Thursday, July 21, 2022

Multiple websites behind single VIP on F5.

This is for setting up multiple websites using ssl behind a single VIP on F5. It conserves the IP's on your Vlan because you do not have to create separate virtual servers for different websites.

The setup consists of node, client ssl profiles, pool, irule and virtual ip


Create a node where your sites are hosted.

Local Traffic > Nodes >  Nodes List > Create

Create a new pool.

Local Traffic > Pools >  Pool List > Create

Select Node list radio button and add the previously created node from the drop down.

Enter the service port as the port which your website is listening on.


 

Create clientssl profiles.

The process to create client profiles is documented here very nicely. So I won't elaborate on that.

https://clouddocs.f5.com/training/community/public-cloud/html/class05/module1/lab2.html#:~:text=Go%20to%20%E2%80%9CLocal%20Traffic%20%3E%20Profiles%20%3E%20SSL,Chain%2C%20select%20Custom%20check%20box%20and%20then%20Add.

For one of the profiles that you would add to your virtual server. Check advanced box and

 

check the option.

 

Default SSL Profile for SNI 



Create Irules

Create the Irule for directing traffic to the pools. This  Irule is using two different client ssl profiles.

 Local Traffic > IRules > IRule List

 

Here is the text .

when HTTP_REQUEST
{
 
  switch [string tolower [HTTP::host]]  {

                         "testwebsite1" {
                                               pool pool_website1
                                               set sslprof "SSL::profile testwebsite1_clientssl"                   
                                         }
                         "testwebsite2" {
                                               pool pool_website2
                                                set sslprof "SSL::profile testwebsite2_clientssl"   
                                        }
                      }



Create the virtual server 

This virtual server will be the frontend for these websites.

Create the virtual server.

Loal Traffic > Virtual Servers > Virtual Server list


Change the HTTP profile section to http.


Asscociate the  client ssl profiles with your virtual server.

 

 

 

Enable Address translation and Port translation. in the advanced section of the Virtual Server

 

Certificate needs to be assigned in the IIS website bindings.

 

Certificate should have the same common name as specified in the DNS or you would get an error as 

 

the Irule can have some logging added to investigate.

#This will log the IP address of the incoming connection
when CLIENT_ACCEPTED {
log local0. "IP: [IP::client_addr]"
}

when HTTP_REQUEST
 {
 #  log local0. "Requested hostname: [HTTP::host] from IP: [IP::local_addr]"
 #  set LogString "Client [IP::client_addr]:[TCP::client_port] -> [HTTP::host][HTTP::uri]"
 #  log local0. "start ============================================="
 #  log local0. "$LogString (request)"
 #  foreach aHeader [HTTP::header names] {
 #     log local0. "$aHeader: [HTTP::header value $aHeader]"
 #  }
 #  log local0. "finish ============================================="

 

  switch [string tolower [HTTP::host]]
                           {
                         "testwebsite1"
                                       {
                                              log local0. "=I am in stmt1 Pool:[LB::server]"
                                               pool pool_website1
                                       #        HTTP::host [HTTP::host]:7000
                                               set sslprof "SSL::profile testwebsite1_clientssl"
                                       }
                         "testwebsite2" {
                                               log local0. "=I am in stmt2 Pool:[LB::server]"
                                               pool pool_website2
                                             #  set sslprof "SSL::profile testwebsite2_clientssl"   
                                              set sslprof "SSL::profile testwebsite2_May"
                                        }


                           }                
 }

 

 

Friday, June 3, 2022

Refine suggestions on Youtube

The sheer amount of content out on youtube is overwhelming. The suggestions might be personalized to your like by youtube but you still get bombarded with videos or channels on your page that you might have no interest in. Also this personalization requires you to login.It's also hard to block channels you don't want to see from popping up on your webpage.

This small extension called BlockTube on firefox helps in blocking content on your youtube page by.

Video title , Channel Name , Video ID , Channel ID 

There are other advanced options too.

Thursday, May 5, 2022

Useful Remote desktop setting registry keys

 

 Collection of registry settings to apply if you are having RDP issues. Use them at your own discretion after looking up the help for those.

REG ADD "HKLM\SYSTEM\CurrentControlSet\control\Terminal Server\Winstations\RDP-Tcp" /v 'SecurityLayer' /t REG_DWORD /d 0 /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\control\Terminal Server\Winstations\RDP-Tcp" /v 'MinEncryptionLevel' /t REG_DWORD /d 1 /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\control\Terminal Server\Winstations\RDP-Tcp" /v 'fQueryUserConfigFromLocalMachine' /t REG_DWORD /d 1 /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\control\Terminal Server\Winstations\RDP-Tcp" /v 'KeepAliveTimeout' /t REG_DWORD /d 1 /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v 'KeepAliveEnable' /t REG_DWORD /d 1 /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v 'KeepAliveInterval' /t REG_DWORD /d 1 /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\control\Terminal Server\Winstations\RDP-Tcp" /v 'fInheritReconnectSame' /t REG_DWORD /d 0 /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\control\Terminal Server\Winstations\RDP-Tcp" /v 'fReconnectSame' /t REG_DWORD /d 1 /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v 'fDisableAutoReconnect' /t REG_DWORD /d 0 /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\control\Terminal Server\Winstations\RDP-Tcp" /v 'fInheritMaxSessionTime' /t REG_DWORD /d 1 /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\control\Terminal Server\Winstations\RDP-Tcp" /v 'fInheritMaxDisconnectionTime' /t REG_DWORD /d 1 /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\control\Terminal Server\Winstations\RDP-Tcp" /v 'MaxConnectionTime' /t REG_DWORD /d 0 /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\control\Terminal Server\Winstations\RDP-Tcp" /v 'fInheritMaxIdleTime' /t REG_DWORD /d 1 /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\control\Terminal Server\Winstations\RDP-Tcp" /v 'MaxIdleTime' /t REG_DWORD /d 0 /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\control\Terminal Server\Winstations\RDP-Tcp" /v 'MaxInstanceCount' /t REG_DWORD /d 4294967295 /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\control\Terminal Server\Winstations\RDP-Tcp" /v 'MaxDisconnectionTime' /t REG_DWORD /d 0 /f