url-transformation URL Transformation from URL to IP based Path

[nlffel439]

Hi folks,

I have a problem with the following scenario on a CS vServer:
 

Input: “any.url.host/Path1/Path2”
The backend is also called via websocket Protocol (wss://) 

Call in the backend 

“192.168.123.5:8080/Path2”


I have tried it so far via a URL Transform URL Policy with two actions
I don't want to rule out that I have tried too much and have now lost the overview. But maybe someone else has an idea why the call still doesn't work. 


Action 1 - Prio 30 
Converts the respons from the server back into the required URL in the browser: 

Action 2 - Prio 60
Convers the request from the Browser into the required Path on the Backend:
 

 

[Rick Davis]

-reqUrlFrom "http(s?)://any.url.host/Path1/(.*)" -reqUrlInto "http$1://192.168.123.5/$2"

-resUrlFrom "http(s?)://192.168.123.5/(.*)" -resUrlInto "http$1://any.url.host/Path1/($2)"

you will also need a responder to redirect from any.url.host/ to any.url.host/Path1/ since the application doesn't know about /Path1/

[Jeff Riechers]

Does the client NEED to connect directly to backend via IP?  Because this will change the URL and Hostname so that the client connects directly.

Instead you would setup a non-addressable LB and have the content switch keep the HOSTNAME, but just change the URL portion after the hostname.  Then it would drop that to the LB that then goes to the backend server on how it is defined in the LB service.

Edited April 30 by Jeff Riechers

[nlffel439]

First of all, thanks for the answers :) 

@Rick Davis:
Unfortunately the suggestion did not help. 

Websocket is activatet in the HTTP Profile for this CS vServer 

@Jeff Riechers:
It is the case that the call runs via a non-addressed vServer which is attached to a CS vServer as CS Policy. 
The service with the backend IP and the port is attached to the non-addressed vServer. 

Edited April 30 by nlffel439

[Rick Davis]

CTX235401 states content switching support websockets.  

Your wss failing may be related to SSL certificate warnings.   Please verify that HTTP and HTTPS are both working correctly, first.  You can also try ws:// for a clear text websocket test to rule out PKI related problems.   After that, try secure (wss) websocket connection.      

Bind your HTTP profile (with websockets enabled) to the nonaddressable vserver too.  

[nlffel439]

I think I can rule out a problem with the WebSocket configuration, I have checked it again and another service on the same CS vServer is also running without problems with WSS. 

There must be something wrong with the URL rewrite policy. 

[Rick Davis]

Will this working example get you on track?

 

Client: 192.168.200.1
Server: 192.168.200.2:8080 (ws: /Path2)
cs_VIP: 192.168.200.231:80

In this content switching example, requests for /Path1/.. are sent to a designated non-addressable vserver called ws_vserver. 

 

The client connects to the Content Switching VIP on port 80

 

URL Translation removes /Path1 from the URI and NetScaler forwards the request to the server on port 8080

 

The Server sees the established websocket connection and test echo messages are working.

 

# Add the URL-Transform
add transform profile ws_URL-T
add transform action ws_url_transform ws_URL-T 1
set transform action ws_url_transform -priority 1 -reqUrlFrom "/Path1/(.*)" -reqUrlInto "/$1"
add transform policy ws_url-t TRUE ws_URL-T

# Setup the non-addressable vserver (and transform the URL)
add service ws_service 192.168.200.2 HTTP 8080 
add lb vserver ws_vserver HTTP 0.0.0.0 0 -persistenceType NONE -httpProfileName nshttp_ws_profile
bind lb vserver ws_vserver ws_service
bind lb vserver ws_vserver -policyName ws_url-t -priority 100 -gotoPriorityExpression END -type REQUEST

# Setup the Content Switch (and look for /Path1/..)
add ns httpProfile nshttp_ws_profile -webSocket ENABLED
add cs vserver ws_cs HTTP 192.168.200.231 80 -httpProfileName nshttp_ws_profile -persistenceType NONE
add cs action ws_path1 -targetLBVserver ws_vserver
add cs policy ws_path1_path2 -rule q{HTTP.REQ.URL.PATH.GET(1).SET_TEXT_MODE(IGNORECASE).EQ("Path1")} -action ws_path1
bind cs vserver ws_cs -policyName ws_path1_path2 -priority 100

 

URL-T is meant to handle several transform actions.  The one I used here is the minimum for the websocket connection.  Adding the one I listed previously might be needed to address any links the server is issuing.  It also might need to be tweaked further for your specific needs.  

[nlffel439]

WOW 

Thank you Rick for this detailed test.

The problem was solved with the help of your configuration example. 
Many thanks for the support 

[nlffel439]

I think I also got really lost in the tests I had done over the last few days.