Forum Discussion

Wasim_Hassan_13's avatar
Wasim_Hassan_13
Icon for Nimbostratus rankNimbostratus
Jun 17, 2014

Multiple Website on one VIP

Hi,

 

I have reqirement to redirect multiple wesbites hosted on multiple web servers for Internal users and external Internet users.

 

Internally i am able to achieve this with mulitple VIP but externally it is not working.

 

All request will come on HTTPS and it will redirect to different URL with irule.

 

https://abc.com (VIP 192.168.210.218) redirct to http://abc.com/url1

 

https://xyz.com (VIP 192.168.210.217) redirct to http://xyz.com/url2

 

https://123.com (VIP 192.168.210.219) redirct to http://123.com:8080/url3

 

Now I want that for external usrs these websites should available but i want to use only one Public IP address.

 

How Can i redirect Internet users request hitting on F5 Public IP address to be redirected to Internal Websites which are hosting on different VIP.

 

Or is there best way to achieve this. i dont want to use seperate Public IP address for each VIP for external users.

 

11 Replies

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    Wasim,

    Initial thoughts. One IP would need a wildcard or SAN certificate, or even SNI if the clients support this and you've got a later version of TMOS (v11.1 or later I think?). This is to prevent certificate issues.

    You'd need a clientSSL profile to decrypt the SSL connection and then an iRule / Http class profile or local traffic policy (if TMOS 11.4 or above) to do your redirection based on host header.

    How Can i redirect Internet users request hitting on F5 Public IP address to be redirected to Internal Websites which are hosting on different VIP.

    Do you meant to redirect to a new URI, as your example shows above? Or do you mean redirect to another, seperate VIP? If a VIP then this would need to be publicly routable.

    Hope this helps, N

  • Yes I have public Routable IP address for my F5. I have created the Public DNS records as well to mapped with

     

    https://abc.mycompany.com https://123.mycompany.com https://xyz.mycompany.com

     

    in my public DNS sever.

     

    NOw I want when Internet user type https://abc.mycompany.com

     

    above url it should go to the Internal website

     

    http://abc.com/url1

     

    if somoeone type

     

    https://xyz.mycompany.com

     

    it should go to internal website

     

    http://xyz.com/url2

     

    and if someone type on the Internet

     

    https://xyz.mycompany.com

     

    it should go to http://123.com:8080/url3

     

    But I want to use only Public Routable IP address of my F5 for which I have created the DNS record in my Public DNS.

     

    Certificate i have already got with the wild card and installed and for internal users it is working fine.

     

    • Mohamed_Lrhazi's avatar
      Mohamed_Lrhazi
      Icon for Altocumulus rankAltocumulus
      I think it's not very clear what your problem is... Did you try something and it does not work? Also, what do you mean by "go", in the for example: " it should go to the Internal website http://abc.com/url1 " You are going to send an http redirect, or you plan on rewriting the request? or just routing to specific pool?
    • Wasim_Hassan_13's avatar
      Wasim_Hassan_13
      Icon for Nimbostratus rankNimbostratus
      I have configured three URL against three different VIP and these are working fine. Now I want to advertise these websites over the Internet for external users as well. I want to use only one Public IP address and want to achieve load balancing..
  • Hi Wasim,

     

    This is supported on BIGIP. As Nathan said, be careful regarding SSL certificate presented to the client.

     

    Anyway, for a technical standpoint, LTM is a reverse proxy. So, in your case, you need to create 1 Virtual Server (you public DNS will redirect users to this VS). You need to create 1 pool per internal application if each application has a different IP address (1 pool for abc, 1 pool for xyz ...).

     

    When it's done, you need to create an iRule which selects the right Pool depending the hostname [HTTP::host]. You can also change the uri if needed [HTTP::uri]

     

    In your case, if I understand well :

     

    • User connects to BIGIP to https://abc.mydomain.com (public domain and ip address)
    • With the iRule, the bigip opens a connection to the internal server --> Pool 1 https://192.168.1.100
    • With the iRule, BIGIP change URI / to /url3.

    So, the user is still connected to https://abc.mydomain.com but internally, connection is opened with http://192.168.1.100/url3.

     

    Make sense ?

     

  • Hi,

     

    I am able to do this but for this solution i have to use seperate Public IP address for each VIP which I have created for each Website.

     

    I dont have enough Public IP address to advertise all the sites. I want to avoid too many Public IP address.

     

    How I can achieve this. Internal users are working fine, redirection is working fine internally.

     

    Objective: Want to publish all websites again single Public IP address.

     

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    So my config would be:

     

    1 virtual, public address, wildcard cert, clientssl profile. 3 pools ( I presume internal VIPs point to different pools?). Finally an irule to check http host header and change uri as required. Check out http::ur command on DC.

     

    N

     

  • I understand your public IP address issue. This the reason why irule is needed. Keep in mind there is no redirection when you are on internet. We are talking about rewriting. Users will still use the same public ip address. The bigip will change the URL if needed.

     

    Follow our advices regarding the configuration.

     

    Search pool selection in Devcentral. You will understand.

     

  • i have created one VIP (192.168.210.157) and NAT to Public IP address and mapped one Pool with two servers in it.

     

    server 1 is hosting below websites

     

    http://laserfiche/Laserfiche8 and

     

    http://carehelpdesk:8080

     

    Server 2 is having

     

    http://erp2.abc.com:7001

     

    I have created the below mention irule so that whenever someone request for server 1 URL F5 should redirect to Server1

     

    when HTTP_REQUEST {

     

    set host [string tolower [HTTP::host]]

     

    if { $host eq "https://lf.abc.com"} { HTTP::redirect "http://laserfiche/Laserfiche8"

     

    } elseif { $host eq "https://care.abc.com"} { HTTP::redirect "http://carehelpdesk:8080"

     

    } elseif { $host eq "https://erp.abc.com"} { HTTP::redirect "http://erp2.abc.com:7001"

     

    } elseif { $host eq "https://humanfuel.abc.com"} { HTTP::redirect "https://www.abc/donate/test" } else { discard

     

    But i am unable to do this. I m getting hitts on irule but websites are not opening.

     

    need assistance in irule.

     

    Object:

     

    Single VIP should serve all the website. irule (either match header/regex etc and send traffic to the desire server.

     

  • Wasim, Can you be more accurate regarding the terms used.

     

    Server 1 is a internal server ? Or a Virtual Server ? I suppose server 1 and 2 are internal server.

     

    I really need a real example with the real fqdn. Because http://laserfiche/Laserfiche8 is not a public URL. So you can't redirect an internet user to this url.

     

    Redirect is a 302 HTTP code. So the user will be redirected to this URL. And unfortunately, this URL is not routed on internet.

     

    What you are requesting is not redirect but pool selection. Actually, you want to select the right server depending the hostname.

     

    You need to create 3 pools :

     

    • Pool_1 : IP address server 1 + port 80
    • Pool_2 : IP address server 1 + port 8080
    • Pool_3 : IP address server 2 + 7001

    Create an iRule like that (just an example)

     

    when HTTP_REQUEST {
    if { [HTTP::host] eq "https://care.abc.com" } {
      pool Pool_2
      }
      }

    In this case, when the user will connect to https://care.abc.com, the BIGIP will open a connection to the server 2 with port 8080.

     

    You need to adapt this irule for your use case with the URI change as well. Keep in mind that the user is on internet and the hostname will never change on his side. Your irule will select the right server and change the port and the URI if needed.

     

  • Hello mates, I need help on below scenario working on SSL (no offloading)

    / / example :- if url "https://hello.abc.com" traffic will be go to Pool :- hello.abc.com

            if url "https://hi.abc.com" traffic will go to Pool :- hi.abc.com 
    
          where VIP is same with port for https://hello.abc.com & https://hi.abc.com