Pass Source IP to server?

Thank you Jhaas this worked!!! :) Only thing I had to do was do port 80 or 8080 with x-forward; its not working with HTTPS

I think for HTTPS I just need an SSL Cert for SSL Offload on the F5 is that correct?

Michael, your have 3 options :

First option is you do not enable a HTTP profile on your Virtual Server. In this case the TLS handshake will have to be done by your application server. There is 0 offloading done in this case and your SSL certificate needs to be on your app server :

Client --> Passthrough Port 443 --> Big-IP --> Passthrough Port 443 or 8443 --> App Server

Second option is you enable a HTTP profile and also a SSL certificate (through a client-ssl profile), but pass on the requests to the app server unencrypted. This is probably the scenario that you are looking for because it provides offloading for your server :

Client --> HTTPS Port 443 --> F5 Big-IP --> HTTP Port 8080 --> App Server

This option offloads the server as the encryption terminates at the Big-IP. One important thing to know is that this might cause your app to misbehave because your app might want users to come in via HTTPS but it will see unencrypted connections. And then it will redirect users to . And this is going to create an infinite loop. In this case you might need to pass on not only X-Forwarded-For, but also X-Forwarded-Proto to tell your application that the users has connected via https and not http.

Third option is you use encryption all the way, in which case you need a HTTP, client-ssl profile and server-ssl profile. You will need a SSL cert on both Big-IP and app server :

Client --> HTTPS port 443 --> Big-IP --> HTTPS Port 443 or 8443 --> App Server

This scenario does not provide offloading for your server but provide an additional level of security.

@Michael, you will have to attach valid SSL cert for https vip to get client ip. Rest configuration is same like http vip(http profile with x-forward enable).