Forum Discussion
Jason_11641
Nimbostratus
Nimbostratushttps to specific pool member port
I was wondering if anyone here knows of a way to direct traffic from https to a particular server port in a pool. My issue is, I have 1 virtual server with a pool which has 1 server but has 6 ports open. Each of these ports has a different application running on them. We need to somehow direct the traffic from https into a particular port out in the pool. The https urls are specific for each port on the front end. Any suggestions? ll help is greatly appreciated!
Thanks,
Jason
- Where there's a will there's a way. First though, a little info on how your configuration will help. Based on your info, I'm assuming you have something like this
VIP (443) +- POOL pool +- POOL MEMBER 10.10.10.10:*
You have a VIP setup with a clientside ssl profile to decrypt the SSL traffic. In that VIPs settings, you have a pool setup with one member configured with a wildcard service port of "*". I'm assuming the wildcard port because you said it was listening on multiple ports and I'm not sure how to configure it otherwise.
If that's the case, you'll have to have some way to determine what the application you want routing to go to is. I'm going to assume it's based on the URI. You can then switch on the URI and manually assign the IP:port for the destination like this:when HTTP_REQUEST { switch -glob [HTTP::uri] { "/app1/*" { node 10.10.10.10 80 } "/app2/*" { node 10.10.10.10 81 } "/app3/*" { node 10.10.10.10 82 } "/app4/*" { node 10.10.10.10 83 } "/app5/*" { node 10.10.10.10 84 } "/app6/*" { node 10.10.10.10 85 } } }
In this case any requests to /app1/* will go to pool member 10.10.10.10 on port 80, /app2/* will go to port 81, etc.
Another option would be to create 6 pools with a member for each IP:PORT combo you have and use the "pool" command to assign routing to that application pool.
There are pros/cons to each approach but both should work for you.
Is this kind of what you were getting at?
-Joe - Jason, sure there's a way. But, it boils down the your ability to determine how to route the traffic. Based on your description, I'll assume your config is setup like this
VIP (clientssl profile) +- POOL +- MEMBER 10.10.10.10:*
Where you have a VIP setup with a clientssl profile to decrypt the traffic and a default pool setup with a single pool member configured with a wildcard port. Assuming that you can determine what the application is from something like the URL, you could do thiswhen HTTP_REQUEST { switch -glob [HTTP::uri] { "/app1/*" { node 10.10.10.10 80 } "/app2/*" { node 10.10.10.10 81 } "/app3/*" { node 10.10.10.10 82 } "/app4/*" { node 10.10.10.10 83 } "/app5/*" { node 10.10.10.10 84 } "/app6/*" { node 10.10.10.10 85 } } }
That way when requests come in for URI's starting with /app1/, it will direct traffic to pool member 10.10.10.10 on port 80, /app2/ to port 81, etc.
You could alternately create 6 pools with a single member configured for a specified port. That way you define your pool in such a way that the health monitors can monitor the specific applications on the various ports independently. If you go that route, you would just use the "pool" command to assign traffic to a given pool based on the application.
Is this kind of what you were looking for? If not, send more details and we'll see what we can do.
-Joe 
Jason_11641Joe,
That looks like it may cover it. I'll give this a whirl tomorrow. Thanks alot for your help!!
Thanks,
Jason
