Port Translation & HTTPS -> HTTP
Systeminformation:
F5 BIG-IP r2600
Version 17.1.1.1 Build 0.0.2
Hello everyone,
We would like to map the following scenario with the f5 BIG-IP
I call https://server.domain.com port 443. The BIG-IP should then forward to http://server.domain.com port 55000.
Is this even possible? How did you solve it?
Configuration:
For port translation, we entered port 443 in the virtual server and gave the pool member port 55000.
For HTTPS to HTTP we used the following iRule:
when HTTP_REQUEST {
# Extrahiere den Host und den URI aus der HTTPS-Anfrage
set host [HTTP::host]
set uri [HTTP::uri]
# Leite die Anfrage an die HTTP-Version der gleichen URL weiter
HTTP::respond 301 Location "http://$host$uri"
log "iRule_HTTP, HTTPS-Anfrage wurde auf HTTP umgeleitet: $host$uri, ClientIP: [IP::client_addr], ClientPort: [TCP::client_port]"
}
Is the iRule log entry generated before the port translation? The wrong port is in the logs.
Best regards
This is very possible and pretty easy to setup, BIG-IP supports this out-of-the-box.
You can achieve this without iRules as well, and I'd recommend that as it's faster and it saves resources. You need to configure your virtual server to perform SSL termination. This means that client-side SSL profile is applied, and that you should not use server-side SSL. Make sure "port translation" checkbox is ticked (it is by default) and configure your pool with 55000 port as you did already.
[Edit] Then, as zamroni777 mentioned, configure appropriate NAT or Routing settings so that responses flow through BIG-IP as well.