Forum Discussion
Ireda
Cirrostratus
CirrostratusHTTPS virtual server with custom TCP port
Hi, How to configure an HTTPS virtual server with a custom TCP port Example: https://XZY.org:8080 Do we need to change the F5 listening port from 443 to 8080 only or do we need other steps? Would t...
Paulius
MVP
MVPIreda This would only require having your virtual server (VS) listening on the respective destination IP and port 8080. The reason this doesn't work for you when you apply an HTTP profile is because you are not performing SSL termination on the F5 and since the traffic is encrypted the F5 doesn't know what to do so the connection fails. The reason you are most likely receiving an "not secure" is because the servers that you are balancing to either don't have a trusted CA SSL certificate installed, an SSL certificate that doesn't match the name in your URL, or an expired SSL certificate installed. So as an example, if you have SSL certificate for *.example.com installed on the destination servers and you use xyz.org in the URL, even though that points to the same destination IP your browser sees the missmatch and gives you that not secure error. You should be able to validate the SSL certificate that you are being provided by clicking the lock icon next to the URL in your browser or using the following curl command.
curl -Ivk "https://<url>"
Also, you do not have to configure an HTTP profile unless you are doing something to look at the HTTP header such as cookie persistence or attempting to balance based on host or uri. If you woud like to do that on the F5 just make sure you perform SSL termination on the F5 VS in question.
IredaThanks for your reply, but regarding VIP port will be 8080 and protocol will be "Other" or what ?
Also, How can I do F5 SSL termination on the VS? you meaning assign SSL Profile for client side.
- Paulius
Ireda If you enter the port it should auto-select the appropriate setting. Are you referring to the drop down to the right of the service port that says HTTPS or are you referring to the protocol just below that under the configuration section that should set itself to TCP? If you want to perform SSL termination and pass the traffic decrypted to the pool members you only configure an SSL client profile with a valid SSL cert, key, and intermediate if necessary. If you want to pass encrypted traffic to the pool member after the F5 has done what it needs to you can configure both a SSL client profile and SSL server profile, the SSL server profile can be the default serverssl or other profiles that are already on the F5. You only have to adjust the SSL server profile if you only want to use certain SSL ciphers as well as a few more options.
- Ireda
Hi
Kindly check the attached, are you meaning that? , but this is a migration from Citrix to F5
In Citrix -------> port 8080 / protocol HTTP and in other VS the protocol is TCP.
How can I make the port 8080 and protocol HTTP ?
