Add option -a, add possibility to manage ssl client profiles and vserver rules

4 files changed, 59 insertions, 6 deletions

diff --git a/docs/fapi.1 b/docs/fapi.1
index c47300d..98bd100 100644
--- a/docs/fapi.1
+++ b/docs/fapi.1
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "FAPI 1"
-.TH FAPI 1 "2014-05-16" "fapi 0.7.3" "User Commands"
+.TH FAPI 1 "2014-05-26" "fapi 0.7.3" "User Commands"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -276,7 +276,7 @@ And everything can be deleted as folows:
 A simple \s-1HTTP\s0 NATed service can be created as follows.
 .PP
 .Vb 3
-\&  fapi vserver myvserver.example.com:80 create PROTOCOL_TCP /Common/http
+\&  fapi vserver myvserver.example.com:80 create PROTOCOL_TCP http
 \&  fapi vserver myvserver.example.com:80 set vlan VLANNAME
 \&  fapi vserver myvserver.example.com:80 set pool foopool
 .Ve
@@ -293,6 +293,22 @@ You need also to set the \s-1SNAT\s0 flag as follows:
 .Vb 1
 \&  fapi vserver myvserver.example.com:80 set snat automap
 .Ve
+.SS "Settung up simple \s-1SNAT\s0 Services with \s-1SSL\s0 offloading enabled"
+.IX Subsection "Settung up simple SNAT Services with SSL offloading enabled"
+Just like \s-1SNAT\s0 service (use port 443) but with these additional steps
+.PP
+First Upload the \s-1SSL\s0 certificate to the F5 \s-1BIG\s0 \s-1IP\s0 (e.g. System \-> File Management
+\&\-> \s-1SSL\s0 Certificate List on \s-1BIG\s0 \s-1IP\s0 V11.4).
+.PP
+.Vb 3
+\&  # Afterwards create a new SSL profile to use the new certificate:
+\&  # (Will automatically use key/crt myserver.example.com.{key,crt})
+\&  fapi profileclientssl myserver.example.com create
+\&
+\&  # Then attach that profile to the vserver (default context is 
+\&  # PROFILE_TYPE_CLIENT_SSL, which means SSL between F5 and Clients)
+\&  fapi vserver myvserver.example.com:443 profile add myserver.example.com
+.Ve
 .SS "About the \s-1NAME\s0 argument"
 .IX Subsection "About the NAME argument"
 In most cases \s-1NAME\s0 can be a hostname, \s-1FQDN\s0 or an \s-1IP\s0 address. Optionally folled
diff --git a/docs/fapi.pod b/docs/fapi.pod
index ca50e31..4d3429d 100644
--- a/docs/fapi.pod
+++ b/docs/fapi.pod
@@ -134,7 +134,7 @@ And everything can be deleted as folows:
 
 A simple HTTP NATed service can be created as follows.
 
-  fapi vserver myvserver.example.com:80 create PROTOCOL_TCP /Common/http
+  fapi vserver myvserver.example.com:80 create PROTOCOL_TCP http
   fapi vserver myvserver.example.com:80 set vlan VLANNAME
   fapi vserver myvserver.example.com:80 set pool foopool
 
@@ -150,6 +150,21 @@ You need also to set the SNAT flag as follows:
 
   fapi vserver myvserver.example.com:80 set snat automap
 
+=head2 Settung up simple SNAT Services with SSL offloading enabled
+
+Just like SNAT service (use port 443) but with these additional steps
+
+First Upload the SSL certificate to the F5 BIG IP (e.g. System -> File Management
+-> SSL Certificate List on BIG IP V11.4). 
+
+  # Afterwards create a new SSL profile to use the new certificate:
+  # (Will automatically use key/crt myserver.example.com.{key,crt})
+  fapi profileclientssl myserver.example.com create
+
+  # Then attach that profile to the vserver (default context is 
+  # PROFILE_TYPE_CLIENT_SSL, which means SSL between F5 and Clients)
+  fapi vserver myvserver.example.com:443 profile add myserver.example.com
+
 =head2 About the NAME argument
 
 In most cases NAME can be a hostname, FQDN or an IP address. Optionally folled
diff --git a/docs/fapi.txt b/docs/fapi.txt
index 67fe651..8dea5c9 100644
--- a/docs/fapi.txt
+++ b/docs/fapi.txt
@@ -121,7 +121,7 @@ EXAMPLES
   Setting up simple HTTP NAT Services
     A simple HTTP NATed service can be created as follows.
 
-      fapi vserver myvserver.example.com:80 create PROTOCOL_TCP /Common/http
+      fapi vserver myvserver.example.com:80 create PROTOCOL_TCP http
       fapi vserver myvserver.example.com:80 set vlan VLANNAME
       fapi vserver myvserver.example.com:80 set pool foopool
 
@@ -137,6 +137,20 @@ EXAMPLES
 
       fapi vserver myvserver.example.com:80 set snat automap
 
+  Settung up simple SNAT Services with SSL offloading enabled
+    Just like SNAT service (use port 443) but with these additional steps
+
+    First Upload the SSL certificate to the F5 BIG IP (e.g. System -> File
+    Management -> SSL Certificate List on BIG IP V11.4).
+
+      # Afterwards create a new SSL profile to use the new certificate:
+      # (Will automatically use key/crt myserver.example.com.{key,crt})
+      fapi profileclientssl myserver.example.com create
+
+      # Then attach that profile to the vserver (default context is 
+      # PROFILE_TYPE_CLIENT_SSL, which means SSL between F5 and Clients)
+      fapi vserver myvserver.example.com:443 profile add myserver.example.com
+
   About the NAME argument
     In most cases NAME can be a hostname, FQDN or an IP address. Optionally
     folled by a port:
diff --git a/docs/synopsis.txt b/docs/synopsis.txt
index 8e7317c..807ece6 100644
--- a/docs/synopsis.txt
+++ b/docs/synopsis.txt
@@ -47,11 +47,19 @@ Synopsis:
     vserver
     vserver NAME create [protocol] [profile] [poolname] [mask]
     vserver NAME delete
-    vserver NAME get brief|detail|status|vlan
+    vserver NAME get brief|detail|status|vlan|profile|rule
     vserver NAME set nat|pat disabled|enabled
     vserver NAME set pool POOLNAME
     vserver NAME set snat automap|none
-    vserver NAME set vlan [list,of,vlans,to,allow]
+    vserver NAME set vlan [list,of,vlans,to,allow]
+    vserver NAME profile add PROFILENAME [PROFILECONTEXT]
+    vserver NAME profile remove PROFILENAME
+    vserver NAME rule add RULENAME [RULEPRIORITY]
+    vserver NAME rule remove RULENAME
+    profileclientssl
+    profileclientssl PROFILENAME create [SSLKEYNAME] [SSLCERTNAME]
+    profileclientssl PROFILENAME delete
+    profileclientssl PROFILENAME get detail
 The following partially needs admininstrator privileges on / and /Common
     -f Common -b balancer.example.com selfip
     -f Common -b balancer.example.com selfip NAME create NETMASK VLANNAME [TGROUP]