Thanks, Richard, I'll try that then, though it makes things much less 'elegant' than they could be (and I don't see why from technical perspective the F5 must see the payload to redirect, its just the 1 possible way how it was designed, not the best to my opinion).
So I need to enable offloading and then add encryption from F5 to the server for each IP pool. Will try that. I see it is also possible to use http class to redirect to pools but I have a feeling it still will have the same requirements.
But for the pure HTTP it should work right away, right? I think I had troubles with that too (hard to test as F5 keep connections even after disabling Virtual server and pool). I need to redirect from http to https too and so need either construct redirection to pools for http (and redirect to https on the nodes) or construct iRULE to redirect http to https on F5. In latter case though it might be a little more difficult to write a single iRULE for both redirection and Im not sure how it would work if I use two different rules (one for http to https and the other to appropriate pool). It seems it would be much easier after all to just add a Virtual Server for each site and not waste time trying to be fancy. Im just stubborn.