Forum Discussion
Virtual Server with two sites but same IP
Starting off I'll say this got dumped on me and apart from the past couple of days, I have never worked on this before.
Second, if I get some stuff wrong while trying to explain it, I promise it is just because I'm unfamiliar.
One of our departments at work has an internal server that's hosted to the public/employees. I'll call it city.abc.com . This has had a working reverse proxy setup by a previous employee and the way I understand it, this server is going to host another application? site? not sure what to call it but we can call it stat.abc.com
So, single internal server, the F5 has it set up to hit a DMZ address, and then that points to an external iP for all to use. I think I got that right, and the single server is going to have two sites on it: city.abc.com and stat.abc.com. My boss has created DNS entries for the new site but how on earth do I tell the big IP F5 LTM to like route browsers there? I went through as meticulous as I could and tried to build all the same stuff the previous guy did, but with the stat.abc.com . Since the external IP is the same, and the internal, and the dmz IP, I (wrongfully) assumed that I could just essentially copy and paste what he did and it woudl work.
I get what I am asking is a lot but just a point in the right direction or something would be excellent of you. Thank you so much.
Hi yxorpesrever ,
Below is the ref LTM policy which will be useful for your use case. You need to add another rule under same policy for other domain. Likewise you can add multiple rules to forward traffic to the desired pools based on matching the hosts under same LTM policy. Once policy is ready, you need to map it on the desired vServer.
(I found one video on youtube which is having same senario explained using iRule. Just in case you need some more references to acheive it. Refer this youtube video if needed.)
For the SSL certificate query - If you have *.abc.com wild card cert being used on the vServer then for the rest sites coming under *.abc.com domain should be fine with it. (city.abc.com, stat.abc.com etc). If you have sites which is having different domains or you have cert for specific FQDN only, then you need to make sure to have specific SSL certificates for the specific domain and/or FQDN to be used on the vServer else you will get cert mismatch error. In this senario, your vServer will have multiple client-ssl profiles on the vServer and one of the client-ssl profile will act as default/fallback client-ssl profile. Please refer this article for more details on it.
One query - As you are saying you have same internal/backend servers for both sites, so are they running on different ports or services?
Hi yxorpesrever
As per my understanding, you need to have two different sites/urls running on the single virtual server and you have separate pool to serve these sites. If that so, you should be able to achieve your use case using LTM policy as well as irule.
You need to set condition like,
If traffic coming for host - city.abc.com --> Forward Traffic to pool-city.abc.com &
If traffic coming for host - stat.abc.com --> Forward Traffic to pool-stat.abc.com
Sample iRule is for your ref.
when HTTP_REQUEST { switch [HTTP::host] { "city.abc.com" {pool pool-city.abc.com} "stat.abc.com" {pool pool-stat.abc.com} } }
If you have same pool for both urls/sites. You need to manage this on application side.
Hope it helps!
- yxorpesreverAltostratus
Ooooo okay that's starting to make some sense. I believe you understand it right, or at least based on my description of the issue, which could be bad LOL.
but yes, it's the same external IP, internal IP, same VS. I did create a new pool and added the same server to the members since they both reside on the same.
With the LTM policy, would you be able to expand on that a bit for me? Or is that referring to the iRule?
Thank you!
Edit: I feel like I am leaving something out. city seems to work just fine, but stat doesn't seem to go anywhere. Would that maybe be tied to an ssl cert that needs to be attached to the server? If any of my stuff comes across as dumb, I'll be honest with you that it's probably because I am. Kinda got tossed into a situation and here we are! It's all good though.
Hi yxorpesrever ,
Below is the ref LTM policy which will be useful for your use case. You need to add another rule under same policy for other domain. Likewise you can add multiple rules to forward traffic to the desired pools based on matching the hosts under same LTM policy. Once policy is ready, you need to map it on the desired vServer.
(I found one video on youtube which is having same senario explained using iRule. Just in case you need some more references to acheive it. Refer this youtube video if needed.)
For the SSL certificate query - If you have *.abc.com wild card cert being used on the vServer then for the rest sites coming under *.abc.com domain should be fine with it. (city.abc.com, stat.abc.com etc). If you have sites which is having different domains or you have cert for specific FQDN only, then you need to make sure to have specific SSL certificates for the specific domain and/or FQDN to be used on the vServer else you will get cert mismatch error. In this senario, your vServer will have multiple client-ssl profiles on the vServer and one of the client-ssl profile will act as default/fallback client-ssl profile. Please refer this article for more details on it.
One query - As you are saying you have same internal/backend servers for both sites, so are they running on different ports or services?
- yxorpesreverAltostratus
One of them was running an extra port, but they are running the same other two ports.
Thank you for all your help! I do believe that what you taught me here led me to the discovery that the people who built this internal server... didn't actually make two different sites on it. Turns out, they just made it under the main parent site. So i was trying to "route" to a website that didn't technically exist. Everythign was just city.abc.com/newsite . However I will be referencing this because I feel like they are not going to just roll with this and will reconfigure to the intended config.
I was both angry and laughing at all this.
If I may ask you one more question though, could you point me to where I would ensure certain kinds of HTTP requests are allowed? For instance a POST. That is something in particular I was told needs to be enabled/allowed. I'm marking this as solved otherwise.
Thank you again so much.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com