09-02-2010 11:57 AM
We are trying to set up a mobile application. The main website is reached via https://longname.com. The mobil application is https://longname.com/mobile
We want to set it up so that a user that is using a mobile device types in http://mobilename.com and it hits the load balancer and is redirected to https://longname.com/mobile.
Do we need to acquire another certificate to cover the mobilename.com address? Or will a redirect occur to get us to the standard address with a /mobile on it?
Just confusing whether we need a redirect, or a rewrite, and where/how to do that.
09-02-2010 09:43 PM
Hi Ed,
You don't need a new certificate for http://mobilename.com because this is not the real site, if at any point you need to make this site secure as well and assuming that mobilename.com and longname.com resolve to the same public IP address then you can ask for a SAN SSL certificate to include this second domain.
Here is a config example, this is assuming both domains resolve to the same VIP address.
rserver redirect Redirect
webhost-redirection https://longname.com/mobile 301
inservice
serverfarm redirect Redirect
rserver Redirect
inservice
class-map type http loadbalance match-any Mobile
2 match http url /mobile.*
class-map type http loadbalance match-any Redirect
2 match http header Host header-value "mobilename.com"
policy-map type loadbalance first-match domainX
class Mobile
serverfarm Mobile-SF
class Redirect
serverfarm Redirect
class class-default
serverfarm Longname
- If user comes with mobilename.com as the request then will match the Redirect class and will be sent to the new URL https://longname.com/mobile
- Once redirected the user will now come with URI /mobile which would match the Mobile class load balancing the request to the SF for the mobile users.
- If none of the conditions is met for example a user from a local PC then class default will be used.
Hope this helps =)
__ __
Pablo
09-09-2010 11:18 AM
Thanks for the reply Pablo. I somewhat follow it, but under the policy map you define class Mobile with serverfarm Mobile-SF, but you don't specify a server farm by that name above. You only specify a serverfarm named Redirect. They just added to the list of redirects for mobile too.
If say domain is https://longname.com like in our example, then we want the following to be redirected to https://longname.com/mobile. That is done using that 301 you showed, correct?
So we would want these:
To become, this https://longname.com/mobile.
To add the additional, would that change:
class-map type http loadbalance match-any Redirect
2 match http header Host header-value "mobilename.com"
To:
class-map type http loadbalance match-any Redirect
2 match http header Host header-value "mobilename.com"
3 match http header Host header-value "m.longname.com
4 match http header Host header-value "mobile.longname.com"
Also to better understand, I am assuming that the following means that any url with /mobile is class Mobile?
class-map type http loadbalance match-any Mobile
2 match http url /mobile.*
09-10-2010 08:48 AM
Hi Ed,
a. Mobile-SF is the real serverfarm with your physical servers, I've seen many people use different SF for mobile users and regular (browser) users but if that's not your case then you can use the same SF that you use for all the users.
b. Yup you're right assuming that all those domains are mapped to the same Public address then you can add them under the same class-map as the match any will apply a conditional "OR" and find the right one.
c.That's right the Mobile class map means that anything that comes with mobile as the URI right after the domain will be sent to the Mobile-SF, for example
https://longname.com/mobile/applications.htm >> MATCH
https://longname.com/mobile/appstore.html >>> MATCH
https://longname.com/user/mobile/login.htm >>> Doesn't match (uses class-default)
Let me know if you have any other question.
__ __
Pablo
09-13-2010 12:03 PM
No quite working. If I go to the mobile address it does bring up the page, but doesn't change the header to https://longname/mobile/
It acts as if we are at the right address and just adds the login page info.
I would share the actual config, but not in a public forum.
09-13-2010 12:45 PM
Ed,
You can share the config in a PM or just post a sanitized copy on the forum.
BTW If you go to https://longname.com from a work station does it work?
Cheers!
__ __
Pablo
09-13-2010 01:01 PM
If I go to http://longname, it gets redirected to https://longname/cp/login.
If I go to https://longname, it hangs.
If I go to http://mobilename, it gets redirected to http://mobilename/cp/login.
If I go to https://mobilename, if gets redirected to http://mobilename/cp/login
I will clean up the file tomorrow morning and post it.
09-14-2010 06:10 AM
This is what I have under VC_HTTPD. Would be nice if they had a write net for the contexts.
logging enable
logging console 7
logging timestamp
logging trap 7
logging history 7
logging buffered 7
logging monitor 7
logging facility 21
logging host 10.190.13.249 udp/514
access-list ACL-NAT-B line 10 extended permit ip host 10.190.11.4 any
access-list ACL-NAT-B line 11 extended permit ip host 10.190.11.5 any
access-list ACL_NAT line 10 extended permit ip host 10.190.11.2 any
access-list ACL_NAT line 11 extended permit ip host 10.190.11.3 any
access-list ACL_PERMIT_HTTTP remark Access List to permit connections to HTTPD Environment
access-list ACL_PERMIT_HTTTP line 1 extended permit tcp any any
access-list ACL_PERMIT_HTTTP line 2 extended permit ip any any
parameter-map type connection Connection_Parameters
set tcp timeout embryonic 10
set tcp timeout half-closed 3601
parameter-map type ssl PARAMMAP_SSL
cipher RSA_WITH_RC4_128_MD5
cipher RSA_WITH_RC4_128_SHA
cipher RSA_WITH_DES_CBC_SHA
cipher RSA_WITH_3DES_EDE_CBC_SHA
cipher RSA_WITH_AES_128_CBC_SHA
cipher RSA_WITH_AES_256_CBC_SHA
cipher RSA_EXPORT_WITH_RC4_40_MD5
cipher RSA_EXPORT1024_WITH_RC4_56_MD5
cipher RSA_EXPORT_WITH_DES40_CBC_SHA
cipher RSA_EXPORT1024_WITH_DES_CBC_SHA
cipher RSA_EXPORT1024_WITH_RC4_56_SHA
authentication-failure ignore
rserver host HTTPD1
ip address 10.190.11.2
inservice
rserver host HTTPD1-B
ip address 10.190.11.4
inservice
rserver host HTTPD2
ip address 10.190.11.3
inservice
rserver host HTTPD2-B
ip address 10.190.11.5
inservice
rserver redirect REDIRECT-CUSTPORT-HTTPS
webhost-redirection https://custport.mycompany.com
inservice
rserver redirect REDIRECT-HTTPS
webhost-redirection https://%h%p
inservice
rserver redirect REDIRECT-TESTCASE-HTTPS
webhost-redirection https://%h%p 302
inservice
rserver redirect REDIRECT-TOPLEVELDOMAIN-HTTPS
webhost-redirection https://www.alernatename.com
inservice
rserver redirect Redirect-M
description Redirecting mobile connections
webhost-redirection https://custport.mycompany.com/mobile 301
inservice
action-list type modify http HTTP_MODIFY_ACTLIST
ssl url rewrite location "custport.mycompany.com"
action-list type modify http supplierriskmanager-rewrite
ssl url rewrite location "www.alternatename.com"
action-list type modify http testcase-rewrite
ssl url rewrite location "secondinstance.mycompany.com"
serverfarm host SF-HTTPD-B
rserver HTTPD1-B 80
inservice
rserver HTTPD2-B 80
inservice
serverfarm host SF-HTTPD
rserver HTTPD1 80
inservice
rserver HTTPD2 80
inservice
serverfarm redirect farm-custport-https
rserver REDIRECT-CUSTPORT-HTTPS
inservice
serverfarm redirect farm-custport-mobile
description Server farm for mobile redirect
rserver Redirect-M
inservice
serverfarm redirect farm-https
rserver REDIRECT-HTTPS
inservice
serverfarm redirect farm-testcase-https
rserver REDIRECT-TESTCASE-HTTPS
inservice
serverfarm redirect farm-toplevel-https
rserver REDIRECT-TOPLEVELDOMAIN-HTTPS
inservice
ssl-proxy service PSERVICE_SERVER
key ACEKEY.PM
cert ACENEWCERT.PM
ssl advanced-options PARAMMAP_SSL
ssl-proxy service PSERVICE_SERVER_B
key testcase.key
cert testcase.crt
ssl advanced-options PARAMMAP_SSL
ssl-proxy service PSERVICE_SLRM
key SLRM_KEY
cert SLRM_CERT
ssl advanced-options PARAMMAP_SSL
sticky http-cookie JSESSIONID jboss-cookie
timeout 240
replicate sticky
serverfarm SF_HTTPD
sticky http-cookie JSESSIONID-B jboss-cookie-b
timeout 240
replicate sticky
serverfarm SF-HTTPD-B
class-map type http loadbalance match-any L7_Mobile
description Matching on Mobile
2 match http url /mobile.*
class-map type http loadbalance match-any L7_Mobile_Redirect
description Mobile Redirect
2 match http header Host header-value "mymobile.com"
class-map type http loadbalance match-all L7_TESTCASE
2 match http header Host header-value "secondinstance.mycompany.com"
class-map type http loadbalance match-all L7_TOPLEVELDOMAIN
2 match http header Host header-value "alternatename.com"
class-map type http loadbalance match-all L7_ZIPLOCK
2 match http header Host header-value "ziplock.mycompany.com"
class-map type management match-any Management
201 match protocol snmp any
202 match protocol icmp any
203 match protocol https any
204 match protocol http any
205 match protocol ssh any
class-map match-any NAT_CLASS
2 match access-list ACL_NAT
3 match access-list ACL-NAT-B
class-map match-all VIP-HTTPD-B
2 match virtual-address 10.190.11.72 tcp eq https
class-map match-all VIP-SIP-B
2 match virtual-address 10.190.11.72 tcp eq www
class-map match-all VIP_HTTPD
3 match virtual-address 10.190.11.70 tcp eq https
class-map match-all VIP_SP
2 match virtual-address 10.190.11.70 tcp eq www
policy-map type management first-match Management
class Management
permit
policy-map type loadbalance first-match Mobile
description Policy map for mobile connections
class L7_Mobile
serverfarm farm-custport-https
class L7_Mobile_Redirect
serverfarm farm-custport-mobile
class class-default
serverfarm farm-custport-https
policy-map type loadbalance http first-match POLICY-REDIRECT
match test http url /*
serverfarm farm-https
class class-default
serverfarm farm-https
policy-map type loadbalance first-match TESTCASE-l7slb
class L7_TESTCASE
serverfarm farm-testcase-https
policy-map type loadbalance first-match VIP-HTTPD-B-l7slb
class class-default
sticky-serverfarm jboss-cookie-b
policy-map type loadbalance first-match VIP-SIP-B-l7slb
class class-default
serverfarm farm-testcase-https
policy-map type loadbalance first-match VIP_HTTPD-l7slb
class class-default
sticky-serverfarm jboss-cookie
action HTTP_MODIFY_ACTLIST
policy-map type loadbalance first-match VIP_SP-l7slb
match test http url /
serverfarm farm-https
class L7_ZIPLOCK
serverfarm farm-custport-https
class class-default
compress default-method gzip
sticky-serverfarm jboss-cookie
policy-map type loadbalance http first-match ZIPLOCK-l7slb
class L7_ZIPLOCK
serverfarm farm-https
policy-map multi-match NAT_POLICY
class NAT_CLASS
nat dynamic 3 vlan 10
policy-map multi-match int10
class VIP_HTTPD
loadbalance vip inservice
loadbalance policy VIP_HTTPD-l7slb
loadbalance vip icmp-reply active
nat dynamic 1 vlan 35
ssl-proxy server PSERVICE_SERVER
connection advanced-options Connection_Parameters
class VIP_SP
loadbalance vip inservice
loadbalance policy VIP_SP-l7slb
loadbalance vip icmp-reply active
nat dynamic 1 vlan 35
class VIP-HTTPD-B
loadbalance vip inservice
loadbalance policy VIP-HTTPD-B-l7slb
loadbalance vip icmp-reply active
nat dynamic 1 vlan 35
ssl-proxy server PSERVICE_SERVER_B
connection advanced-options Connection_Parameters
class VIP-SIP-B
loadbalance vip inservice
loadbalance policy VIP-SIP-B-l7slb
loadbalance vip icmp-reply active
nat dynamic 1 vlan 35
connection advanced-options Connection_Parameters
interface vlan 10
description Server Side Vlan
ip address 10.190.11.57 255.255.255.192
alias 10.190.11.61 255.255.255.192
peer ip address 10.190.11.58 255.255.255.192
access-group input ACL_PERMIT_HTTTP
nat-pool 3 10.190.11.59 10.190.11.59 netmask 255.255.255.255 pat
service-policy input Management
service-policy input NAT_POLICY
no shutdown
interface vlan 35
description Client Side Vlan
ip address 10.190.11.68 255.255.255.192
peer ip address 10.190.11.67 255.255.255.192
access-group input ACL_PERMIT_HTTTP
nat-pool 1 10.190.11.69 10.190.11.69 netmask 255.255.255.255 pat
service-policy input int10
no shutdown
interface vlan 99
description Management Connectivity on Vlan 99
ip address 10.190.13.198 255.255.255.192
peer ip address 10.190.13.197 255.255.255.192
access-group input ACL_PERMIT_HTTTP
service-policy input Management
no shutdown
ip route 0.0.0.0 0.0.0.0 10.190.11.65
snmp-server contact "My Name "
snmp-server location "My Place"
snmp-server community CPpublic group Network-Monitor
snmp-server trap-source vlan 10
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: