cancel
Showing results for 
Search instead for 
Did you mean: 

Configuring ssl offloading on F5 load balancer

0 Kudos

Hi,

We are using Hybris 5.2.0 and F5 load balancer and trying to offload ssl at Load balancer. From Load Balancer the requests are directly landing on App servers(We don't have web servers). With other expert replies I understand that I would need to do following steps to achieve this:

1) Host a certificate on LB 2) SSL offloading at LB and traffic sent on port 80 from LB to app server. Ensure x-forwarded-proto is added by Load Balancer. 3) In server.xml configuration below configuration: Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="x-forwarded-proto" remoteIpHeader="x-forwarded-for" proxiesHeader="x-forwarded-by" />

Please confirm if we need to do any other changes/configuration to achieve this.In this case do we need to enable both the ports connector of app server(80 & 443) or only port 80 connector needs to be enabled in server.xml.

0 Kudos

Thank you Cristian for quick reply. We have already configured CA signed certificate on tomcat for ssl.Can we still keep it?

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member602476
Active Participant
0 Kudos

You only need an http connector in tomcat for the http port but you should leave the https connector enabled in tomcat for troubleshooting purposes. You may also need to whitelist the LB internal ip in the internal proxies attribute of the remote ip valve if it's an ip not included in the regex default (172.16.* addresses) are not included by default