Forum Discussion
Sharepoint on port 80 and port 443
Hi all, I am still very new to F5 and have been struggling a lot lately, I am just bumbling my way through at the moment.
I have a requirement to Load Balance traffic to our sharepoint site. I have an F5 HA pair, and 2 SharePoint Front End Servers behind the F5s. The sharepoint servers have a site for Port 80 and a site for Port 443.
I have built a Virtual Server on the F5 using the iApp template for port 80 and tested it and I can reach the site on Port 80.
Here is where I am struggling...
I now need to load balance port 443 traffic to the site. I have built a virtual server using the iApp again but this time using port 443. I don't really want to offload SSL I would rather pass it through to the servers, unless you think I have to? I have used the same VIP for the Virtual Server as both http and https use the same DNS address intranet.domain.com. When I try to access the site on https the browser just sort of hangs and says waiting for site.
I have tried to create a new pool with nodes that use https, and assign that to the Virtual Server but I had no joy. I am running out of idea and would very much appreciate some help please as I am a little lost now. I am probably doing something really stupid.
If I'm reading your config correctly, you have an HTTP profile applied to your 443 virtual server but no SSL profiles to terminate the SSL. If you remove the HTTP profile, it should make this work.
- Schrier_58326Nimbostratus
Used SSL Bridging for the SSL site. Make 2 publicion with the iAPP, good luck !
- Cory_50405Noctilucent
Can you post your virtual server and pool configurations here? From CLI (tmsh):
list ltm virtual 'virtualname' list ltm pool 'poolname'
- dean132_137579Nimbostratus
Pool Member is here
ltm pool Site-AppName-Server-Pool { members { ServerName:http { address 10.224.0.7 monitor http session monitor-enabled state up } ServerName:https { address 10.224.0.7 monitor https_443 session monitor-enabled state up } } }
- Cory_50405NoctilucentLooks like your pool includes both the HTTP member and the HTTPS member. This should not be the case. Your virtual server for port 80 should use a pool with only the 80 member, and the same goes for your port 443 virtual server using only the 443 member. You mention above that you tried this configuration and it did not work? Exactly what wasn't working?
- dean132_137579NimbostratusThanks Cory, so I basically need a Server Pool for Port 80 and a Server Pool for Port 443.
- Cory_50405NoctilucentCorrect.
- dean132_137579Nimbostratus
Actually when I run the command from the CLI for the virtual server I cannot see either the port 80 or Port 443 server is that because they were made with the iApp?
- mikeshimkus_111Historic F5 AccountYou may need to change to the iApp folder in the CLI to see the configuration: (tmos) cd my_sharepoint_2010.app/
- dean132_137579Nimbostratus
Thanks for the replies guys, Mike see below for the 2 Virtual Servers. Cory I am creating the 443 Pool now.
- dean132_137579Nimbostratus
ltm virtual SITE-AppName-VS_http_virtual { app-service /Common/SITE-AppName-VS.app/EMEA-OneVoice-VS destination /Common/VirtualIP:http ip-protocol tcp mask 255.255.255.255 persist { SITE-AppName-VS_cookie_persistence_profile { default yes } } pool /Common/SITE-AppName-Server-Pool profiles { /Common/ntlm { } SITE-AppName-VS_caching_profile { } SITE-AppName-VS_http_profile { } SITE-AppName-VS_lan-optimized_tcp_profile { context serverside } SITE-AppName-VS_oneconnect { } SITE-AppName-VS_wan-optimized-compression_profile { } SITE-AppName-VS_wan-optimized_tcp_profile { context clientside } } source 0.0.0.0/0 vlans-disabled
}
- dean132_137579Nimbostratus
ltm virtual SITE-AppName-443-VS_http_virtual { app-service /Common/SITE-AppName-443-VS.app/SITE-AppName-443-VS destination /Common/VirtualIP:https ip-protocol tcp mask 255.255.255.255 persist { SITE-AppName-443-VS_cookie_persistence_profile { default yes } } pool /Common/SITE-AppName-Server-Pool profiles { SITE-AppName-443-VS_caching_profile { } SITE-AppName-443-VS_http_profile { } SITE-AppName-443-VS_lan-optimized_tcp_profile { context serverside } SITE-AppName-443-VS_oneconnect { } SITE-AppName-443-VS_wan-optimized-compression_profile { } SITE-AppName-443-VS_wan-optimized_tcp_profile { context clientside } } source 0.0.0.0/0 vlans-disabled
}
- dean132_137579Nimbostratus
Hi
I created the pool first this time, and then ran through the iApp setup again. This time the iApp setup worked, but when I try to access the site on https the browser just sits there trying to connect, here is the Virtual Server config:
ltm virtual SITE-AppName-443-VS-2_http_virtual { app-service /Common/SITE-AppName-443-VS-2.app/SITE-AppName-443-VS-2 destination /Common/VirtualIP:https ip-protocol tcp mask 255.255.255.255 persist { SITE-AppName-443-VS-2_cookie_persistence_profile { default yes } } pool /Common/SITE-AppName-443-Pool profiles { SITE-AppName-443-VS-2_caching_profile { } SITE-AppName-443-VS-2_http_profile { } SITE-AppName-443-VS-2_lan-optimized_tcp_profile { context serverside } SITE-AppName-443-VS-2_oneconnect { } SITE-AppName-443-VS-2_wan-optimized-compression_profile { } SITE-AppName-443-VS-2_wan-optimized_tcp_profile { context clientside } } source 0.0.0.0/0 vlans-disabled
}
- Cory_50405Noctilucent
If I'm reading your config correctly, you have an HTTP profile applied to your 443 virtual server but no SSL profiles to terminate the SSL. If you remove the HTTP profile, it should make this work.
- dean132_137579Nimbostratus
That's excellent Cory thanks very much. The profile was assigned automatically when I created the iApp.
- Cory_50405NoctilucentAwesome, glad to hear it's working.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com