1

Context

I am working on a POC for a client which involves a Citrix Netscaler. My entire demo is a docker-compose.yml with:

  • different DBMS
  • some web services
  • my monitoring solution (grafana, prometheus, telegraf)

I would like to use this image as a reverse proxy for the web services and monitor this service with prometheus.

Need

I would like to set thing so that no manual action would be required to run the demo. In the context of nginx, I would simply mount the relevant conf file somewhere in /etc/nginx/conf.d. Using a Citrix netscaler, I am not sure

  • whether it is even possible
  • how to proceed (the only doc I could found display a very graphical/complicated process)

In a nutshell, I would like to be able to route http requests to the different web services by overriding some configuration file, like so:

  netscaler: 
    image: store/citrix/netscalercpx:12.0-56.20
    container_name: ws-netscaler
    ports:
      - 444:443
      - 81:80
    expose: 
      - 161
    volumes:
      - ./netscaler/some.conf:/nsconfig/some.conf:ro  # what I am trying to achieve
    environment: 
      - EULA=yes
    cap_add:
      - NET_ADMIN
    ulimits:
      nproc: 1

About this specific image

It appears that all netscaler related files are here

root@61baa67a839f:/# ls /netscaler
cli_script.sh      nitro             ns_service_stop  nscli_linux    nsconmsg      nsnetsvc       nssslgen               pitboss
docker_startup.sh  ns_reboot         nsaggregatord    nsconfigaudit  nslinuxtimer  nsppe          nstraceaggregator      showtechsupport.pl
netscaler.conf     ns_service_start  nsapimgr         nsconfigd      nslped        nssetup_linux  nstracemergenclean.sh  snmpd

and here

root@61baa67a839f:/# ls -R nsconfig
nsconfig:
dns  monitors  nsboot.conf  snmpd.conf  ssl

nsconfig/dns:

nsconfig/monitors:

nsconfig/ssl:
ns-root.cert  ns-root.req  ns-server.cert  ns-server.req         ns-sftrust-root.key  ns-sftrust-root.srl  ns-sftrust.der  ns-sftrust.req
ns-root.key   ns-root.srl  ns-server.key   ns-sftrust-root.cert  ns-sftrust-root.req  ns-sftrust.cert      ns-sftrust.key  ns-sftrust.sig

Based on nsboot.conf's content

root@61baa67a839f:/# cat /nsconfig/nsboot.conf 
add route 0 0  172.18.0.1
set rnat 192.0.0.0 255.255.255.0 -natip  172.18.0.2
add ssl certkey ns-server-certificate -cert ns-server.cert -key ns-server.key
set tcpprofile nstcp_default_profile mss  1460
set ns hostname 61baa67a839f

and this documentation, I am assuming that this would be the place. Am I right in assuming so?

Edit

Overriding nsboot.conf did not work as expected, for this file is quite probably written by entrypoint.sh. I end up with multiple definitions. It seems that the correct way to do it is by injecting /etc/cpx.conf (source).

# /etc/cpx.conf
WS_ADDRESS=$(getent hosts some_web_service | awk '{ print $1 }')
add cs vserver some_ws HTTP $WS_ADDRESS 5000

But I can't access the resource through the netscaler (mainly because I do not understand NetScaler CLI yet)

$ curl http://localhost:5000/hello                                                                 
Hello, World!% 
$ curl http://localhost:81/some_ws/hello
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /some_ws/hello was not found on this server.</p>
</body></html>
zar3bski
  • 2,773
  • 7
  • 25
  • 58
  • Looks like I should override `/etc/cpx.conf` [source](https://docs.citrix.com/en-us/citrix-adc-cpx/12/configure-cpx-using-configuration-file.html) – zar3bski Aug 18 '20 at 13:27
  • see if this link helps: https://docs.citrix.com/en-us/citrix-adc-cpx/12/configure-cpx-using-configuration-file.html – apoorva kamath Sep 02 '20 at 08:57

0 Answers0