Forum Discussion
Matt_H_58911
Nimbostratus
NimbostratusVirtual Directory
I've been banging my head on getting this working. I have a BigIP 1600 running 9.4.25. Everything is running fine on the pools when balancing against the normal root directory. I have setup a root directory and requests going to the root web server work fine. I then created a virtual directory /home/update. Any requests going to the virtual directory fail. Now I have looked at iRules but everything I see seems to be to much. I will probably have multiple virtual directories, can I have one rule that will keep the URL intact and let my web server (apache) make the decision?
Any guidance is appreciated.
- The directory structure on your backend servers is irrelevant to balancing traffic. You mentioned that you have iRules in place. Could it be that one of them is doing something with HTTP::uri values? It's hard for us to help without some more details.
-Joe 
Matt_H_58911Joe, thanks for the response. I do not have any iRules in place. I simply said from what I see from other iRules viewed they seem to complicated for what I need. May be this example will help. If I go to www.domain.com (which passes through the BigIP VIP address) everything is fine. If I go to http://www.domain.com/neededupdate/do.php I get directory not found.
Now going to each webserver in the pool http://IP-of-Webserver/neededupdate/do.php works fine.
It seems as if the going through the BigIP introduces some sort of issue. Any ideas?- Matt_H_58911Ok, After doing a bit more debugging I may have stumbled onto something. I noticed when I go to https://mydomain.com I can login, but at the bottom of the page is says Apache port 80. So it appears I am coming through port 443 and the load balancer is doing as it should and decrypting my ssl cert and sending it to port 80 on the web server. Looking at the apache config the directory alias is under a virtual directory listening on port 443. So I guess my question is how can I force the load balancer to retain the port 443. Ideally I do not want to have this page listening on port 80 as I already have another pool for that.
Thanks - There are a couple of things going on here. First of all, I'm assuming that you are having the BIG-IP to the SSL termination and then sending the decrypted traffic to your backend server. If you want to just do a straight pass through you can turn off SSL termination and pass the traffic as is. The problem with this approach is that you will not be able to look at the content to do things like content inspection with iRules. But, BIG-IP is very fast at SSL decryption (much faster than your backend servers). In most cases customers terminate SSL on the BIG-IP "instead" of the backend servers to help make better use of their server resources as well as reducing the management of SSL certificates on each web server.
If you do want to decrypt the traffic on your BIG-IP AND you want to have it encrypted on your backend server, then you can create a server SSL profile and you can have the BIG-IP re-encrypt the traffic before it's sent to your servers.
I guess my big question is: why do you need SSL on your backend servers. If you already have a pool of servers listening on port 80, then why don't you have that as the default pool on your virtual.
It would be in your best interest to configure the backend servers to port 80 in clear text and let BIG-IP to the termination of the SSL connections...
Hope this helps...
-Joe - Matt_H_58911Joe,
This helps alot. I am going to have the customer change the virtual server/directory to listen on port 80.
You da man!
