How to redirect HTTP to HTTPS using GCP load balancer

linux apache google-cloud-platform load-balancing
12,895

Solution 1

Right now the redirection from http to https is possible with the Load Balancer's Traffic Management.

Below is an example of how to set it up on their documentation: https://cloud.google.com/load-balancing/docs/https/setting-up-traffic-management#console

Basically you will create two of each "forwarding rules", targetproxy and urlmap.

2 URLMaps

  • In 1st URL map you will just set a redirection. The define redirection rules are below and no backend service is needed to be define here
    • httpsRedirect: true
    • redirectResponseCode: FOUND
  • In 2nd map you will have to define your backend services there

2 forwarding rules

  • 1st forwarding rule is to serve http request so basically port 80
  • 2nd forwarding rule is to serve http request so port 443

2 targetproxy

  • 1st target proxy is targetHttpProxy, this will where the 1st forwarding rule is forwarded to and is mapped to the 1st URLMap
  • 2nd target proxy is targetHttpsProxy where the 2nd forwarding rule is forwarded to and is mapped to the 2nd URLMap

========================================================================

Below is a Cloud Deployment Manager example with Managed Certificates and Storage Buckets as the backend

storagebuckets-template.jinja

resources:
- name: {{ properties["bucketExample"] }}
  type: storage.v1.bucket
  properties:
    storageClass: REGIONAL
    location: asia-east2
    cors:
    - origin: ["*"]
      method: [GET]
      responseHeader: [Content-Type]
      maxAgeSeconds: 3600
    defaultObjectAcl:
    - bucket: {{ properties["bucketExample"] }}
      entity: allUsers
      role: READER
    website:
     mainPageSuffix: index.html

backendbuckets-template.jinja

resources:
- name: {{ properties["bucketExample"] }}-backend
  type: compute.beta.backendBucket
  properties:
    bucketName: $(ref.{{ properties["bucketExample"] }}.name)
    enableCdn: true

ipaddresses-template.jinja

resources:
- name: lb-ipaddress
  type: compute.v1.globalAddress

sslcertificates-template.jinja

resources:
- name: example
  type: compute.v1.sslCertificate
  properties:
    type: MANAGED
    managed:
      domains:
      - example1.com
      - example2.com
      - example3.com

loadbalancer-template.jinja

resources:
- name: centralized-lb-http
  type: compute.v1.urlMap
  properties:
    defaultUrlRedirect:
      httpsRedirect: true
      redirectResponseCode: FOUND
- name: centralized-lb-https
  type: compute.v1.urlMap
  properties:
    defaultService: {{ properties["bucketExample"] }}
    pathMatchers:
    - name: example
      defaultService: {{ properties["bucketExample"] }}
      pathRules:
      - service: {{ properties["bucketExample"] }}
        paths:
        - /*
    hostRules:
    - hosts:
      - example1.com
      pathMatcher: example
    - hosts:
      - example2.com
      pathMatcher: example
    - hosts:
      - example3.com
      pathMatcher: example

httpproxies-template.jinja

resources:
- name: lb-http-proxy
  type: compute.v1.targetHttpProxy
  properties:
    urlMap: $(ref.centralized-lb-http.selfLink)
- name: lb-https-proxy
  type: compute.v1.targetHttpsProxy
  properties:
    urlMap: $(ref.centralized-lb-https.selfLink)
    sslCertificates: [$(ref.example.selfLink)]
- name: lb-http-forwardingrule
  type: compute.v1.globalForwardingRule
  properties:
    target: $(ref.lb-http-proxy.selfLink)
    IPAddress: $(ref.lb-ipaddress.address)
    IPProtocol: TCP
    portRange: 80-80
- name: lb-https-forwardingrule
  type: compute.v1.globalForwardingRule
  properties:
    target: $(ref.lb-https-proxy.selfLink)
    IPAddress: $(ref.lb-ipaddress.address)
    IPProtocol: TCP
    portRange: 443-443

templates-bundle.yaml 

 imports:
 - path: backendbuckets-template.jinja
 - path: httpproxies-template.jinja
 - path: ipaddresses-template.jinja
 - path: loadbalancer-template.jinja
 - path: storagebuckets-template.jinja
 - path: sslcertificates-template.jinja

resources:
 - name: storagebuckets
   type: storagebuckets-template.jinja
   properties:
     bucketExample: example-sb
 - name: backendbuckets
   type: backendbuckets-template.jinja
   properties:
     bucketExample: example-sb
 - name: loadbalancer
   type: loadbalancer-template.jinja
   properties:
     bucketExample: $(ref.example-sb-backend.selfLink)
 - name: ipaddresses
   type: ipaddresses-template.jinja
 - name: httpproxies
   type: httpproxies-template.jinja
 - name: sslcertificates
   type: sslcertificates-template.jinja

$ gcloud deployment-manager deployments create infrastructure --config=templates-bundle.yaml > output command output

 NAME                                   TYPE                             STATE      ERRORS  INTENT
 centralized-lb-http                    compute.v1.urlMap                COMPLETED  []
 centralized-lb-https                   compute.v1.urlMap                COMPLETED  []
 example                                compute.v1.sslCertificate        COMPLETED  []
 example-sb                             storage.v1.bucket                COMPLETED  []
 example-sb-backend                     compute.beta.backendBucket       COMPLETED  []
 lb-http-forwardingrule                 compute.v1.globalForwardingRule  COMPLETED  []
 lb-http-proxy                          compute.v1.targetHttpProxy       COMPLETED  []
 lb-https-forwardingrule                compute.v1.globalForwardingRule  COMPLETED  []
 lb-https-proxy                         compute.v1.targetHttpsProxy      COMPLETED  []
 lb-ipaddress                           compute.v1.globalAddress         COMPLETED  []

Solution 2

It is not possible to do that directly on GCP Load balancer.

One possibility is to make the redirection on your backend service. GCP Loader balancer add x-forwarded-proto property in requests headers which is equal to http or https. You could add a condition based on this property to make a redirection.

Share:
12,895

Related videos on Youtube

Kyc Kyc
Author by

Kyc Kyc

Updated on September 14, 2022

Comments

  • Kyc Kyc
    Kyc Kyc almost 2 years

    I'm setting up my load balancer in GCP with 2 nodes (Apache httpd), with domain lblb.tonegroup.net.

    Currently my load balancer is working fine, the traffic is switching over between the 2 nodes, but how do i configure to redirect http://lblb.tonegroup.net to https://lblb.tonegroup.net ?

    Is it possible to configure it at the load balancer level or I need to configure it at apache level? I have Google Managed SSL cert installed FYI.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Connect to MS SQL Server from PHP on Linux?
Reading remote HDFS file with Java
Building and configuring apr-util and httpd to use apr-iconv on Linux
mod_rewrite REQUEST_URI confusion
PHP/Ubuntu - QxcbConnection: Could not connect to display aborted
"You must specify a valid --with-apxs path" when building mod_jk on ubuntu
Apache - give access to "shared" directory on server
HTTPS giving 404 not found error
Apache is not able to read my .css files
How do I update Apache on CentOS 6.5?