Application Delivery (ADX)

Using HTTP/single backend port for incoming HTTP and SSL traffic

by on ‎06-04-2009 01:31 AM (197 Views)

Summary

We want to use the same set of real servers and their HTTP port for incoming HTTP and SSL traffic. SSL is getting terminated at the ServerIron.

The same backend ports needs to be used twice. This is were the complication arises because you can not bind the same port twice by default.

Specifics

We will use the “real-port” feature to achieve this objective.

In the configuration, we will define additional non-http ports (alias ports) under the real servers configuration, but we will force incoming SSL traffic to use real-port 80.


i.e. Bind ssl to the real server's alias port but tag it with "real-port port#" to make the binding to real port. Use this when you have multiple VIP ports that need to be binded to same app port.

Topology Diagram

Multibind.jpg

Sample Code/Configuration

server port 180
tcp keepalive use-master-state

ssl profile verisign128
keypair-file verisign128key
certificate-file verisign128cert
cipher-suite all-cipher-suites
session-cache off
!
server real rs1 10.1.1.101
port http
port http url "HEAD /"
port 180
!
server virtual vip1 10.1.1.250
port default disable
port http
bind http rs1 http
port ssl
no port ssl sticky
port ssl ssl-terminate verisign128
bind ssl rs1 180 real-port 80

Tips / Caveats


Further Reading