Multiple reverse proxy with multiple ssl profile
I have this user case:
1 IP to nat 80, 443 to outside internet
2 domain:
- dom1.com with dom1.com-ssl cert profile (wildcard) and app1.dom1.com, app2.dom1.com
- dom2.com with dom2.com-ssl cert profile (wildcard) and app1.dom2.com, app2.dom2.com
1 F5 VPN server with domain vpn.dom1.com use ssl cert profile same as dom1.com (created by f5 wizard)
================================================
I want to implement as this:
From the internet when user need access vpn they goto https://vpn.dom1.com and it use dom1.com-ssl cert profile
access https://app1.dom1.com, https://app2.dom1.com use dom1.com-ssl cert profile
access https://app1.dom2.com, https://app2.dom2.com use dom2.com-ssl cert profile
================================================
To archive this purpose i did this:
Create VS1 80 redirect all incomming traffic to HTTPS
on VS1 443 i config no ssl profile and add iRule:
****************************
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::host]] {
"*.dom1.com" {virtual dom1.com-VS}
"*.dom2.com" {virtual dom2.com-VS}
"vpn.dom1.com" {virtual vpn-F5-VS}
}
}
****************************
with the hope this VS1 act as reverse proxy, forward traffic that host contain "dom1.com" to dom1.com-VS (VS2), "dom2.com" to dom3.com-VS (VS3), and "vpn.dom1.com" to virtual server created by F5 wizard.
on VS2 and VS3 i add ssl profile + config to act as reverse proxy to redirect traffic to appropriate pool or virtual server. If i connect directly to VS2, VS3 or VPN VS everything work fine.
But if i connect through VS1 NOTHING WORK, the browser said "Secure Connection Failed An error occurred during a connection to app1.dom1.comm. PR_CONNECT_RESET_ERROR" or "can't reach this page The connection was reset."
I tried to add ssl profile to VS1 but still not working.
I check /var/log/ltm it say nothing
Anyone have an ideal? Thank you