Forum Discussion
NimbostratusVirtual server with two different web servers
I have a virtual server that needs to have two different web servers behind it, so that I can present it via the internet. The reasoning for this is server1, redirects to server2 two for authentication, then after authenticating it redirects back to server1, where it stays for all other functions.
I tried using this irule below, but it does not seem to be working. It is forwarded to the other site, but using the internal name of the site, so it times out as it is not available under that name on the internet.
when HTTP_REQUEST { switch [string tolower [HTTP::host]] { "server1.domain.com" { pool server1_test_pool } "server2.domain.com" { pool server2_test2_pool } } }
15 Replies
Keith_Fox_15580This is the log that I got to the log local, I changed the server names, but it should give you a general idea... really frustrated with this site, and trying to get it to work. Thanks for all the help!
Jan 16 15:20:40 bigip info tmm[15713]: Rule /Common/Log_rule : Request URL: publicname.domain.com Jan 16 15:20:40 bigip info tmm[15713]: Rule /Common/Log_rule : Response: Status=302 | Location=http://SERVER2.domain.com:80/sso/SSOServlet?_action=LOGINASSERT&_ssoOrigUrl=http%3A%2F%2SERVER1.domain.com%3A9080%2Fefs&_TKM=TODO-UI&_serviceName=LBIDSP&_ssoTenant=DEFAULT&_ssoAuthUrl=http%3A%2F%2SERVER1.domain.com%3A9080%2Fsso%2FSSOServlet&_ssovaltoken=yGoOGEPj3EBZvpFzWYSVSWj0EIQ%3D
Michael_JenkinsCirrostratus
Ok. And you said that server1.domain.com and server2.domain.com aren't internet acessible, but your users are accessing this through internet, so they need publicname.domain.com? In this case, there's a couple things you might do. You could follow the ideas in this article (https://devcentral.f5.com/s/articles/rewriting-redirects) for the iRule redirect rewriting and replace server2.domain.com and server1.domain.com with publicname.domain.com and then change the iRule to check for starting with "/sso" and route to the auth pool. Then you still have only one path. The other way would be to have a second dns name like auth.domain.com and do basically the same thing as the other, but in the request, check for auth.domain.com host instead of the uri to decide which pool to send it to. Hope this makes sense.
What_Lies_Bene1Just FYI, I'm pretty sure a stream profile won't rewrite a HTTP header, only the body.
- Keith_Fox_15580
I tried using the below irule, and it still doesn't seem to be re-writing it. I would prefer to have only one outside public domain, but at this point I'll do two if needed. Naturally I am under a time table to have this site operational by next Friday, so no pressure.
when HTTP_RESPONSE { if { [HTTP::is_redirect] }{ HTTP::header replace Location [string map {"A.internal.com" "X.external.com"} [HTTP::header Location]] } }
- Michael_Jenkins
You can try this and see what the logs turn up... Maybe that will help figure something out... Are you familiar with tcpdump too?
when HTTP_REQUEST { log local0. "URL: [HTTP::host][HTTP::uri]" } when HTTP_RESPONSE { log local0. " Response code: [HTTP::status]" if { [HTTP::is_redirect] }{ log local0. " Original: [HTTP::header value Location]" HTTP::header replace Location [string map {"A.internal.com" "X.external.com"} [HTTP::header Location]] log local0. " Updated: [HTTP::header value Location]" } }
