07-26-2007 06:24 PM
Hi Guys,
One of our clients wants to setup an SSL connection on a non-standard SSL port i.e. 4444 to begin with. Here the sever handles the SSL encryption / deccryption) instead of the SSL module.
I've found the following config to work well:
serverfarm FARM-MOBS-4444
nat server
no nat client
predictor leastconns
failaction purge
real 130.194.12.81 4444
inservice
real 130.194.12.84 4444
inservice
probe MOBS-4444
!
sticky 108 netmask 255.255.255.255 timeout 60
!
vserver VMOBS-PROD-4444
virtual 130.194.11.51 tcp https
serverfarm FARM-MOBS-4444
sticky 60 group 108
persistent rebalance
inservice
!
With the above setup the CSM redirects the SSL connections (recieved on 443) to port 4444 on the sever and maintains this for the duration of the session.
While the above setup works, is it possible to configure the VIP to use a HTTPS port other than 443 (which is default)? This would then allow for separate HTTPS paths to be setup on non-standard ports. I ask this since the client also wants to setup a HTTPS path on port 4443 as well.
Any ideas would be useful.
thanks
Sheldon
07-26-2007 11:25 PM
Hi Sheldon,
you can use 'non standard' port for SSL termination. it works without problem.
regards,
martin
07-26-2007 11:43 PM
Hi Martin,
Do you mean using the SSL module to perform the encryption / decryption? If so i've tried this and it does work without an issue.
I was just wondering if it were possible to have a VIP setup where the HTTPS port is not 443 but say 4443, where the encryption / decryption is done by the real servers themselves.
thanks
Sheldon
07-26-2007 11:52 PM
Hi Sheldon,
I though use non standard port (4443), where encryption/decryption is done on the real servers. CSM only 'forwards' traffic to the real server (using nat/pat, because vip and rserver ports are different - vip:4443/443, rserver:4444)
(btw: you can use non standard port with SSL termination on the SSL module too)
martin
07-27-2007 12:24 AM
Hi Martin,
I confused myself - yup it all works fine on the CSM now!
thanks
Sheldon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: