Using the CSM to setup a HTTPS session on non-standard ports?

Unanswered Question
Jul 26th, 2007

Hi Guys,

One of our clients wants to setup an SSL connection on a non-standard SSL port i.e. 4444 to begin with. Here the sever handles the SSL encryption / deccryption) instead of the SSL module.

I've found the following config to work well:

serverfarm FARM-MOBS-4444

nat server

no nat client

predictor leastconns

failaction purge

real 130.194.12.81 4444

inservice

real 130.194.12.84 4444

inservice

probe MOBS-4444

!

sticky 108 netmask 255.255.255.255 timeout 60

!

vserver VMOBS-PROD-4444

virtual 130.194.11.51 tcp https

serverfarm FARM-MOBS-4444

sticky 60 group 108

persistent rebalance

inservice

!

With the above setup the CSM redirects the SSL connections (recieved on 443) to port 4444 on the sever and maintains this for the duration of the session.

While the above setup works, is it possible to configure the VIP to use a HTTPS port other than 443 (which is default)? This would then allow for separate HTTPS paths to be setup on non-standard ports. I ask this since the client also wants to setup a HTTPS path on port 4443 as well.

Any ideas would be useful.

thanks

Sheldon

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Martin Kyrc Thu, 07/26/2007 - 23:25

Hi Sheldon,

you can use 'non standard' port for SSL termination. it works without problem.

regards,

martin

sgonsalv Thu, 07/26/2007 - 23:43

Hi Martin,

Do you mean using the SSL module to perform the encryption / decryption? If so i've tried this and it does work without an issue.

I was just wondering if it were possible to have a VIP setup where the HTTPS port is not 443 but say 4443, where the encryption / decryption is done by the real servers themselves.

thanks

Sheldon

Martin Kyrc Thu, 07/26/2007 - 23:52

Hi Sheldon,

I though use non standard port (4443), where encryption/decryption is done on the real servers. CSM only 'forwards' traffic to the real server (using nat/pat, because vip and rserver ports are different - vip:4443/443, rserver:4444)

(btw: you can use non standard port with SSL termination on the SSL module too)

martin

sgonsalv Fri, 07/27/2007 - 00:24

Hi Martin,

I confused myself - yup it all works fine on the CSM now!

thanks

Sheldon

Actions

This Discussion