Forum Discussion
Kai_Wilke
Aug 06, 2016MVP
Hi Michael,
its possible to mix your
http:11230
and https:443
nodes on the same Virtual Server using seperate pools but also in a single pool using the priority group activation feature.
But mixing SSL with HTTP nodes on the same Virtual Server is performancewise not that ideal, since it would require you to assign a Server_SSL_Profile and then disable Server_SSL with an iRule on every connection attempt to the default nodes (aka.
http:11230
) resp. (re)enable Server_SSL on every connection attempt to the fallback nodes (aka. https:443
). Take a look to the iRule below to see how to selectively enable/disable Server_SSL:
when SERVER_CONNECTED {
if { [PROFILE::exists serverssl] } then {
if { [TCP::remote_port] != 443 } then {
SSL::disable serverside
} else {
SSL::enable serverside
}
} else {
log -noname local0. "$log_prefix !!!! Warning !!!! The Virtual Server [URI::basename [virtual name]] has no SSL Server Profile assigned !!!! Warning !!!!"
}
}
Note: To reduce the performance overhead of the Server_SSL_Profile handling, you should consider to enable the
feature on your Virtual Server. This will allow you to reuse the serverside connections as much as possible. [ONECONNECT]
Cheers, Kai