We want to use the same set of real servers and their HTTP port for incoming HTTP and SSL traffic. SSL is getting terminated at the ServerIron.
The same backend ports needs to be used twice. This is were the complication arises because you can not bind the same port twice by default.
We will use the “real-port” feature to achieve this objective.
In the configuration, we will define additional non-http ports (alias ports) under the real servers configuration, but we will force incoming SSL traffic to use real-port 80.
i.e. Bind ssl to the real server's alias port but tag it with "real-port port#" to make the binding to real port. Use this when you have multiple VIP ports that need to be binded to same app port.
server port 180
tcp keepalive use-master-state
ssl profile verisign128
server real rs1 10.1.1.101
port http url "HEAD /"
server virtual vip1 10.1.1.250
port default disable
bind http rs1 http
no port ssl sticky
port ssl ssl-terminate verisign128
bind ssl rs1 180 real-port 80