时间戳

首页 > 解决方案 > 如何使用 GCP 负载平衡器将 HTTP 重定向到 HTTPS

linux - 如何使用 GCP 负载平衡器将 HTTP 重定向到 HTTPS

问题描述

我在 GCP 中设置我的负载均衡器,有 2 个节点(Apache httpd),域 lblb.tonegroup.net。

目前我的负载均衡器工作正常,流量在 2 个节点之间切换,但是如何配置将http://lblb.tonegroup.net重定向到https://lblb.tonegroup.net

是否可以在负载均衡器级别配置它,或者我需要在 apache 级别配置它?我已经安装了 Google Managed SSL 证书,仅供参考。

标签: linuxapachegoogle-cloud-platformload-balancing

解决方案

现在使用负载均衡器的流量管理可以实现从 http 到 https 的重定向。

以下是如何在他们的文档中进行设置的示例: https ://cloud.google.com/load-balancing/docs/https/setting-up-traffic-management#console

基本上,您将创建两个“转发规则”,targetproxy 和 urlmap。

2 个 URL 映射

  • 在第一个 URL 映射中,您只需设置一个重定向。定义重定向规则如下,这里不需要定义后端服务
    • httpsRedirect: true
    • redirectResponseCode: FOUND
  • 在第二张地图中,您必须在那里定义您的后端服务

2 转发规则

  • 第一条转发规则是服务 http 请求,所以基本上是端口 80
  • 第二个转发规则是服务 http 请求所以端口 443

2 目标代理

  • 第一个目标代理是targetHttpProxy,这将是第一个转发规则被转发到的地方,并被映射到第一个 URLMap
  • 第二个目标代理是targetHttpsProxy第二个转发规则被转发到的地方,并被映射到第二个 URLMap

==================================================== =======================

下面是一个以托管证书和存储桶作为后端的Cloud Deployment Manager示例

storagebuckets-template.jinja

resources:
- name: {{ properties["bucketExample"] }}
  type: storage.v1.bucket
  properties:
    storageClass: REGIONAL
    location: asia-east2
    cors:
    - origin: ["*"]
      method: [GET]
      responseHeader: [Content-Type]
      maxAgeSeconds: 3600
    defaultObjectAcl:
    - bucket: {{ properties["bucketExample"] }}
      entity: allUsers
      role: READER
    website:
     mainPageSuffix: index.html

backendbuckets-template.jinja

resources:
- name: {{ properties["bucketExample"] }}-backend
  type: compute.beta.backendBucket
  properties:
    bucketName: $(ref.{{ properties["bucketExample"] }}.name)
    enableCdn: true

ipaddresses-template.jinja

resources:
- name: lb-ipaddress
  type: compute.v1.globalAddress

sslcertificates-template.jinja

resources:
- name: example
  type: compute.v1.sslCertificate
  properties:
    type: MANAGED
    managed:
      domains:
      - example1.com
      - example2.com
      - example3.com

loadbalancer-template.jinja

resources:
- name: centralized-lb-http
  type: compute.v1.urlMap
  properties:
    defaultUrlRedirect:
      httpsRedirect: true
      redirectResponseCode: FOUND
- name: centralized-lb-https
  type: compute.v1.urlMap
  properties:
    defaultService: {{ properties["bucketExample"] }}
    pathMatchers:
    - name: example
      defaultService: {{ properties["bucketExample"] }}
      pathRules:
      - service: {{ properties["bucketExample"] }}
        paths:
        - /*
    hostRules:
    - hosts:
      - example1.com
      pathMatcher: example
    - hosts:
      - example2.com
      pathMatcher: example
    - hosts:
      - example3.com
      pathMatcher: example

httpproxys-template.jinja

resources:
- name: lb-http-proxy
  type: compute.v1.targetHttpProxy
  properties:
    urlMap: $(ref.centralized-lb-http.selfLink)
- name: lb-https-proxy
  type: compute.v1.targetHttpsProxy
  properties:
    urlMap: $(ref.centralized-lb-https.selfLink)
    sslCertificates: [$(ref.example.selfLink)]
- name: lb-http-forwardingrule
  type: compute.v1.globalForwardingRule
  properties:
    target: $(ref.lb-http-proxy.selfLink)
    IPAddress: $(ref.lb-ipaddress.address)
    IPProtocol: TCP
    portRange: 80-80
- name: lb-https-forwardingrule
  type: compute.v1.globalForwardingRule
  properties:
    target: $(ref.lb-https-proxy.selfLink)
    IPAddress: $(ref.lb-ipaddress.address)
    IPProtocol: TCP
    portRange: 443-443

模板-bundle.yaml 

 imports:
 - path: backendbuckets-template.jinja
 - path: httpproxies-template.jinja
 - path: ipaddresses-template.jinja
 - path: loadbalancer-template.jinja
 - path: storagebuckets-template.jinja
 - path: sslcertificates-template.jinja

resources:
 - name: storagebuckets
   type: storagebuckets-template.jinja
   properties:
     bucketExample: example-sb
 - name: backendbuckets
   type: backendbuckets-template.jinja
   properties:
     bucketExample: example-sb
 - name: loadbalancer
   type: loadbalancer-template.jinja
   properties:
     bucketExample: $(ref.example-sb-backend.selfLink)
 - name: ipaddresses
   type: ipaddresses-template.jinja
 - name: httpproxies
   type: httpproxies-template.jinja
 - name: sslcertificates
   type: sslcertificates-template.jinja

$ gcloud deployment-manager deployments create infrastructure --config=templates-bundle.yaml > output 命令输出

 NAME                                   TYPE                             STATE      ERRORS  INTENT
 centralized-lb-http                    compute.v1.urlMap                COMPLETED  []
 centralized-lb-https                   compute.v1.urlMap                COMPLETED  []
 example                                compute.v1.sslCertificate        COMPLETED  []
 example-sb                             storage.v1.bucket                COMPLETED  []
 example-sb-backend                     compute.beta.backendBucket       COMPLETED  []
 lb-http-forwardingrule                 compute.v1.globalForwardingRule  COMPLETED  []
 lb-http-proxy                          compute.v1.targetHttpProxy       COMPLETED  []
 lb-https-forwardingrule                compute.v1.globalForwardingRule  COMPLETED  []
 lb-https-proxy                         compute.v1.targetHttpsProxy      COMPLETED  []
 lb-ipaddress                           compute.v1.globalAddress         COMPLETED  []

推荐阅读