Virtual Directory

The directory structure on your backend servers is irrelevant to balancing traffic. You mentioned that you have iRules in place. Could it be that one of them is doing something with HTTP::uri values? It's hard for us to help without some more details.

 

 

-Joe

Joe, thanks for the response. I do not have any iRules in place. I simply said from what I see from other iRules viewed they seem to complicated for what I need. May be this example will help. If I go to www.domain.com (which passes through the BigIP VIP address) everything is fine. If I go to http://www.domain.com/neededupdate/do.php I get directory not found.

 

 

Now going to each webserver in the pool http://IP-of-Webserver/neededupdate/do.php works fine.

 

 

It seems as if the going through the BigIP introduces some sort of issue. Any ideas?

Ok, After doing a bit more debugging I may have stumbled onto something. I noticed when I go to https://mydomain.com I can login, but at the bottom of the page is says Apache port 80. So it appears I am coming through port 443 and the load balancer is doing as it should and decrypting my ssl cert and sending it to port 80 on the web server. Looking at the apache config the directory alias is under a virtual directory listening on port 443. So I guess my question is how can I force the load balancer to retain the port 443. Ideally I do not want to have this page listening on port 80 as I already have another pool for that.

 

 

Thanks

There are a couple of things going on here. First of all, I'm assuming that you are having the BIG-IP to the SSL termination and then sending the decrypted traffic to your backend server. If you want to just do a straight pass through you can turn off SSL termination and pass the traffic as is. The problem with this approach is that you will not be able to look at the content to do things like content inspection with iRules. But, BIG-IP is very fast at SSL decryption (much faster than your backend servers). In most cases customers terminate SSL on the BIG-IP "instead" of the backend servers to help make better use of their server resources as well as reducing the management of SSL certificates on each web server.

 

 

If you do want to decrypt the traffic on your BIG-IP AND you want to have it encrypted on your backend server, then you can create a server SSL profile and you can have the BIG-IP re-encrypt the traffic before it's sent to your servers.

 

 

I guess my big question is: why do you need SSL on your backend servers. If you already have a pool of servers listening on port 80, then why don't you have that as the default pool on your virtual.

 

 

It would be in your best interest to configure the backend servers to port 80 in clear text and let BIG-IP to the termination of the SSL connections...

 

 

Hope this helps...

 

 

-Joe

Joe,

 

 

This helps alot. I am going to have the customer change the virtual server/directory to listen on port 80.

 

 

You da man!