01-24-2017 07:32 PM - edited 01-24-2017 07:35 PM
I have the load balancer set up to redirect my virtual server from HTTP to HTTPS. The HTTPS virtual server is set to enable SSL Decryption. Both the HTTP and HTTPS virtual server are using the same pool.
When I have just the redirect disabled and use port 80 my application works. When I enable the redirect and go through the port 443 virtual server. My Application gets called, but it looks like Jetty is trying to start up SSL. Though the SSL decrypt is enabled and internal protocol is set to HTTP.
I expected the internal application would not know the difference at this point. Shouldn't it?
My application is not logging anything and I believe it is not starting up. Though Jetty is returning a 401 error when getting data from the https virtual server.
And relatively new at this.
01-25-2017 08:45 AM
We are working on your question. Also, I will move your original question to the right forum to make sure we are not duplicating the question to the Community.
01-25-2017 09:51 AM
Awesome, I created a second message on the Virtual router forum. Thinking I was helping.
There may be some well known cookbook recipe I am unaware needs applied, or something.
01-26-2017 10:23 AM
Found out the Crypto packages are not loading for SSL, but to decrypt a header line we insert from the calling application to validate the caller. How in traffic script can I redirect HTTP->HTTPS, but make sure this header is propagated to the HTTPS port ? Header appears to be using the Authorization header with our own custom realm and payload.
01-26-2017 04:01 PM
Surprise, found the Application is using OAuth between servers to authenticate the source of the call. Client computes the signature with "https" as the protocol. The client attempts to verify the signature constructing the signature with "http." Not match there, 401.
I expect this is beyong Brocade, but I am listening if there are any ideas.
01-27-2017 04:16 AM
Hello, I wanted to check to see if you had seen the other articles on HTTPS redirection. One uses the simple RuleBuilder to set up redirection, the other shows how you might have more flexibility using TrafficScript. Make sure you have your redirection set up as "Request" rules - rather than as "Response" rules.
If you need more support on the exact configuration, then your local SE or support contact may be able to take a closer look - however, note that you should really upgrade to at least 10.4, which is supported under the LTS (Long Term Support) program.