Forum Discussion
edward_snajder_
Nimbostratus
NimbostratusMultiple domains to single IP
I am pointing multiple domains to a single IP on the F5. Say I have
domaina.com
domainb.com
domainc.com
and they are all pointing to 10.1.1.1 in DNS. I have an irule that will take [HTTP::host] and then decide if it is going to a virtual directory on IIS.
10.1.1.1/domaina
10.1.1.1/domainb
10.1.1.1/domainc
10.1.1.1 is the F5 server which load balances off to two IIS servers with hypothetical IPs of 10.1.2.1 and 10.1.3.1. The IIS servers are defined as nodes in the pool serving a VS for this multiple domain configuration.
when HTTP_REQUEST {
if { [domain [HTTP::host] 2] equals "domaina.com" }
{
HTTP::redirect http://[HTTP::host]domainA[HTTP:uri]
HTTP::redirect http://10.1.1.1/domainA
}
elseif { [domain [HTTP::host] 2] equals "domainb.com" }
{
HTTP::redirect http://10.1.1.1/domainB
}
elseif {[domain [HTTP::host] 2] equals "domainc.com" }
{
HTTP::redirect http://10.1.1.1/domainC
}
}
This gets everything to where I want it to go (so far, I'm new at this and I haven't tested anything except a single page yet, and there is probably a better way to do this), but, the address bar comes up with http://10.1.1.1/domainc. Since they are public-facing websites, it would be nice to maintain the http://domaina.com/domaina or ideally just http://domaina.com.
When trying the commented out piece, that just results in a loop because it continues to redirect itself. Perhaps there is better logic to run the condition against, or maybe I have the wrong approach. Any ideas? It would be great to sort that out, as then you could have conceivably infinite domains running different sites from a single IP. One problem I am facing short term is that I am running out of IP addresses.
It also crossed my mind to instead make virtual servers for each domain that spoke on the same IP address to the IIS servers, but different ports. Any input you might have would be most appreciated!
hooleylistCirrostratus
Hi,
One thing to be aware of with using the same IP address and port for multiple domains is that you can't use HTTPS. Only one SSL certificate can be configured per virtual server.
Using your existing logic, you could redirect only if the URI doesn't start with /domaina, /domainb, or /domainc.
If you're redirecting, make sure to include the leading forward slash in the URI:
This:
HTTP::redirect http://[HTTP::host]domainA[HTTP:uri]
Should be this:
HTTP::redirect http://[HTTP::host]/domainA[HTTP::uri]
Here is an example using switch:when HTTP_REQUEST { set the host to lowercase and check the domain switch [string tolower [domain [HTTP::host] 2]] { domaina.com { is the parsed domain domaina.com? if the URI doesn't start with /domainA, redirect the client and prepend /domainA to the URI if { not ([HTTP::path] starts_with "/domainA/")}{ HTTP::redirect http://[HTTP::host]/domainA[HTTP::uri] } stop processing the rule as we have a match return } domainb.com { if { not ([HTTP::path] starts_with "/domainB/")}{ HTTP::redirect http://[HTTP::host]/domainB[HTTP::uri] } return } domainc.com { if { not ([HTTP::path] starts_with "/domainC/")}{ HTTP::redirect http://[HTTP::host]/domainC[HTTP::uri] } return } default { take some default action } } }
If you had a lot of domains to handle, it might be easier to maintain if you created a datagroup (class) containing the domains. You could then use the findclass command to search for the requested host in the class and perform the redirect. There is an approximate example in the Codeshare section (Click here).
Hope this gets you started...
Aaron
edward_snajder_Thanks Aaron that did exactly what I wanted. I do plan on applying findclass to it, but I wanted to do it the hard way first to make sure my concept was sound.
Another question it brought to mind is whether or not this is the best way to go. A different theoretical solution would be to create pools for each new domain added which point to the same IP address, but on different ports (between F5 and IIS). The rule would instead call a specific pool based on the domain name found in HTTP::host. On the IIS side, I imagine that each domain would have its own web site, with the corrsponding port identified in F5's pool. It seems like it would be more administrative overhead, but there might be other reasons that this could be preferable. Any thoughts?
Thanks again for the solution!- hooleylistIf it's possible that you would have some servers only answering for some web applications, it would be better to a separate port on the web server. However, if all servers answer for all web applications, I don't think there is much difference from the BIG-IP perspective. Using separate ports on the web servers would require you to create a separate pool for each web app. That might clutter your configuration--or make it clearer for administrators that each pool is specific to one web app.
Aaron