Forum Discussion

ciscoarc's avatar
ciscoarc
Icon for Nimbostratus rankNimbostratus
Jan 10, 2017

Creating a Virtual Server with same IP and port

Hi guys, we would like to have a single IP:port public facing Virtual Server for external users to access, i.e:

 

10.10.10.10:443 => external users only access this. DNS name: 10.10.10.10 = abc.com

 

And then on the backend, we are redirecting this to different services:

 

  • kkk.abc.com
  • lll.abc.com
  • mmm.abc.com

How do we set this up in F5? Also what about the certificate, since certificate ties to an SSL client profile, which at the end ties to a virtual server, so the Virtual Server would need to have multiple certificates (kkk, lll and mmm certs)? This becomes cumbersome if we need to add another service later on down the track..

 

1 Reply

  • Hi!

    If you want to use SSL and have multiple domains pointing to the same VIP while separating requests in the backend based on host header you could do any of the following for SSL:

    • Use a wildcard certificate
    • Use a multi domain certificate
    • Use SNI (more here)

    Then you'd have to create an irule

    when HTTP_REQUEST {
        set host [HTTP::host]
    
        switch $host {
            "kkk.abc.com" { pool kkk.abc.com_pool }
            "lll.abc.com" { pool lll.abc.com_pool }
            "mmm.abc.com" { pool mmm.abc.com_pool }
            default { pool yourdefault pool }
        }
    }
    

    This one would separate requests based on host header with a default to a pool of your choosing.

    /Patrik