Setting up Hackazon Virtual Server

We will now setup an SSL Offload Virtual Server using the Cipher Group previously configured.

  1. Go to the F5 Admin page and select Local Traffic -> Profiles -> SSL -> Client

  2. Click on Create

  3. For the SSL profile name Enter hackazon-clientssl.prf

  4. Select Advanced configuration.

  5. Select the checkbox to modify Ciphers and select Cipher Group and in the dropdown select hackazon-ciphergroup that you created.

    ../../_images/image203a.png

  6. Leave other options as default and click on Finished

  7. Go to Local Traffic -> Pools

  8. Click on Create

  9. In the Pool Name field enter hackazon.p

  10. Select the HTTP health monitor and move it to Active

  11. Put in the following two IP addresses into the list of pool members both on port 80: 18.205.1.169, and 34.239.240.82

    ../../_images/image204.png

  12. Click on Finished

  13. Go to the AWS console, Select Services and then EC2. Select Instances Filter for your student# and select the checkbox for the one labeled BIG-IP:Student#-CFT.

  14. In the description for the instance there is a list of Elastic IPs. Click on the last one in the list. It will also not have a * at the end of the IP address.

  15. In the definition of the Elastic IP there will be a Private IP address. This IP will become your Virtual Server Destination address. The Elastic IP will be the IP for accessing the application.

    ../../_images/image202.png

    This screenshot illustrates one example. The presented IP addresses will not be the ones you see

  16. Go to F5 Admin page and then Local Traffic -> Virtual Servers

  17. Click on Create

  18. Enter a Virtual Server Name of hackazon_vs

  19. In the Destination Address field enter Private IP address that you determined earlier as part of the Elastic IP information.

  20. For Service Port enter 443

  21. For HTTP Profile select HTTP from the dropdown menu.

  22. In the SSL Profile (client) field move hackazon_clientssl.prf from Available into Selected

  23. In the Source Adress Translation select Automap

  24. In the Resources section under Default Pool select hackazon.p from the dropdown list.

    ../../_images/image205.png

  25. Click on Finished

  26. Now take the Elastic IP you found earlier in the AWS Console, open a web browser and go to https://<Elastic IP>. You will get a certificate error because we are not using a domain specific SSL Certificate. Once ignoring the certificate error you should start seeing the hackazon web page.