Forum Discussion

dean132_137579's avatar
dean132_137579
Icon for Nimbostratus rankNimbostratus
Jan 30, 2014

Sharepoint on port 80 and port 443

Hi all, I am still very new to F5 and have been struggling a lot lately, I am just bumbling my way through at the moment.

 

I have a requirement to Load Balance traffic to our sharepoint site. I have an F5 HA pair, and 2 SharePoint Front End Servers behind the F5s. The sharepoint servers have a site for Port 80 and a site for Port 443.

 

I have built a Virtual Server on the F5 using the iApp template for port 80 and tested it and I can reach the site on Port 80.

 

Here is where I am struggling...

 

I now need to load balance port 443 traffic to the site. I have built a virtual server using the iApp again but this time using port 443. I don't really want to offload SSL I would rather pass it through to the servers, unless you think I have to? I have used the same VIP for the Virtual Server as both http and https use the same DNS address intranet.domain.com. When I try to access the site on https the browser just sort of hangs and says waiting for site.

 

I have tried to create a new pool with nodes that use https, and assign that to the Virtual Server but I had no joy. I am running out of idea and would very much appreciate some help please as I am a little lost now. I am probably doing something really stupid.

 

  • If I'm reading your config correctly, you have an HTTP profile applied to your 443 virtual server but no SSL profiles to terminate the SSL. If you remove the HTTP profile, it should make this work.

     

  • Used SSL Bridging for the SSL site. Make 2 publicion with the iAPP, good luck !

     

  • Can you post your virtual server and pool configurations here? From CLI (tmsh):

     

    list ltm virtual 'virtualname' list ltm pool 'poolname'

     

  • Pool Member is here

     

    ltm pool Site-AppName-Server-Pool { members { ServerName:http { address 10.224.0.7 monitor http session monitor-enabled state up } ServerName:https { address 10.224.0.7 monitor https_443 session monitor-enabled state up } } }

     

    • Cory_50405's avatar
      Cory_50405
      Icon for Noctilucent rankNoctilucent
      Looks like your pool includes both the HTTP member and the HTTPS member. This should not be the case. Your virtual server for port 80 should use a pool with only the 80 member, and the same goes for your port 443 virtual server using only the 443 member. You mention above that you tried this configuration and it did not work? Exactly what wasn't working?
    • dean132_137579's avatar
      dean132_137579
      Icon for Nimbostratus rankNimbostratus
      Thanks Cory, so I basically need a Server Pool for Port 80 and a Server Pool for Port 443.
  • Actually when I run the command from the CLI for the virtual server I cannot see either the port 80 or Port 443 server is that because they were made with the iApp?

     

    • mikeshimkus_111's avatar
      mikeshimkus_111
      Historic F5 Account
      You may need to change to the iApp folder in the CLI to see the configuration: (tmos) cd my_sharepoint_2010.app/
  • Thanks for the replies guys, Mike see below for the 2 Virtual Servers. Cory I am creating the 443 Pool now.

     

  • ltm virtual SITE-AppName-VS_http_virtual {
    app-service /Common/SITE-AppName-VS.app/EMEA-OneVoice-VS
    destination /Common/VirtualIP:http
    ip-protocol tcp
    mask 255.255.255.255
    persist {
        SITE-AppName-VS_cookie_persistence_profile {
            default yes
        }
    }
    pool /Common/SITE-AppName-Server-Pool
    profiles {
        /Common/ntlm { }
        SITE-AppName-VS_caching_profile { }
        SITE-AppName-VS_http_profile { }
        SITE-AppName-VS_lan-optimized_tcp_profile {
            context serverside
        }
        SITE-AppName-VS_oneconnect { }
        SITE-AppName-VS_wan-optimized-compression_profile { }
        SITE-AppName-VS_wan-optimized_tcp_profile {
            context clientside
        }
    }
    source 0.0.0.0/0
    vlans-disabled
    

    }

  • ltm virtual SITE-AppName-443-VS_http_virtual {
    app-service /Common/SITE-AppName-443-VS.app/SITE-AppName-443-VS
    destination /Common/VirtualIP:https
    ip-protocol tcp
    mask 255.255.255.255
    persist {
        SITE-AppName-443-VS_cookie_persistence_profile {
            default yes
        }
    }
    pool /Common/SITE-AppName-Server-Pool
    profiles {
        SITE-AppName-443-VS_caching_profile { }
        SITE-AppName-443-VS_http_profile { }
        SITE-AppName-443-VS_lan-optimized_tcp_profile {
            context serverside
        }
        SITE-AppName-443-VS_oneconnect { }
        SITE-AppName-443-VS_wan-optimized-compression_profile { }
        SITE-AppName-443-VS_wan-optimized_tcp_profile {
            context clientside
        }
    }
    source 0.0.0.0/0
    vlans-disabled
    

    }

  • Hi

    I created the pool first this time, and then ran through the iApp setup again. This time the iApp setup worked, but when I try to access the site on https the browser just sits there trying to connect, here is the Virtual Server config:

    ltm virtual SITE-AppName-443-VS-2_http_virtual {
    app-service /Common/SITE-AppName-443-VS-2.app/SITE-AppName-443-VS-2
    destination /Common/VirtualIP:https
    ip-protocol tcp
    mask 255.255.255.255
    persist {
        SITE-AppName-443-VS-2_cookie_persistence_profile {
            default yes
        }
    }
    pool /Common/SITE-AppName-443-Pool
    profiles {
        SITE-AppName-443-VS-2_caching_profile { }
        SITE-AppName-443-VS-2_http_profile { }
        SITE-AppName-443-VS-2_lan-optimized_tcp_profile {
            context serverside
        }
        SITE-AppName-443-VS-2_oneconnect { }
        SITE-AppName-443-VS-2_wan-optimized-compression_profile { }
        SITE-AppName-443-VS-2_wan-optimized_tcp_profile {
            context clientside
        }
    }
    source 0.0.0.0/0
    vlans-disabled
    

    }

  • If I'm reading your config correctly, you have an HTTP profile applied to your 443 virtual server but no SSL profiles to terminate the SSL. If you remove the HTTP profile, it should make this work.

     

  • That's excellent Cory thanks very much. The profile was assigned automatically when I created the iApp.