Forum Discussion
NimbostratusNeed help in F5 to pass HTTPS traffic to HTTP Server without Offloading
Hi All, I have a F5 LTM device with Virtual Server listening on port 443 however my actual server behind F5 is listening on Port 80. My requirement is to pass HTTPS traffic to web Server without SSL offloading on F5 Box. When I enabled tcpdump on my internal port I can see traffic coming to actual server on port 80 which means port translation is happening however web page is not opening from client machine.
4 Replies
TechgeeegHi Pawan,
If you don't want SSL offloading on F5 then where do u think the offloading will happen. The backend servers are not configured to accept/offload that. However having said that... are your Servers and the Virtual Server IP in the same subnet or different??
Regards,
Pawan_Rudra_144Hi Techgeeeg,
I believe SSL offloading will happen at Actual Server, not so sure. This is as per client requirement. We don't have access to Servers.
yes , Virtual Server IP and Actual Servers are in the same subnet.- Kevin_Stewart
Employee
If I may add, port 80 is a very unusual port to host HTTPS traffic. Could it be that the web server is actually not encrypted? From the BIG-IP command line you can check this:
curl -kv https://x.x.x.x:80where x.x.x.x is the IP address of the web server. If you get a valid HTML response, then you are indeed doing HTTPS on port 80. The following will test unencrypted access:
curl -v http://x.x.x.xIf you get a valid HTML response, then the web server is unencrypted and you need to apply a client SSL profile on the BIG-IP to offload the client side SSL.
- Pawan_Rudra_144
Thanks a lot Kevin.
Now I can see the Web Server is only listening on port 80 as I am getting the HTML response via curl -v http://x.x.x.x command not from the first one.
So we need to do SSL offloading on the F5 itself in order for this setup to work.
Thanks again.
