This is an old revision of the document!

How To Set Up LiteSpeed ADC To Proxy Traffic

In this guide we will explain how to set up following 3 scenarios:

a) SSL offloading, which means ADC to end-user connection will be available as both HTTP and HTTPS , but ADC will connect to backend server with HTTP (should only apply if both server are in private network to reduce server load, not recommended if both servers are connected via public network)

b) Keep SSL connection between ADC and backend, and ADC to end-user connection will be available as both HTTP and HTTPS.

c) HTTP to HTTP and HTTPS to HTTPS receptively.

Backend server IP is .114

ADC server IP is .211

Login to ADC webadmin console via https://YOUR_SERVER_IP:7090

1. Create a 2 layer 7 clusters for HTTP and HTTPS (you can skip HTTP cluster and vhost in following steps if you want keep SSL between ADC and backend server)

Go to Configuration - Cluster.

And now go to Worker Group tab, create a worker with your backend server IP and port

First we will set up HTTP proxy, so set port to 80

2. Now repeat the previous process and create a cluster and worker for HTTPS traffic.

Same setting as HTTP worker , but change port to 443 and type to HTTPS

3. Go to configuration - virtual host, create virtual host for HTTP, choose cluster HTTP

4. Create another virtual host for HTTPS , choose cluster HTTPS

For HTTPS, we will also need to set up SSL for it.

5. Create 2 layer 7 listeners for 80 and 443 port, for HTTPS listener , Secure must be set to Yes

We will also need to set up SSL for listener , otherwise it will fail to start.

Listener cert is not important , it can be any cert even self-signed, vhost SSL will override listener SSL.

Map domains to both listeners

a) If you want all traffic between ADC and backend on HTTPS, then map HTTPS vhost to both listener.

b) if you want all traffic between ADC and backend on HTTP, then map HTTP vhost to both listener.

c) If you want traffic separately proxied, map HTTP vhost to HTTP listener and map HTTPS vhost to HTTPS listener, respectively.

Additional note

Listener on port 80 is must have even you want to use HTTPS all the way , because user's first connection to your domain could be HTTP, so will need to send out HTTPS redirect.

If you want to force HTTPS on end-user , you can also add 301 HTTPS redirect rewrite rule on ADC vhost's rewrite rule tab.

If you want to force HTTPS on end-user, but HTTP between ADC and backend, you may need to disable HTTPS redirect on your backend and let ADC send out the redirection, otherwise it might cause infinite loop as backend will always see traffic comes on HTTP

  • Admin
  • Last modified: 2019/02/08 14:36
  • by qtwrk