Forum Discussion
KMA_50449
Nimbostratus
Jul 16, 2008Reverse proxy SSL with LTM : https with bigip, then http
Hi,
We have LTM with ssl accelerator card, so time to use them !
What I try to do seems easy :
Request :
Client -> https -> Bigip with sslclient profile -> http -> webserver
Answser :
webserver -> http ->Bigip with sslclient profile -> https -> client
I want that my LTM handle all the ssl requests, decode them and sent in clear text http requests to the web server.
To do that I've upload my own certificate and key and create a sslclient profile with these cert/key.
Then I've created a pool with IP of my web server and port 80 (for http, don't want my web server encrypt or decrypt anything).
Last I've created the Virtual Server, listening on port 443 with my sslclient profile as SSL Profile (Client) option, Protocol Profile (client) is TCP.
No SSL profile server needed, and all other option of the VS are to none of not checked.
I choose my previous pool in the resources tab with source_addr for persistence profile.
Then I try to access to my website trough the VS ip, I have to certificate send by the Bigip and then ... nothing : "The network link was interrupted while negotiating a connection. Please try again." in my firefox browser
I try to tcpdump request, and none of them arrived to my web server from the bigip when I try to load the page, while the http health monitor works fine...
I've read many docs, all the forum, wiki ... and do not find where I failed
Sur I miss something, if someone could help me ?
17 Replies
Sort By
- JRahm
Admin
Most apps have a checkbox to handle ssl offloaders, but if yours doesn't, you can use the stream profile to change http:// links to https:// links in the responses. If you do this, you'll need to change your http profile to rechunk responses. - hoolio
Cirrostratus
If you add an HTTP profile with rewrite redirects enabled, LTM will rewrite the 30x redirects from http to https. - JRahm
Admin
hmmm, second post I've seen today where the emoticons are broken... - hoolio
Cirrostratus
Citizen_elah's suggestion would work to rewrite the HTTP payload's reference(s) from http to https. The http profile rewrite redirect option would apply to the Location header in responses. - hoolio
Cirrostratus
I think it's when you edit a post with an emoticon that the code for it isn't re-rendered as an emoticon. Or at least that's one issue. - Jo_Anglin_5148Historic F5 AccountKMA,
- hoolio
Cirrostratus
Hi Jo,
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects