Forum Discussion

havijestan_3556's avatar
havijestan_3556
Icon for Nimbostratus rankNimbostratus
Mar 13, 2012

HTTPS session on HTTP pool server

Hi all,

 

 

I'm new to F5 appliances and to the forum.

 

I'm setting up a virtual server to serve clients on HTTPS. My server is running on HTTP.

 

I've created a certificate, a client SSL Profile, SNAT pool and a pool with just one server.

 

 

I'm having no problem making this work over HTTP from end to end, but I would like to do is to terminate the SSL connection at F5 level to make it HTTPS for end users.

 

 

Using the GUI, I specify the virtual server running on HTTPS, and on the advanced configuration, I use the "Standard" type, TCP Protocol, my defined SSL Profile (Client) with Address Translation and Port Translation activated.

 

 

Nevertheless, this ain't work and I wonder if I absolutely have to define a iRule to make this work?

 

Of course this would be much more easier without it, but I think that it might be inevitable given the fact that all the links on the server are referred in "HTTP" and thus should be replaced automatically with HTTPS for the end user.

 

 

Thanks for your help.

 

basic
getting started
new to f5
  • havijestan_3556's avatar
    havijestan_3556
    Icon for Nimbostratus rankNimbostratus
    Mar 14, 2012
    Hi,

     

     

    Well, I get empty reply from server:

     

    curl: (52) Empty reply from server

     

     

    Even though I can log in to the server by reaching it directly, so it's not a server problem I think, you tell me
  • havijestan_3556's avatar
    havijestan_3556
    Icon for Nimbostratus rankNimbostratus
    Mar 14, 2012
    btw, when on a browser, the communication is forced to http before, going down on error like if the page doesn't exist...
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Mar 14, 2012
    curl: (52) Empty reply from server what do you get if running the same command but changing ip to pool member?
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Mar 14, 2012
    Same thingdoesn't it mean the request (e.g. header, uri, etc) is not correct?
  • havijestan_3556's avatar
    havijestan_3556
    Icon for Nimbostratus rankNimbostratus
    Mar 14, 2012
    I'm not an HTML expert. all I know is that the page works fine when I access the server directly via http.
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Mar 14, 2012
    have you ever used http analyzer? it might be helpful to find out what url is.

     

     

    HttpFox

     

    https://addons.mozilla.org/en-US/firefox/addon/httpfox/

     

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Mar 15, 2012
    think there's a javascript running to force the client go http, isn't it?are you able to see content in the script? http might be hard-coded there. if so, you may need stream profile/irule to modify it.

     

     

    sol8115: Overview of the Stream profile

     

    http://support.f5.com/kb/en-us/solutions/public/8000/100/sol8115.html
  • havijestan_3556's avatar
    havijestan_3556
    Icon for Nimbostratus rankNimbostratus
    Mar 16, 2012
    Actually I saw the content by entering the URL of the script in my browser (not sure if this is the right way). I barley saw two occurrences of the "http" word in the whole code and it didn't seem to be related to this.

     

    However, I try to search a bit more and let you know.

     

    Many thanks.