Jump to content
Welcome to our new Citrix community!

503 error after migrating from nginx to netscaler


Recommended Posts

Hi people,

 

We are in the process of replacing an nginx haproxy to netscaler but we are facing problems with one web application that uses SSL on the front-end and on the back-end. The web application runs on a container in Open shift. When routing the traffic through the NS the app returns a HTTP 503 error. When comparing network traces between nginx and NS traffic we see no differences in the SSL handshake nor in the HTTP headers. Layers 3 and 4 also shows no problems at all.

When looking at the nginx config, we found a parameter that is currently enabled but when disabled it produces the same http 503 error; The parameter is "proxy_ssl_server_name" and is set to "on". Then theres another one "proxy_ssl_name" set to the hostname of the web application.

 

Does anybody know what would be the equivalent configuration in netscaler?

 

Link to comment
Share on other sites

  • 2 weeks later...
On 1/3/2024 at 5:21 PM, Felipe Ruiz1709162764 said:

Hi people,

 

We are in the process of replacing an nginx haproxy to netscaler but we are facing problems with one web application that uses SSL on the front-end and on the back-end. The web application runs on a container in Open shift. When routing the traffic through the NS the app returns a HTTP 503 error. When comparing network traces between nginx and NS traffic we see no differences in the SSL handshake nor in the HTTP headers. Layers 3 and 4 also shows no problems at all.

When looking at the nginx config, we found a parameter that is currently enabled but when disabled it produces the same http 503 error; The parameter is "proxy_ssl_server_name" and is set to "on". Then theres another one "proxy_ssl_name" set to the hostname of the web application.

 

Does anybody know what would be the equivalent configuration in netscaler?

 

It's just a guess. Probably, the server header in the HTTP request is wrong? 503 is service unavailable, and this could be in case the server name from outside is different from the server name configured on the webserver.

In case, you could create 2 rewriting policies, one to delete the server header, and one to set it to the correct value.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...