Translating an F5 rule
Jeffrey 'jf' Lim
jfs.world at gmail.com
Tue Mar 19 15:11:17 UTC 2013
On Tue, Mar 19, 2013 at 10:43 PM, Peter Booth <Peter_Booth at s5a.com> wrote:
> The code does the following:
>
> 1. remove an HTTP header named "SWSSLHDR"
> 2. replaces it with SWSSLHDR: port, where the port is the local port of
> the "current context's TCP connection", presumably the port that your F5
> virtual server is listening on.
>
"when HTTP_REQUEST" is actually client-side, so the port in question
would be the port on the backend server that it proxies to. Seems kind
of strange to even pass this info along, unless somehow your backends
are all listening on different ports. Whatever the case, this is what
it actually means.
-jf
> This is presumably to separate SSL and non SSL traffic , or to allow for
> load balancing across websites that are hosted on ports 8080, 8000 or
> other nonstandard ports.
>
> One thought- are you configuring the nginx server to terminate SSL and
> then proxy to a single upstream endpoint? Is this the same topology as
> the F5 one? Is the entire site SSL or just the login portions?
>
> Peter
>
> -----Original Message-----
> From: nginx-bounces at nginx.org [mailto:nginx-bounces at nginx.org] On Behalf
> Of WBrown at e1b.org
> Sent: Tuesday, March 19, 2013 10:14 AM
> To: nginx at nginx.org
> Subject: Translating an F5 rule
>
> I am configuring Nginx to sit in front of several IIS web servers to do
> load balancing and SSL signing. THe IIS application is supplied by an
> outside vendor. I have the load balancing and SSL signing working,
> with
> one exception.
>
> The login page doesn't work. :(
>
> When the vendor hosts this application, they use F5 hardware for SSP and
>
> load balancing. They gave me thisrule that they use in the F5 that I
> need
> to translate to nginx-ese:
>
> when HTTP_REQUEST {
> HTTP::header remove SWSSLHDR
> HTTP::header insert SWSSLHDR [TCP::local_port]
> }
>
> Is anyone here familiar w/ F5 hardwaare that can help translate this?
>
>
> --
>
> William Brown
> Core Hosted Application Technical Team and Messaging Team
> Technology Services, WNYRIC, Erie 1 BOCES
> (716) 821-7285
>
>
>
>
> Confidentiality Notice:
> This electronic message and any attachments may contain confidential or
> privileged information, and is intended only for the individual or
> entity
> identified above as the addressee. If you are not the addressee (or the
> employee or agent responsible to deliver it to the addressee), or if
> this
> message has been addressed to you in error, you are hereby notified that
>
> you may not copy, forward, disclose or use any part of this message or
> any
> attachments. Please notify the sender immediately by return e-mail or
> telephone and delete this message from your system.
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
More information about the nginx
mailing list