Welcome! Log In Create A New Profile

Advanced

Re: Translating an F5 rule

March 20, 2013 03:06AM
On Mar 19, 2013, at 19:42 , WBrown@e1b.org wrote:

> Peter Booth wrote on 03/19/2013 10:43:12 AM:
>
>> The code does the following:
>>
>> 1. remove an HTTP header named "SWSSLHDR"
>> 2. replaces it with SWSSLHDR: port, where the port is the local port of
>> the "current context's TCP connection", presumably the port that your F5
>> virtual server is listening on.
>
> I had somewhat figured that out. It isn't clear from the notes I got from
> vender as to what the current context is. I'm guessing the client side,
> but I can test that.
>
>> This is presumably to separate SSL and non SSL traffic , or to allow for
>> load balancing across websites that are hosted on ports 8080, 8000 or
>> other nonstandard ports.
>>
>> One thought- are you configuring the nginx server to terminate SSL and
>> then proxy to a single upstream endpoint? Is this the same topology as
>> the F5 one? Is the entire site SSL or just the login portions?
>
> Presently, we are using an Centos box with Piranha for load balancing, but
> we wish to implement SSL. There are about 50 sites hosted with three
> upstream servers. I don't want to tie up 150 IP addresses for SSL on
> them, so I want to terminate the SSL connection at the nginx server and
> use HTTP on port 80 to connect from nginx to IIS.
>
> The F5 information is just what the IIS application vendor says they use
> in their configuration. We may be buying an F5 in the future, but I need
> SSL in the short term.
>
> Would I add to the location section something like this:
>
> more_set_input_headers -r SWSSLHDR $server_port

proxy_set_header SWSSLHDR $server_port;


--
Igor Sysoev
http://nginx.com/services.html

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Translating an F5 rule

w.b March 19, 2013 10:16AM

RE: Translating an F5 rule

Peter Booth March 19, 2013 10:44AM

Re: Translating an F5 rule

Jeffrey 'jf' Lim March 19, 2013 11:12AM

RE: Translating an F5 rule

w.b March 19, 2013 11:44AM

Re: Translating an F5 rule

Igor Sysoev March 20, 2013 03:06AM

Re: Translating an F5 rule

Jeffrey 'jf' Lim March 20, 2013 04:18AM

Re: Translating an F5 rule

w.b March 21, 2013 08:20AM

Re: Translating an F5 rule

peter March 19, 2013 12:56PM

Re: Translating an F5 rule

w.b March 19, 2013 02:06PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 142
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready