Jump to content
Welcome to our new Citrix community!

Need some help - Moving from NGINX reverse proxy to NetScaler

Recommended Posts

Looking for some assistance if anyone is willing to help, I think I have met with my limit of knowledge and seem to be going down the rabbit hole of ideas online.


The Situation:
Our Engineering houses their binary artifacts within Artifactory running on an OnPrem Linux system. These are downloaded from both software and hardware that reach out to the system for software updates. The current config is running through a NGINX reverse proxy fronting Artifactory because there are some legacy calls to previous systems that need their URL transformed. There are NGINX rewrite rules taking care of those currently.

New Scenario:

Engineering has moved the Artifactory service to their cloud hosted solution, however we still need to proxy the requests to handle those legacy calls to previous systems that need their URL transformed. We would like to use our NetScaler to front end the requests so we can shut down the Linux system running NGINX.  I was able to create a vServer with several responder policies that I thought covered all the scenarios needed for URL transformation. 

The new scenario I thought was working as expected.  However, I was informed now they have 2 legacy hardware products out in the field that use curl to download their software updates and they are configured to not allow proxies to be processed and since they are out in the field there is no way to easily change that.  These work currently in the original config above via NGINX as it is doing a full reverse proxy and the URL never changes.  In my config on the NetScaler the responder policy(s) transform the URL and send the request on to the destination cloud URL creating a new connection there, which curl cannot handle in those 2 situations. 


Current Responder Policy Example:

add responder action software_releases_redirect_ACT redirect "\"https://cloud.jfrog.io/artifactory/api/download/Releases/" + http.REQ.URL.PATH_and_query.AFTER_STR("/Releases/")" -responseStatusCode 302

add responder policy software_releases_redirect_POL "http.REQ.HEADER("host").SET_TEXT_MODE(ignorecase).EQ("softwareupdates.example.com") && http.REQ.URL.PATH.GET(1).SET_TEXT_MODE(ignorecase).eq("Releases")" software_releases_redirect_ACT


Working Responder Examples:

https://softwareupdates.example.com/SoftwareUpdates/releases/softwareA/production/softwareA_v2.enc.exe forwards to https://cloud.jfrog.io/artifactory/api/download/releases/softwareA/production/softwareA_v2.enc.exe


https://softwareupdates.example.com/SoftwareUpdates/Releases/softwareB/opt/Tool_v4.exe forwards to https://cloud.jfrog.io/artifactory/api/download/releases/softwareB/opt/Tool_v4.exe

Where I am now:

The 2 older hardware systems that need to use curl and do not support redirection to a completely new host.  I am open to a completely new take on this, just not sure where to start or what technology to use within the NetScaler.  What I need to do is to mask the URL change and provide the download to these systems without the host name changing even though it is coming from the cloud based resource.

Requested URL: https://softwareupdates.example.com/SoftwareUpdates/releases/softwareC/production/softwareC_v2.enc.swu.gz
Provided URL: https://softwareupdates.example.com/api/download/releases/softwareA/production/softwareA_v2.enc.swu.gz


where softwareupdates.example.com is on the NetScaler but the URL destination is being served from the cloud provider but masking the host name if that makes any sense.

Any help appreciated and I can provide additional info if needed.  

Link to comment
Share on other sites

So If I understand it right, based on what you said it seems Rewrite feature is what you're looking for.

Rewrites can edit a request without forcing the client to make a new request (like Responders does)

In your specific case I would look at the URL Transformation feature that is a special kind of Rewrite.


This should point you into the right direction:

add transform profile trans_prof_legacy-softwareupdate
add transform action trans_act_legacy-softwareupdate trans_prof_legacy-softwareupdate 10
set transform action trans_act_legacy-softwareupdate -priority 10 -reqUrlFrom "https://softwareupdates.example.com/SoftwareUpdates/releases/softwareC/production/softwareC_v2.enc.swu.gz" -reqUrlInto "https://softwareupdates.example.com/api/download/releases/softwareA/production/softwareA_v2.enc.swu.gz" -resUrlFrom "https://softwareupdates.example.com/api/download/releases/softwareA/production/softwareA_v2.enc.swu.gz" -resUrlInto "https://softwareupdates.example.com/SoftwareUpdates/releases/softwareC/production/softwareC_v2.enc.swu.gz"
add transform policy trans_pol_legacy-softwareupdate true trans_prof_legacy-softwareupdate
bind lb vserver <LBVSERVER> -policyName trans_pol_legacy-softwareupdate -priority 100 -gotoPriorityExpression END -type REQUEST
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...