standard" type, TCP Protocol, my defined SSL Profile (Client) with Address Translation and Port Translation activated.
Nevertheless, this ain't work and I wonder if I absolutely have to define a iRule to make this work?
Of course this would be much more easier without it, but I think that it might be inevitable given the fact that all the links on the server are referred in "HTTP" and thus should be replaced automatically with HTTPS for the end user.
Thanks for your help.
nitassEmployee
wonder if I absolutely have to define a iRule to make this work?no, normally irule is not required.
what do you get when running curl to virtual server?
e.g.[root@ve1023:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.19.79:443 ip protocol 6 profiles { clientssl { clientside } tcp {} } } [root@ve1023:Active] config b pool foo list pool foo { members 200.200.200.101:80 {} } [root@ve1023:Active] config curl -Ik https://172.28.19.79 HTTP/1.1 200 OK Date: Tue, 13 Mar 2012 09:57:22 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 Content-Type: text/html; charset=UTF-8- havijestan_3556.
- havijestan_3556Hi nitass, Here is what I get:
[root@safhlb1:Active] config b virtual eRoom.https list virtual eRoom.https { snatpool snat.eRoom pool eRoom destination 10.144.82.3:https ip protocol tcp profiles { saferoomtst.cli { clientside } tcp {} } } [root@safhlb1:Active] config b pool eRoom list pool eRoom { monitor all http members 10.144.4.49:http {} } [root@safhlb1:Active] config curl -Ik https://10.144.82.3 HTTP/1.1 200 OK Content-Length: 1433 Content-Type: text/html Content-Location: http://10.144.82.3/iisstart.htm Last-Modified: Fri, 21 Feb 2003 16:48:30 GMT Accept-Ranges: bytes ETag: "0c3110c9d9c21:36f" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Tue, 13 Mar 2012 10:30:10 GMT - nitasscan you create custom http profile, set "Redirect Rewrite" to all and then assign it to virtual?
- havijestan_3556Created, set only to "Redirect Rewrite" (other fiels emtpy).
that didn't work, the URL is rewritten in http and the page doesn't open
btw, there is a cookie test running on the page before going blank - nitasscan you post output of "curl -IkL https://10.144.82.3"?
- havijestan_3556
[root@safhlb1:Active] config curl -IkL https://10.144.82.3 HTTP/1.1 200 OK Content-Length: 1433 Content-Type: text/html Content-Location: http://10.144.82.3/iisstart.htm Last-Modified: Fri, 21 Feb 2003 16:48:30 GMT Accept-Ranges: bytes ETag: "0c3110c9d9c21:36f" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Tue, 13 Mar 2012 10:59:42 GMT - nitasssorry i just noticed it is 200 OK.
what is actual production URL? i think it might not be root (/). - havijestan_3556I don't get what you mean by production URL?
You mean the URL to use to access the service in https? - nitassYou mean the URL to use to access the service in https?yes, i think it might not be . i mean it may have something after slash (/).