Our infrastructure masks several redundant LTM's. So using the existing number of HTTPS VIPS we have for this domain, would yes, avoid new IPs, new certs, etc.
----
Client HTTP --> LTM HTTP VIP Redirect to HTTPS VIP--> HTTPS VIP 'SSL::disable serverside ' based on iRule --> sending HTTP to backend server
----
I'm a little concerned about the return traffic though.
Perhaps I'm thinking this over to hard, but wouldn't this work?
when HTTP_REQUEST {
if {[class match -- [URI::query [HTTP::uri] template] equals template_dg]}{
SSL::disable serverside
HTTP::redirect "https://[HTTP::host][HTTP::uri]"
}