2.6. Deploy HTTPS ADC Service with Customizations

Application Services iApp

We will deploy a virtual server with the following customizations:

  • Virtual Server:
    • Disable port translation
    • Enable rate limiting with 100 connections/sec allowed
    • Add a stats profile
    • Add a gtm-score attribute
  • Monitors:
    • Use the existing default HTTP monitor
    • Create a new custom HTTP monitor
    • Create a new custom TCP monitor
  • Pool:
    • Configure a slow ramp time
    • Set the minimum members to ‘1’
    • Associate three monitors with a minimum of 1 monitor passing
  • SSL/TLS:
    • Create Client-SSL with Secure Renegotiation option set to ‘request’
    • (optional) Load Certificate, Key and Certificate Bundle from remote URL resource
  • Customized Profiles:
    • Client-side TCP: Nagle disabled
    • OneConnect: Change source-mask
    • Compression: Adjust cpu-saver attributes
    • HTTP: Response Header “Server” set to “Lab2_6”
    • HTTP: X-Forwarded-For Header inserted
    • Persistence (Default): Cookie based persistence using ‘MyCookie’
    • Persistence (Secondary): IP Source Address persistence with a custom timeout

  1. Create a new deployment with the following values:

    Field Name Value
    Name Lab2.6
    Template appsvcs_integration_v2.0.003
    Virtual Server: Address 10.1.20.16
    `Virtual Server: Port <AppSvcsiAp p_presoref.html# preso-pool-port> `__ 443
    Pool: Pool Table

    • Row 1:

      • Index: 0

      • Monitor(s):

        0,1,2;2

        Note

        Documentation of this syntax is available `here <AppSvcsiApp_presoref.html#preso-p

    ool-pools-monitor>`__

    • Adv Options:

      slow-ramp-time=345;min-up-members=1
    Pool: Members
    • Row 1:
      • Pool Idx: 0
      • IP/Node Name: 10.1.10.100
      • Port: 80
    • Row 2:
      • Pool Idx: 0
      • IP/Node Name: 10.1.10.101
      • Port: 80
    Monitor: Monitor Table

    • Row 1:

      • Index: 0
      • Name: /Common/http

    • Row 2:

      • Index: 1

      • Type: http

      • Options:

        send=GET /test HTTP/1.0;recv=OK

    • Row 3:

      • Index: 2

      • Type: tcp

      • Options:

        timeout=3600
    Virtual Server: Client-side L4 Protocol Profile create:type=tcp;nagle=disabled;defaults-from=/Com mon/tcp-wan-optimized
    Virtual Server: Server-side L4 Protocol Profile /Common/tcp-lan-optimized
    Virtual Server: HTTP Profile create:server-agent-name=Lab2_6;insert-xforwarded -for=enabled;defaults-from=/Common/http
    Virtual Server: OneConnect Profile _ create:source-mask=255.255.0.0;defaults-from=/Com mon/oneconnect
    Virtual Server: Compression Profile <AppSvcs iApp_presoref.ht ml#preso-vs-prof ilecompression> __ create:cpu-saver=enabled;cpu-saver-high=90;defaul ts-from=/Common/httpcompression
    Virtual Server: Default Persistence Profile create:type=cookie;cookie-name=MyCookie
    Virtual Server: Fallback Persistence Profile create:type=source-addr;timeout=300
    Virtual Server: Client SSL Certificate /Common/default.crt
    Virtual Server: Client SSL Key /Common/default.key
    `Virtual Server: Client SSL Certificate Chain <AppSvcsiA pp_presoref.html #preso-vs-profil eclientsslchain> `__ /Common/ca-bundle.crt
    Virtual Server: Client SSL Advanced Options secure-renegotiation=request
    Virtual Server: Advanced Options gtm-score=50;rate-limit=100
    Virtual Server: Advanced Profiles /Common/stats

  2. Review the deployed config and deployment log

2.6.1. SSL/TLS Resource Deployment via URL

We will now modify the deployment to dynamically load SSL/TLS resources from a remote server. This functionality allows users to integrate App Services Integration iApp deployments with third party PKI solutions. Additionally the variable substitution functionality described in Dynamic Loading from URL is also available.

Note

To complete this lab you must have a web server configured as detailed in the Lab Environment

Warning

Loading SSL/TLS Keys from remote URLs is dependent on proper security of the PKI infrastructure.

Warning

Re-deployment of the iApp results in the remote resources being reloaded from the remote server automatically.

  1. Click iApps -> Application Services -> Lab2.6 -> Reconfigure

  2. Modify the following values and click ‘Finished’:

    Field Name Value
    Virtual Server: Client SSL Certificate url=https://10.1.1.5/appsvcs/default.crt
    Virtual Server: Client SSL Key url=https://10.1.1.5/appsvcs/default.key
    `Virtual Server: Client SSL Certificate Chain <AppSvcsiA pp_presoref.html #preso-vs-profil eclientsslchain> `__ url=https://10.1.1.5/appsvcs/bundle.crt

  3. Review the deployed config and deployment log
    • Notice that the previously deployed resources have been replaced by ones loaded dynamically from the specified URLs

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.