Forum Discussion

CWaldon_204196's avatar
CWaldon_204196
Icon for Nimbostratus rankNimbostratus
Feb 08, 2016

Using F5 instead of nginx for reverse proxy

Hello All,

 

We're doing an implementation of a product and the vendor has a deployment guide for using nginx however I've been asked to convert the nginx configuration to the F5 instead.

 

I'm not entirely familiar with nginx so I want to make sure that I understand how to do this properly based on the configuration they've given.

 

I've taken parts of the configuration guide they've provided and attached them below as well as my interpretation of the instructions as to how the F5 will handle it.

 

For example, a request to <>/Portal/Guest/Login.htm is sent to the backend as a request for http://<>/Guest/Login.htm. The header "Host: Portal" is added to the backend request replacing the original “Host: www.<>" header.

 

I believe that much of this behaviour is accomplished by default on the F5. For example converting from https to http can be done with ssl offloading and a client-ssl profile. The forwarding to the internal web server name is simply the way the f5 forwards traffic to the appropriate pool I think?

 

The part that I'm not sure how best to implement is the removing of /Portal/ from the URI and replacing the host header with Portal (there are also about 10 other applications that I will need to do this for.

 

My initial thought is to use a Policy to match the host header and uri path and rewrite them?

 

For example :

 

Will this work? Or do I need to add more info to remove /Portal/ from the path in the actions section?

 

application delivery
BIG-IP
local traffic policies
LTM
reverse proxy
  • CWaldon's avatar
    CWaldon
    Icon for Nimbostratus rankNimbostratus
    Feb 08, 2016
    Or, would it be easier to write an iRule that removes part of the URI (the /portal/ part) and put that into the host header instead?
  • PeteWhite's avatar
    PeteWhite
    Icon for Employee rankEmployee
    Feb 09, 2016

    Exactly as you say, LTM policies are the way to do this in a scalable way. As you can see, you can specify the header, the request/response and the action so you can create complex policies easily.

     

  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Feb 09, 2016

    Give this simple rule a try to reaplce your Host headers and path.

    when HTTP_REQUEST {
    HTTP::host [getfield  [HTTP::path] "/" 1]
    HTTP::path [URI::path [HTTP::path] 2]
}