This is an old revision of the document!

How To Set Up LiteSpeed ADC To Proxy Traffic

In this guide we will set up 3 scenarios

1) SSL offloading, which means ADC to end-user connection will be available as both HTTP and HTTPS , but ADC will connect to backend server with HTTP (should only apply if both server are in private network to reduce server load, not recommended if both servers are connected via public network)

2) Keep SSL connection between ADC and backend, and ADC to end-user connection will be available as both HTTP and HTTPS.

3) HTTP to HTTP and HTTPS to HTTPS receptively.

backend server IP is .114

ADC server IP is .211

Login to ADC webadmin console via https://YOUR_SERVER_IP:7090

Create a layer 7 cluster, go to configuration - cluster.

And now go to Worker Group tab, create a worker with your backend server IP and port

First we will set up HTTP proxy, so set port to 80 (you can skip this step if you want traffic go through HTTPS and only set up HTTPS cluster)

Now repeat the previous process and create a cluster and worker for HTTPS traffic.

Same setting as HTTP worker , except port to 443 and type to HTTPS

Create virtual host for HTTP, choose cluster HTTP (you can skip this step if you want traffic go through HTTPS and only set up HTTPS cluster)

Create another virtual host for HTTPS , choose cluster HTTPS

For HTTPS, we will also need to set up SSL for it.

Create 2 layer 7 listeners for 80 and 443 port, for HTTPS listener , Secure must be set to Yes

We will also need to set up SSL for listener , otherwise it will fail to start.

Listener cert is not important , it can be any cert even self-signed, vhost SSL will override listener SSL.

Map domains to both listeners.

If you want all traffic between ADC and backend on HTTPS, then map HTTPS vhost to both listener.

if you want all traffic between ADC and backend on HTTP, then map HTTP vhost to both listener.

If you want traffic separately proxied, map HTTP vhost to HTTP listener and map HTTPS vhost to HTTPS listener, respectively.

If you want to force HTTPS on end-user , you can also add 301 HTTPS redirect rewrite rule on ADC vhost's rewrite rule tab.

If you want to force HTTPS on end-user, but HTTP between ADC and backend, you may need to disable HTTPS redirect on your backend and let ADC send out the redirection, otherwise it might cause infinite loop as backend will always see traffic comes on HTTP

  • Admin
  • Last modified: 2019/02/08 14:14
  • by qtwrk