Dynamic Reverse Proxy
On This Page:
This guide provides instructions on how to create a Dynamic Reverse Proxy (DRP) using the guided wizards in F5® Distributed Cloud Services.
A Dynamic Reverse Proxy operates between the sending Web server and your receiving Web client. It starts by attracting the requests to itself, instead of the final destination (meaning that traffic from a client will hit the Proxy itself), and then triggers a dynamic discovery of the requested endpoint by doing SNI routing or by using host headers.
Dynamic Reverse Proxy solves the problem of connecting to SaaS providers privately without the need of creating complex routing relationships and especially without the need to advertise Public IP Space inside Organizations' Corporate Networks.
On the reverse direction, Dynamic Reverse Proxy also solves the problem related to the need of advertising Organizations' Private IP Space into the SaaS Provider's Network by implementing Forward Proxy and NAT Capabilities.
Using the instructions provided in this guide, you will be able to create a Dynamic Reverse Proxy.
The following prerequisites apply:
- A valid Account is required.
Note: If you do not have an account, see Create an Account.
Create a Dynamic Reverse Proxy (DRP)
Features can be viewed, and managed in multiple services.
This example shows
Dynamic Reverse Proxy setup in
Step 1: Log into F5® Distributed Cloud Console, start DRP object creation.
F5® Distributed Cloud Console> select
Note: Homepage is role based, and your homepage may look different due to your role customization. Select
All Servicesdrop-down menu to discover all options. Customize Settings:
Edit work domain & skillsbutton >
Advancedbox > check
Work Domainboxes >
Namespacefeature is in correct namespace, drop-down selector located in upper-left corner. Not available in all services.
Change to your application namespace in the namespace selector in the primary navigation bar.
Managein left-menu > select
HTTP Connect & DPRs.
Note: If options are not showing available, select
Advanced nav options visiblein bottom left corner. If needed, select
Hideto minimize options from Advanced nav options mode.
Add HTTP Connect & DRPbutton.
Step 2: Configure meta data, and proxy type.
Enter the configuration parameters.
Set a name for your DRP object in the
Optionally, set label key-value pairs in the
HTTP Connect Proxy or Dynamic Reverse Proxyhas
HTTP Connect Proxyand
Dynamic Reverse Proxyas options.
Dynamic Reverse Proxy.
Enter list of
Domainsto be proxies.
Note: Wildcards are supported.
+ Add Itemto add more domains to your list.
Select one of the following in the
Select Method to determine Destinationdrop-down menu:
SNI proxy: Destination discovered based on SNI in TLS Connections.
HTTP Proxy: Destination discovered based on Host Header in HTTP Connections.
HTTPS Proxy: Destination discovered based on SNI in TLS Connections and Host Headers in HTTP Connections.
Select one of the following for the
Select DNS Masquerade for Domainsdrop-down menu:
Enable DNS Masquerade: DNS queries for proxy domains will be resolved to proxy VIP.
Disable DNS Masquerade: DNS queries for proxy domains will not be resolved to proxy VIP.
Step 3: Set sites or virtual sites for proxy.
Select sites or virtual sites where you want to install this proxy.
Select Sites for Proxydrop-down menu has
Sites or Virtual Sitespopulated by default.
Do Not Instantiateis the other Site Proxy option in the drop-down menu.
Site or Virtual Sitesection.
Custom Advertise VIP Configurationpage opens.
+ Add Itembutton.
Select Where to Advertiseoption in drop-down menu:
Siteto install the proxy on a site.
Virtual Siteto install the proxy on a virtual site.
Select one of the following options for the
Site Networkdrop-down menu:
Inside and Outside Network
vK8s Service Network
Virtual Site Referenceor
Site Referencedrop-down menu option.
Note: Option dependent on
Select Where to Advertiseoption selected.
Virtual Siteyou have created, or
+ Create new Virtual Sitewith button at the bottom of pop-up menu.
Show Advanced Fieldsoption to show
IP Addressbox is only available when
Siteoption is selected.
TCP Listen Port Choicedrop-down menu populates with
TCP Listen Portoption by default.
Use Default Listen Portoption available.
Select the port for your DRP in
TCP Listen Portbox.
Note: Default is port 80 for HTTP requests or port 443 for HTTPS requests.
Note: This is the port for your HTTP Connect Proxy to listen to requests.
Note: You can add more sites or virtual sites to advertise using the
Step 4: Set network for upstream connections.
Select which network is going to be used to discover and send the request to your final endpoint.
Select Upstream Networkoption in drop-down menu in
Site Local Network (Outside): Real endpoint is reachable via outside interface.
Site Local Network Inside: Real endpoint is reachable via inside interface.
Step 5: Configure proxy policy.
Configure policies for this proxy. Go to
Proxy Policy section, and select an option for the
Manage Proxy Policy field.
Manage Proxy Policiesoption in drop-down menu:
Disable proxy policy: With this option, no policies are installed on this proxy.
Active proxy policies: To set a policy. From the options for the
Forward Proxy Policiesfield, select an existing forward proxy policy, or select
Create new forward proxy policyto create and apply a new policy.
Step 6: Complete creating the DRP object.
Save and Exit to complete creating the DRP object.
Note: You can monitor the DRP in the F5® Distributed Cloud Console. Navigate to the
HTTP Connect & DRPpage in your application namespace and select on your DRP object in the displayed list of objects.