Netscaler 12 – Load balancer – Reverse Proxy – SSL Proxy Configuration Steps

This post will cover load balancing in Netscaler with reverse proxy or SSL proxy or SSL offload. There are many confusions out there how to do reverse proxy or ssl proxy or SSL offload, In Netscaler terms its very simple Select SSL as the virtual server type and bind a valid certificate to it, then you are done with the configuration. It is as simple as like that. We will take a scenario and cover this in this post.

 

My infrastructure details

We are having two web/app servers in the internal need to be load balanced. Our servers are working on port TCP_80 (http) however we want users to connect on HTTPS TCP_443, servers to be load balanced and netscaler to act as reverse proxy and do SSL offload.

Our web servers :
Server 1: 192.168.1.150
Server 1: 192.168.1.151

Internal Server Port:
Http ( TCP_80)

External Server Port:
Https (TCP_443)

Certificate :
Already installed in Netscaler with key file.

Follow link to Generate CSR and install Certificate in Netscaler

Netscaler Virtual IP: 192.168.1.162

DNS record for URL: apps.sslab.com ( point to VIP 192.168.1.162)

 

Netscaler Load Balancer Design and Traffic flow

 

As we have seen above our servers will listen on port 80 , Netscaler will load balance and do reverse proxy on port 443 (https). There are cases you might have more than two servers and i have seen some cases where people have only one server. In some cases your backend port is not 80 it might be 8443 or 443 or something else. In all scenarios this post will apply to them.

Step 1: create the servers.

Step2: Create service gorup

Step3: Create load balancing virtual server.

Create Servers

Go to Traffic Management – Load balancing – servers – ADD

Add both web servers, provide Name and IP and Create.

Both the servers are shown below and state should be enabled. Please note enabled green means from netscaler its enable, But whether it is listening to port , working or not will know after creating service group.

Create Service Group for servers

Select Service Groups under load balancing – ADD

Provide Name and Protocol as HTTP – OK

Please note if your backend server in on SSL select SSL here.

Click on add memebers to add above servers created.

Select server based.

select both servers and select.

select port 80 and create , this will bind the servers to service group.

if your server is listening on 443 or something else, need to mention here.

select OK

Add Monitors as shown below, click on Right monitor and select on it.

select on it.

Click select monitor and select TCP – bind

Click Done

Now as you can see the service group is created and UP, meaning all the backend servers are reachable and working.

Create Load Balancer Virtual server for Reverse proxy or SSL proxy

This is the important part, Now Click on virtual servers under load balancing and click ADD

Provide Name : vSRV-Apps

Protocol: SSL

IP Type: IP address

IP Address : the VIP that users will connect 192.168.1.162

Port : 443 ( the port users will use to connect, this can be changed if you need)

Select service gorup binding

select the group created earlier and select

Bind

Click continue for further steps.

Select server certificate to bind certificate.

select the certificate and select.

review and bind the certificate.

Continue

If you like to disable SSLV3 or other weak protocols it can be done as shown below, ignore this if not required and click done.

unselect what ever not required.

review the whole config and click done.

Review and Save configuration

The final thing to do it check the service is up and click save.

click yes to save

 

Testing

Now comes the testing, as seen below my server is listening and working on http as shown below.

Our URL is apps and certificate is also for apps so there are no SSL errors. as shown below our Reverse proxy/SSL proxy or SSL offload is working. The same http URL is working on HTTPS now.

Hope this post is useful, leave your comments and suggestions.

Siva Sankar

Siva Sankar works as Solution Architect in Abu Dhabi with primary focus on SDDC, Mobility, Virtualization, VDI, HCI and Network Virtualization products from VMWare, Citrix and Microsoft.

2 thoughts on “Netscaler 12 – Load balancer – Reverse Proxy – SSL Proxy Configuration Steps

  • August 30, 2018 at 5:36 pm
    Permalink

    Dear Sir, Can you please tell me how can I create the Virtual server, How Can I declare the Ip address for the virtual server. where can I add in DNS

    Reply
    • September 1, 2018 at 4:24 pm
      Permalink

      Dear

      the virtual server IP is the IP users will connect to. it can be created under configuration – traffic management – load balancing – virtual server.
      create the DNS record on your DNS record for your url to the virtual ip in netscaler.

      feel free to refer my netscaler basics blog which covers some theory about IP’s.

      thanks,
      siva sankar

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Show Buttons
Hide Buttons