Application Delivery (ADX)

Reply
Occasional Contributor
Posts: 5
Registered: ‎08-14-2009

Configuring ServerIron HTTPS server

Hi,

I have the following:

server real web1 a1.b1.c1.d1
port http
port http healthck web1
port http keepalive
port http url "HEAD / HTTP/1.1\r\nHost:www.url1.com"
port http status-code  200 399
port 81
port 81 keepalive
port 81 url "HEAD / HTTP/1.1\r\nHost:www.url2.com"
port 81 status-code  200 399
!
server real web2 a2.b2.c2.d2
port http
port http healthck web2
port http keepalive
port http url "HEAD / HTTP/1.1\r\nHost:www.url1.com"
port http status-code  200 399
port 81
port 81 keepalive
port 81 url "HEAD / HTTP/1.1\r\nHost:www.url2.com"
port 81 status-code  200 399


server virtual www.url1.com v1.v1.v1.v1
sym-priority 50
sym-active
port http
no port http translate
port http use-alias-port-state
bind http web1 81 web2 81
!
server virtual www.url2.com v2.v2.v2.v2
sym-priority 100
sym-active
port http
bind http web1 http web2 http

I want to add to both web1 and web2 an addition site https://www.url3.com

Will the below be right?

Edit both real server by adding the following:

port ssl
port ssl keepalive
port ssl url "HEAD / HTTP/1.1\r\nHost:www.url3.com"
port ssl status code 200 399

and create a new virtual server:

server virtual www.url3.com v3.v3.v3.v3
sym-priority 100
sym-active
port ssl
bind ssl web1 ssl web2 ssl

How can I create health check for both real servers?

thanks

rob.

Occasional Contributor
Posts: 5
Registered: ‎08-14-2009

Re: Configuring ServerIron HTTPS server

for the healthcheck, we might do the following

healthck web1-SSL tcp
dest-ip a1.b1.c1.d1
port ssl
protocol ssl
protocol ssl url "HEAD / HTTP/1.0\r\nHost:www.url1.net"
protocol ssl status-code 200-399
interval 25
l7-check

healthck web2-SSL tcp
dest-ip a2.b2.c2.d2
port ssl
protocol ssl
protocol ssl url "HEAD / HTTP/1.0\r\nHost:www.url2.net"
protocol ssl status-code 200-399
interval 25
l7-check

And/or:

no server use-simple-ssl-health-check

please let me know what you think.

Many thanks in advance.

rob

Super Contributor
Posts: 316
Registered: ‎05-01-2009

Re: Configuring ServerIron HTTPS server

I would go for this one:

no server use-simple-ssl-health-check

server port ssl

  tcp keepalive 25 1

server real rsABCD a.b.c.d

  port ssl

  port ssl url "HEAD / HTTP/1.0\r\nHost:www.url2.net"

The healthck method require the definition of a new healthck for every server. Another option is a port-policy - have a look at:

Nevertheless it is still the first one I would go for.

Super Contributor
Posts: 316
Registered: ‎05-01-2009

Re: Configuring ServerIron HTTPS server

Any update? Is it working? Any problems with the configuration the community might help with?

Occasional Contributor
Posts: 5
Registered: ‎08-14-2009

Re: Configuring ServerIron HTTPS server

Thanks alot for the help.

I just implemented this in production couple of days ago and it is working fine.

I will have to implement the health check for monitoring purposes on top o:

no server use-simple-ssl-health-check

server port ssl

  tcp keepalive 25 1

server real rsABCD a.b.c.d

  port ssl

  port ssl url "HEAD / HTTP/1.0\r\nHost:www.url2.net"

Using this method, I cannot get any output in the show log or my syslog server.

Can you please let me know if the below is correct?I implemented it OK withHTTP, but I am still not confident for the SSL:

healthck web1-SSL tcp
dest-ip a1.b1.c1.d1
port ssl
protocol ssl
protocol ssl url "HEAD / HTTP/1.0\r\nHost:www.url1.net"
protocol ssl status-code 200-399
interval 25
l7-check

Thanks,

Super Contributor
Posts: 316
Registered: ‎05-01-2009

Re: Configuring ServerIron HTTPS server

Both configurations are wrong right now :-). Every HTTP request needs to end with a double CRLF and this should look like:

port ssl url "HEAD / HTTP/1.0\r\nHost:www.url2.net\r\n\r\n"

That is the only problem I am seeing right now and I missed that the first time.On top of that you need to extend the return codes talking about the first solution:

no server use-simple-ssl-health-check

server port ssl

  tcp keepalive 25 1

server real rsABCD a.b.c.d

  port ssl

  port ssl url "HEAD / HTTP/1.0\r\nHost:www.url2.net\r\n\r\n"

  port ssl status-code 200-399

I do have problem to understand the rest of your problem to be honest. Do you see the real servers being active using the configuration with "no server use-simple-ssl-health-check"???

If so: it is working - check the log of the web servers to see that there is a request every 25 second coming from the ServerIron. What do you expect to see in the syslog locally or at the syslog server? The ServerIron is going to put a single message into the log at the time the real server is getting delared as up.

Occasional Contributor
Posts: 5
Registered: ‎08-14-2009

Re: Configuring ServerIron HTTPS server

Thanks again for the support,

Let me understand a thing before proceeding:

Regardless if the website is https://www.url2.net or http://www.url2.net

the following configuration in the real server shoudl take care of the healthcehck

server port 443

session-sync

tcp keepalive 25 2

server real rsABCD a.b.c.d

port ssl

port ssl keepalive

port ssl url "HEAD / HTTP/1.0\r\nHost:www.url2.net\r\n\r\n"

  port ssl status-code 200-399

or

server port 80

session-sync

tcp keepalive 25 2

server real rsABCD a.b.c.d

port http

port http keepalive

port http url "HEAD / HTTP/1.0\r\nHost:www.url2.net\r\n\r\n"

  port http status-code 200-399

and whenever a status code > 400 an error should be logged in the syslog or I can see it in the sh log command?

In my current setup,

both real servers are ACTIVE; the virtual server is running ok; but I had doubt regarding the healthcheck.

If the above is checking the health of the site, then I think I have resolved my problems.

Super Contributor
Posts: 316
Registered: ‎05-01-2009

Re: Configuring ServerIron HTTPS server

Correct - as long as you have the following globally enbaled:

no server use-simple-ssl-health-check

I personally do use "server no-fast-bringup" as well in nearly all configurations. Have a look at the docs to get the explanation for this. I guess I have covered it here as well:

Occasional Contributor
Posts: 5
Registered: ‎08-14-2009

Re: Configuring ServerIron HTTPS server

thanks a lot for the help.

So far everything seems to be working great. If I face any problems with this config, I will reply to this post.

Again thanks a lot for the help.

Robert

Super Contributor
Posts: 316
Registered: ‎05-01-2009

Re: Configuring ServerIron HTTPS server

You should think about raising a ticket with Brocade TAC in case of problems - this community is not the best place to troubleshoot things. Nevertheless you are always welcome.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.