Cory,
I'm not particularly familiar with F5's interface, but to build a proxy in front of Gluu Server, we use this NGINX template:
```
events {
worker_connections 6500;
}
http {
upstream backend {
server idp.example.org:443 max_fails=2 fail_timeout=10s;
}
server {
listen 80;
server_name loadbalancer.example.org;
return 301 https://loadbalance.example.org$request_uri;
}
server {
listen 443;
server_name loadbalancer.example.org;
ssl on;
ssl_certificate /etc/nginx/ssl/httpd.crt;
ssl_certificate_key /etc/nginx/ssl/httpd.key;
location ~ ^(/)$ {
proxy_pass https://backend;
proxy_redirect off;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 2;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /.well-known {
proxy_pass https://backend/.well-known;
proxy_redirect off;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 2;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /oxauth {
proxy_pass https://backend/oxauth;
proxy_redirect off;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 2;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /identity {
proxy_pass https://backend/identity;
proxy_redirect off;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 2;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /cas {
proxy_pass https://backend/cas;
proxy_redirect off;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 2;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /asimba {
proxy_pass https://backend/asimba;
proxy_redirect off;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 2;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /passport {
proxy_pass https://backend/passport;
proxy_redirect off;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 2;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
```
Basically make sure that f5 hits all these ends points:
```
location ~ ^(/)$
/.well-known
/oxauth
/identity
/cas
/asimba
/passport
```
So I was going to write out the whole process for you, but since it is extremely complicated and prone to error, we just recently built a script that should work at changing your instance from one host-name to another. In this case from your old hostname, to the new f5 server hostname.
I haven't tested it on RHEL, but we have with CentOS 7, so I don't foresee any problems. the script and instructions are located here:
[hostname change script](https://github.com/GluuFederation/cluster-mgr/tree/master/testing)
You would want to run this outside the Gluu chroot then restart your server.
The gist of what happens can be found in the manual instructions:
[Manual hostname instructions](https://github.com/GluuFederation/cluster-mgr/wiki/Changing-Gluu-Server-Hostname-for-Cluster-Deployment)
So Certs, Keystore, Apache Configuration and LDAP entries are changed to match a new hostname.
Let me know if you need any assistance with getting the script to work properly for you.