Jump to content
Welcome to our new Citrix community!

Help with Virtual Server on Non-Standard SSL Port


Chris Keander

Recommended Posts

Good day.

 

I'm hoping someone can help a NetScaler VPX noob configure a Load Balanced Virtual Server so that it redirects correctly to a web server running on a non-standard SSL port on the back-end correctly.

 

I'm running NetScaler VPX Release NS11.2: Build 55.13.nc.

I have a web site (Dell EMC Unisphere) that's running on a Windows 2016 server under port 3033.  Firewall rules in place to allow incoming traffic.

 

I've created the server in the NetScaler as well as the LBVSS using the Protocol "SSL_TCP" on Port 3033.  Everything is green indicating the connections are healthy.

I've created the LBVS, also using SSL_TCP on Port 3033, and bound the LBVSS to it, as well as a valid wildcard certificate.

 

After saving changes, everything is green.  No signs of errors.

When I try to access the site using the DNS record I created that points to the VIP, the site does not load.  I can only get the site to load if I specify the port at the end of the URL.

(ie:  https://unisphere.my.domain:3033)
If I just do https://unisphere.my.domain, it doesn't work.

 

I can't seem to make a responder or rewrite rule that would fix this either.   Any suggestions?

 

 

Link to comment
Share on other sites

If your vserver is listening on 3033, then you need to add :3033 to the URL.

 

You could create your vserver with port 443, then no port needed in the URL. However, if your web server is sending responses with URLs that have :3033 in them, then you'll need to rewrite the responses, but you can't do that with SSL_TCP protocol. You'll instead have to change both vserver and service group to SSL protocol. Then you can bind Rewrite policies.

Link to comment
Share on other sites

When you access https://unisphere.my.domain

Then the request coming to Netscaler are on port 443. Since you don't have any LB Vserver listening on port 443 hence it's failing.

 

When you access https://unisphere.my.domain:3033

Then the request are coming to Netscaler on port 3033 and since you have a a LB on port 3033 that's why its working.

 

To make it work , you need to create the LB with SSL_TCP protocol on port 443 and bind backend servers to this LB with SSL_TCP on port 3033.

 

This way when you access https://unisphere.my.domain  then the request will come to netscaler on port 443 will be listened by the LB and then Netscaler will send it to backend on port 3033 .

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...