[tech] [wheel] Fwd: Re: Status Update and F5 Config
James Arcus
21954943 at student.uwa.edu.au
Wed Jul 8 12:47:08 AWST 2020
Here's the latest email chain where I got the F5 rules updated.
-------- Forwarded Message --------
Subject: Re: Status Update and F5 Config
Date: Tue, 7 Jul 2020 10:47:50 +0800
From: Paul Fisher <paul.fisher at uwa.edu.au>
To: James Arcus (21954943) <21954943 at student.uwa.edu.au>
CC: Geoff Costello <geoff.costello at uwa.edu.au>
Good work BTW
https://devcentral.f5.com/s/articles/irules-101-04-switch
This is current production.
"gitlab.ucc.asn.au"
{
pool ip_130.95.13.6_443
set usessl 1
}
"lists.ucc.guild.uwa.edu.au" -
"mail.ucc.guild.uwa.edu.au"
{
pool ip_130.95.13.9_80
set usessl 0
}
"ext-mx.ucc.asn.au" -
"mailhost.ucc.asn.au" -
"mail.ucc.asn.au" -
"bbs.ucc.asn.au" -
"bofh.ucc.asn.au" -
"flamebbs.ucc.asn.au" -
"mooneye.ucc.asn.au" -
"ucc.asn.au"
{
pool ip_130.95.13.9_443
set usessl 1
}
"myxine.ucc.asn.au"
{
pool ip_130.95.13.10_443
set usessl 1
}
"flame.ucc.asn.au" -
"gopher.flame.ucc.asn.au"
{
pool ip_130.95.13.12_80
set usessl 0
}
"tty.flame.ucc.asn.au" -
"www.flame.ucc.asn.au" -
"maculatus.ucc.asn.au"
{
pool ip_130.95.13.12_443
set usessl 1
}
"hg.ucc.guild.uwa.edu.au" -
"autodiscover.ucc.guild.uwa.edu.au" -
"cvs.ucc.guild.uwa.edu.au" -
"autoconfig.ucc.guild.uwa.edu.au" -
"ftp.ucc.guild.uwa.edu.au" -
"irc.ucc.guild.uwa.edu.au" -
"wiki.ucc.guild.uwa.edu.au" -
"www.ucc.guild.uwa.edu.au" -
"mussel.ucc.guild.uwa.edu.au"
{
pool ip_130.95.13.18_80
set usessl 0
}
"autodiscover.ucc.asn.au" -
"cvs.ucc.asn.au" -
"autoconfig.ucc.asn.au" -
"bn.ucc.asn.au" -
"dj.ucc.asn.au" -
"ftp.ucc.asn.au" -
"hg.ucc.asn.au" -
"irc.ucc.asn.au" -
"lists.ucc.asn.au" -
"roundcube.ucc.asn.au" -
"sogo.ucc.asn.au" -
"subscribe-mailfish.ucc.asn.au" -
"subscribe.ucc.asn.au" -
"webcam.ucc.asn.au" -
"webcams.ucc.asn.au" -
"wikisfa.ucc.asn.au" -
"wiki.ucc.asn.au" -
"www.ucc.asn.au" -
"mussel.ucc.asn.au"
{
pool ip_130.95.13.18_443
set usessl 1
}
"webmail.ucc.guild.uwa.edu.au" -
"secure.ucc.guild.uwa.edu.au"
{
pool ip_130.95.13.28_80
set usessl 0
}
"jabber.ucc.asn.au" -
"msn.ucc.asn.au" -
"sync.ucc.asn.au" -
"webmail.ucc.asn.au" -
"secure.ucc.asn.au" -
"xn--secre-b9n.ucc.asn.au"
{
pool ip_130.95.13.28_443
set usessl 1
}
"portal.ucc.asn.au" -
"uccportal.ucc.asn.au"
{
pool ip_130.95.13.36_443
set usessl 1
}
"meetings.ucc.asn.au"
{
pool ip_130.95.13.38_443
set usessl 1
}
"evil.ucc.guild.uwa.edu.au"
{
pool ip_130.95.13.111_80
set usessl 0
}
"evil.ucc.asn.au"
{
pool ip_130.95.13.111_443
set usessl 1
}
"chordata.ucc.asn.au"
{
pool ip_130.95.13.138_443
set usessl 1
}
"minecraft2019.ucc.asn.au"
{
pool ip_130.95.13.177_443
set usessl 1
}
"motsugo.ucc.asn.au"
{
pool ip_130.95.13.7_80
set usessl 0
}
"games.ucc.asn.au" -
"heath.ucc.asn.au" -
"mumble.ucc.asn.au" -
"heathred.ucc.asn.au"
{
pool ip_130.95.13.66_80
set usessl 0
}
"unisfa-koha.ucc.asn.au"
{
pool ip_130.95.13.86_80
set usessl 0
}
"progeny.idbb.org"
{
pool ip_130.95.191.11_443
set usessl 1
}
"*idbb.org"
{
pool ip_130.95.191.13_443
set usessl 1
}
------------------------------------------------------------------------
*From:* Paul Fisher <paul.fisher at uwa.edu.au>
*Sent:* Tuesday, 7 July 2020 10:43 AM
*To:* James Arcus (21954943) <21954943 at student.uwa.edu.au>
*Cc:* Geoff Costello <geoff.costello at uwa.edu.au>
*Subject:* Re: Status Update and F5 Config
Hi James,
It's a switch glob statement.
The syntax looks good.
Is this the full iRule?
There are 12 hosts in there? The original had 20.
I can load it now if you like?
Thanks
------------------------------------------------------------------------
*From:* James Arcus (21954943) <21954943 at student.uwa.edu.au>
*Sent:* Tuesday, 7 July 2020 10:38 AM
*To:* Paul Fisher <paul.fisher at uwa.edu.au>
*Cc:* Geoff Costello <geoff.costello at uwa.edu.au>
*Subject:* Status Update and F5 Config
Hi Paul,
I've spent the last while enabling more sites, testing, pruning the
zone, and working out exactly what sites need to be done before the
whitelist comes down. We've now got our main site and wiki being served
via Cloudflare.
The main next step is to customise the F5 config to make sure it handles
all our sites. I'm not sure the full semantics of the language, but
based on what you sent me last week I've put together a config that
should allow us to bring the rest of our sites onboard.
The main thing I'm not sure about is wildcards. The large bulk of our
sites (and likely any future sites) are going to be served from Mussel,
130.95.13.18. Having that IP be a default "catch-all" for our domains
would not only remove the need for 100s of lines of config, it would
also allow new sites to spin up without changing the F5.
After the config (or, a working version of what I've outlined) is
loaded, we should be able to cut over the rest of the sites immediately
and stop relying on the whitelist.
Thanks for your help, I wouldn't have got where I am now without those
phone calls on Thursday/Friday.
Cheers,
James
"gitlab.ucc.asn.au" -
"gitlab.ucc.gu.uwa.edu.au" -
"gitlab.ucc.guild.uwa.edu.au"
{
pool ip_130.95.13.6_443
set usessl 1
}
"ucc.asn.au" -
"ucc.gu.uwa.edu.au" -
"ucc.guild.uwa.edu.au"
{
pool ip_130.95.13.9_443
set usessl 1
}
"ocsinventory.ucc.asn.au" -
"ocsinventory.gu.uwa.edu.au" -
"ocsinventory.guild.uwa.edu.au" -
"ocsinventory-ng.ucc.asn.au" -
"ocsinventory-ng.gu.uwa.edu.au" -
"ocsinventory-ng.guild.uwa.edu.au"
{
pool ip_130.95.13.10_443
set usessl 1
}
"ttyflame.ucc.asn.au" -
"wwwflame.ucc.asn.au" -
"*.flame.ucc.asn.au"
{
pool ip_130.95.13.12_443
set usessl 1
}
"sync.ucc.asn.au" -
"sync.ucc.gu.uwa.edu.au" -
"sync.ucc.guild.uwa.edu.au" -
"webmail.ucc.asn.au" -
"webmail.ucc.gu.uwa.edu.au" -
"webmail.ucc.guild.uwa.edu.au" -
"secure.ucc.asn.au" -
"secure.ucc.gu.uwa.edu.au" -
"secure.ucc.guild.uwa.edu.au" -
"xn--secre-b9n.ucc.asn.au" -
"xn--secre-b9n.ucc.gu.uwa.edu.au" -
"xn--secre-b9n.ucc.guild.uwa.edu.au"
{
pool ip_130.95.13.28_443
set usessl 1
}
"portal.ucc.asn.au" -
"portal.ucc.gu.uwa.edu.au" -
"portal.ucc.guild.uwa.edu.au"
{
pool ip_130.95.13.36_443
set usessl 1
}
"meetings.ucc.asn.au"
"meetings.ucc.gu.uwa.edu.au" -
"meetings.ucc.guild.uwa.edu.au"
{
pool ip_130.95.13.38_443
set usessl 1
}
"games.ucc.asn.au" -
"heath.ucc.asn.au" -
"heathred.ucc.asn.au"
{
pool ip_130.95.13.66_80
set usessl 0
}
"unisfa-koha.ucc.asn.au" -
"unisfa-koha.ucc.gu.uwa.edu.au" -
"unisfa-koha.ucc.guild.uwa.edu.au" -
"unisfa-library.ucc.asn.au" -
"unisfa-library.ucc.gu.uwa.edu.au" -
"unisfa-library.ucc.guild.uwa.edu.au"
{
pool ip_130.95.13.86_80
set usessl 0
}
"evil.ucc.asn.au" -
"evil.ucc.gu.uwa.edu.au" -
"evil.ucc.guild.uwa.edu.au" -
"evilstats.ucc.asn.au" -
"evilstats.ucc.gu.uwa.edu.au" -
"evilstats.ucc.guild.uwa.edu.au"
{
pool ip_130.95.13.111_443
set usessl 1
}
"minecraft.ucc.asn.au"
"minecraft2019.ucc.asn.au"
{
pool ip_130.95.13.177_443
set usessl 1
}
"*.ucc.asn.au" -
"*.ucc.gu.uwa.edu.au" -
"*.ucc.guild.uwa.edu.au"
{
pool ip_130.95.13.18_443
set usessl 1
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucc.gu.uwa.edu.au/pipermail/tech/attachments/20200708/eb734cd9/attachment-0001.htm>
More information about the tech
mailing list