Attached is a guide for the configuration steps needed on F5 Big-IP LTM (Local Traffic Manager) to offload inbound HTTPS and Secure Websockets (WSS) requests.
The environment this configuration relates to is
- A non-HA Fusion Application Server (FAS) installation
- Fusion Client SDK (FCSDK) installed onto the FAS
- The FCSDK installation consists of a co-hosted Fusion Web Gateway instance and a Fusion Media Broker
- The FCSDK web-based sample application has been deployed onto this same FAS instance
- Fusion Live Assist installed onto the FAS
The configuration described will terminate the HTTPS/WSS connection at F5, and will then NAT and load balance the decrypted connection across a pool of back end application servers.
The configuration also describes the steps required to restrict specific URIs to only allow access to the required REST services for FCSDK and Live Assist.
The instructions in this guide are based on a non-HA evaluation version of F5 (v10.2.4 build 577) and should be used as an example of what configuration is required to achieve HTTPS/WSS offloading. As such, some configuration may vary depending on the local environment and policies.
Configuration described in attached guide has been tested against FCSDK 2.1.28 AND Live Assist® 1.2.19