Multiple HTTPS sites on a single IP
I'm trying to host multiple HTTPS sites with different HTTP backends on a single IP address, following https://support.f5.com/csp/article/K13452 as much as possible.
Version: BIG-IP 13.1.1 Build 0.0.4 Final
I have imported my wildcard certificate and have configured the following:
Client SSL profiles
domain.com:
- No "Server Name"
- "Default SSL Profile for SNI" checked
sub1.domain.com:
- Parent: "domain.com"
- Server Name: "sub1.domain.com"
- "Default SSL Profile for SNI" NOT checked
sub2.domain.com
- Parent: "domain.com"
- Server Name: "sub2.domain.com"
- "Default SSL Profile for SNI" NOT checked
sub1
- Destination 10.0.0.1
- Service port: 443 HTTPS
- HTTP profile: http
- SSL Profile (Client): domain.com + sub1.domain.com
- Source Address Translation: Auto Map
sub2
- Destination 10.0.0.2
- Service port: 443 HTTPS
- HTTP profile: http
- SSL Profile (Client): domain.com + sub2.domain.com
- Source Address Translation: Auto Map
But as mentioned I only have a single IP address, but when I change the destination on VS for sub2 to "10.0.0.1" I'm presented with this error: 01070333:3: Virtual Server /Common/sub2 illegally shares destination address, source address, service port, ip-protocol, and vlan with Virtual Server /Common/sub1
I was under the impression that because I'm using multiple SSL profiles with specific Server Names it should be possible to host this on a single IP.