如何使用GCP负载平衡器将HTTP重定向到HTTPS

Question

我正在GCP中使用2个节点（Apache httpd）和域lblb.tonegroup.net设置负载均衡器。

目前，我的负载均衡器工作正常，流量正在2个节点之间切换，但是如何配置将http://lblb.tonegroup.net重定向到https://lblb.tonegroup.net？

是否可以在负载均衡器级别配置它，或者我需要在apache级别配置它？我已安装Google托管SSL证书供参考。

Answer 1

现在，通过负载均衡器的流量管理可以实现从 http 到 https 的重定向。

以下是如何在其文档中进行设置的示例： https://cloud.google.com/load-balancing/docs/https/setting-up-traffic-management#console

基本上，您将创建两个“转发规则”：targetproxy 和 urlmap。

2 URL映射

• 在第一个 URL 映射中，您只需设置重定向。定义重定向规则如下，这里不需要定义后端服务
  • httpsRedirect: true
  • redirectResponseCode: FOUND
• 在第二张地图中，您必须在那里定义后端服务

2 转发规则

• 第一个转发规则是服务 http 请求，所以基本上是端口 80
• 第二条转发规则是为 http 请求提供服务，因此端口 443

2 目标代理

• 第一个目标代理是targetHttpProxy，这将是第一个转发规则转发到并映射到第一个 URLMap 的地方
• 第二目标代理是targetHttpsProxy第二转发规则转发到的位置并映射到第二 URLMap

=================================================== =====================

下面是一个以托管证书和存储桶作为后端的云部署管理器示例

storagebuckets-template.jinja

resources:
- name: {{ properties["bucketExample"] }}
  type: storage.v1.bucket
  properties:
    storageClass: REGIONAL
    location: asia-east2
    cors:
    - origin: ["*"]
      method: [GET]
      responseHeader: [Content-Type]
      maxAgeSeconds: 3600
    defaultObjectAcl:
    - bucket: {{ properties["bucketExample"] }}
      entity: allUsers
      role: READER
    website:
     mainPageSuffix: index.html

backendbuckets-template.jinja

resources:
- name: {{ properties["bucketExample"] }}-backend
  type: compute.beta.backendBucket
  properties:
    bucketName: $(ref.{{ properties["bucketExample"] }}.name)
    enableCdn: true

ipaddresses-template.jinja

resources:
- name: lb-ipaddress
  type: compute.v1.globalAddress

sslcertificates-template.jinja

resources:
- name: example
  type: compute.v1.sslCertificate
  properties:
    type: MANAGED
    managed:
      domains:
      - example1.com
      - example2.com
      - example3.com

负载均衡器模板.jinja

resources:
- name: centralized-lb-http
  type: compute.v1.urlMap
  properties:
    defaultUrlRedirect:
      httpsRedirect: true
      redirectResponseCode: FOUND
- name: centralized-lb-https
  type: compute.v1.urlMap
  properties:
    defaultService: {{ properties["bucketExample"] }}
    pathMatchers:
    - name: example
      defaultService: {{ properties["bucketExample"] }}
      pathRules:
      - service: {{ properties["bucketExample"] }}
        paths:
        - /*
    hostRules:
    - hosts:
      - example1.com
      pathMatcher: example
    - hosts:
      - example2.com
      pathMatcher: example
    - hosts:
      - example3.com
      pathMatcher: example

httpproxies-template.jinja

resources:
- name: lb-http-proxy
  type: compute.v1.targetHttpProxy
  properties:
    urlMap: $(ref.centralized-lb-http.selfLink)
- name: lb-https-proxy
  type: compute.v1.targetHttpsProxy
  properties:
    urlMap: $(ref.centralized-lb-https.selfLink)
    sslCertificates: [$(ref.example.selfLink)]
- name: lb-http-forwardingrule
  type: compute.v1.globalForwardingRule
  properties:
    target: $(ref.lb-http-proxy.selfLink)
    IPAddress: $(ref.lb-ipaddress.address)
    IPProtocol: TCP
    portRange: 80-80
- name: lb-https-forwardingrule
  type: compute.v1.globalForwardingRule
  properties:
    target: $(ref.lb-https-proxy.selfLink)
    IPAddress: $(ref.lb-ipaddress.address)
    IPProtocol: TCP
    portRange: 443-443

模板-bundle.yaml

 imports:
 - path: backendbuckets-template.jinja
 - path: httpproxies-template.jinja
 - path: ipaddresses-template.jinja
 - path: loadbalancer-template.jinja
 - path: storagebuckets-template.jinja
 - path: sslcertificates-template.jinja

resources:
 - name: storagebuckets
   type: storagebuckets-template.jinja
   properties:
     bucketExample: example-sb
 - name: backendbuckets
   type: backendbuckets-template.jinja
   properties:
     bucketExample: example-sb
 - name: loadbalancer
   type: loadbalancer-template.jinja
   properties:
     bucketExample: $(ref.example-sb-backend.selfLink)
 - name: ipaddresses
   type: ipaddresses-template.jinja
 - name: httpproxies
   type: httpproxies-template.jinja
 - name: sslcertificates
   type: sslcertificates-template.jinja

$ gcloud deployment-manager deployments create infrastructure --config=templates-bundle.yaml > output 命令输出

 NAME                                   TYPE                             STATE      ERRORS  INTENT
 centralized-lb-http                    compute.v1.urlMap                COMPLETED  []
 centralized-lb-https                   compute.v1.urlMap                COMPLETED  []
 example                                compute.v1.sslCertificate        COMPLETED  []
 example-sb                             storage.v1.bucket                COMPLETED  []
 example-sb-backend                     compute.beta.backendBucket       COMPLETED  []
 lb-http-forwardingrule                 compute.v1.globalForwardingRule  COMPLETED  []
 lb-http-proxy                          compute.v1.targetHttpProxy       COMPLETED  []
 lb-https-forwardingrule                compute.v1.globalForwardingRule  COMPLETED  []
 lb-https-proxy                         compute.v1.targetHttpsProxy      COMPLETED  []
 lb-ipaddress                           compute.v1.globalAddress         COMPLETED  []

Answer 2

无法直接在 GCP 负载均衡器上执行此操作。

一种可能性是在您的后端服务上进行重定向。GCP Loader 平衡器x-forwarded-proto在请求标头中添加属性，该属性等于 http 或 https。您可以添加基于此属性的条件来进行重定向。