Forum Discussion
NimbostratusSSL Virtual Server to Azure blob storage account
We have a requirement to use F5 as the frontend for Azure storage accounts hosting blob file containers. The SFTP Virtual servers work without issue however the https ones do not. I have tried both standard and performance layer 4 virtual servers but see connection errors when I try to connect though the F5.
When we do this with App Services we have to use custom domains and upload the certificate but storage accounts don't have that option.
Has anyone been able to get this working that can give me some pointers on what I might be doing wrong?
Thanks,
1 Reply
- Jeff_Granieri
Employee
Hi RichardHillius,
I had to check out some Azure articles on this to understand the storage account requirements. For reference these helped me Custom Domain & Setting up Custom Domain. For the F5 config your going to need the following:
1. Standard VS with client ssl profile ( domain cert/key)
2. Server ssl profile ( make sure you set the Server Name field to account_xyz.blob.core.windows.net) SNI on the serverside handshake should enable Azure to select a wildcart cert. Make sure to use TLS 1.2
3. The pool member should use a fqdn account_xyz.blob.core.windows.net
4. Use a simple irule to handle host header rewrite
when HTTP_REQUEST { HTTP::header replace Host "account_xyz.blob.core.windows.net" }5. Make sure you have a HTTP profile attached
If you need to do any troubleshooting tcpdump on the serverside and look at the ClientHello SNI going towards Azure
