For more details, please see ourCookie Policy.

Application Delivery (ADX)

Using HTTP/single backend port for incoming HTTP and SSL traffic

by on ‎06-04-2009 01:31 AM (226 Views)


We want to use the same set of real servers and their HTTP port for incoming HTTP and SSL traffic. SSL is getting terminated at the ServerIron.

The same backend ports needs to be used twice. This is were the complication arises because you can not bind the same port twice by default.


We will use the “real-port” feature to achieve this objective.

In the configuration, we will define additional non-http ports (alias ports) under the real servers configuration, but we will force incoming SSL traffic to use real-port 80.

i.e. Bind ssl to the real server's alias port but tag it with "real-port port#" to make the binding to real port. Use this when you have multiple VIP ports that need to be binded to same app port.

Topology Diagram


Sample Code/Configuration

server port 180
tcp keepalive use-master-state

ssl profile verisign128
keypair-file verisign128key
certificate-file verisign128cert
cipher-suite all-cipher-suites
session-cache off
server real rs1
port http
port http url "HEAD /"
port 180
server virtual vip1
port default disable
port http
bind http rs1 http
port ssl
no port ssl sticky
port ssl ssl-terminate verisign128
bind ssl rs1 180 real-port 80

Tips / Caveats

Further Reading