Felipe Ruiz1709162764 Posted January 3 Share Posted January 3 Hi people, We are in the process of replacing an nginx haproxy to netscaler but we are facing problems with one web application that uses SSL on the front-end and on the back-end. The web application runs on a container in Open shift. When routing the traffic through the NS the app returns a HTTP 503 error. When comparing network traces between nginx and NS traffic we see no differences in the SSL handshake nor in the HTTP headers. Layers 3 and 4 also shows no problems at all. When looking at the nginx config, we found a parameter that is currently enabled but when disabled it produces the same http 503 error; The parameter is "proxy_ssl_server_name" and is set to "on". Then theres another one "proxy_ssl_name" set to the hostname of the web application. Does anybody know what would be the equivalent configuration in netscaler? Link to comment Share on other sites More sharing options...
Johannes Norz Posted January 11 Share Posted January 11 On 1/3/2024 at 5:21 PM, Felipe Ruiz1709162764 said: Hi people, We are in the process of replacing an nginx haproxy to netscaler but we are facing problems with one web application that uses SSL on the front-end and on the back-end. The web application runs on a container in Open shift. When routing the traffic through the NS the app returns a HTTP 503 error. When comparing network traces between nginx and NS traffic we see no differences in the SSL handshake nor in the HTTP headers. Layers 3 and 4 also shows no problems at all. When looking at the nginx config, we found a parameter that is currently enabled but when disabled it produces the same http 503 error; The parameter is "proxy_ssl_server_name" and is set to "on". Then theres another one "proxy_ssl_name" set to the hostname of the web application. Does anybody know what would be the equivalent configuration in netscaler? It's just a guess. Probably, the server header in the HTTP request is wrong? 503 is service unavailable, and this could be in case the server name from outside is different from the server name configured on the webserver. In case, you could create 2 rewriting policies, one to delete the server header, and one to set it to the correct value. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now