Forum Discussion
zski128_101720
Nimbostratus
NimbostratusNo HTTP and HTTPs traffic over single VS?
Hello,
New to the forums. I am running 9.4.x and I am trying to setup a new virtual server listening on all ports (0). I have a pool of web servers assigned to this VS that are listening on both ports 80 and 443.
E,g,
10.0.0.1:80
10.0.0.1:443
10.0.0.2:80
10.0.0.2:443...etc.
My problem is when I try to use a persistence option (ssl, cookie) the virtual server will stop handling HTTP traffic and only allow SSL. If I try to set persistence to cookie, the system requires me to set a HTTP profile which then breaks HTTPs. I would rather not have to create two seperate VS's for this solution (one for 80 and one for 443). Any suggestions?
Thanks!
Rich
1 Reply
L4L7_53191Rich: I would absolutely create separate VIPs here, for a few reasons:
1) You need persistence, but the services are totally different (even if the app is the same HTTP is different from HTTPS). I'd setup a 80 and 443 vip, terminate ssl, etc.
2) It's more secure this way. Explicitly exposing services is better than a wildcard (port 0) VIP. A wildcard will forward any port back to your servers - not ideal unless you absolutely need to do this.
3) Since 80 and 443 are different services, different vips help you customize profile behavior for a specific service.
-Matt
