linux - 如何使用 GCP 负载平衡器将 HTTP 重定向到 HTTPS
问题描述
我在 GCP 中设置我的负载均衡器,有 2 个节点(Apache httpd),域 lblb.tonegroup.net。
目前我的负载均衡器工作正常,流量在 2 个节点之间切换,但是如何配置将http://lblb.tonegroup.net重定向到https://lblb.tonegroup.net?
是否可以在负载均衡器级别配置它,或者我需要在 apache 级别配置它?我已经安装了 Google Managed SSL 证书,仅供参考。
解决方案
现在使用负载均衡器的流量管理可以实现从 http 到 https 的重定向。
以下是如何在他们的文档中进行设置的示例: https ://cloud.google.com/load-balancing/docs/https/setting-up-traffic-management#console
基本上,您将创建两个“转发规则”,targetproxy 和 urlmap。
2 个 URL 映射
- 在第一个 URL 映射中,您只需设置一个重定向。定义重定向规则如下,这里不需要定义后端服务
httpsRedirect: true
redirectResponseCode: FOUND
- 在第二张地图中,您必须在那里定义您的后端服务
2 转发规则
- 第一条转发规则是服务 http 请求,所以基本上是端口 80
- 第二个转发规则是服务 http 请求所以端口 443
2 目标代理
- 第一个目标代理是
targetHttpProxy
,这将是第一个转发规则被转发到的地方,并被映射到第一个 URLMap - 第二个目标代理是
targetHttpsProxy
第二个转发规则被转发到的地方,并被映射到第二个 URLMap
==================================================== =======================
下面是一个以托管证书和存储桶作为后端的Cloud Deployment Manager示例
storagebuckets-template.jinja
resources:
- name: {{ properties["bucketExample"] }}
type: storage.v1.bucket
properties:
storageClass: REGIONAL
location: asia-east2
cors:
- origin: ["*"]
method: [GET]
responseHeader: [Content-Type]
maxAgeSeconds: 3600
defaultObjectAcl:
- bucket: {{ properties["bucketExample"] }}
entity: allUsers
role: READER
website:
mainPageSuffix: index.html
backendbuckets-template.jinja
resources:
- name: {{ properties["bucketExample"] }}-backend
type: compute.beta.backendBucket
properties:
bucketName: $(ref.{{ properties["bucketExample"] }}.name)
enableCdn: true
ipaddresses-template.jinja
resources:
- name: lb-ipaddress
type: compute.v1.globalAddress
sslcertificates-template.jinja
resources:
- name: example
type: compute.v1.sslCertificate
properties:
type: MANAGED
managed:
domains:
- example1.com
- example2.com
- example3.com
loadbalancer-template.jinja
resources:
- name: centralized-lb-http
type: compute.v1.urlMap
properties:
defaultUrlRedirect:
httpsRedirect: true
redirectResponseCode: FOUND
- name: centralized-lb-https
type: compute.v1.urlMap
properties:
defaultService: {{ properties["bucketExample"] }}
pathMatchers:
- name: example
defaultService: {{ properties["bucketExample"] }}
pathRules:
- service: {{ properties["bucketExample"] }}
paths:
- /*
hostRules:
- hosts:
- example1.com
pathMatcher: example
- hosts:
- example2.com
pathMatcher: example
- hosts:
- example3.com
pathMatcher: example
httpproxys-template.jinja
resources:
- name: lb-http-proxy
type: compute.v1.targetHttpProxy
properties:
urlMap: $(ref.centralized-lb-http.selfLink)
- name: lb-https-proxy
type: compute.v1.targetHttpsProxy
properties:
urlMap: $(ref.centralized-lb-https.selfLink)
sslCertificates: [$(ref.example.selfLink)]
- name: lb-http-forwardingrule
type: compute.v1.globalForwardingRule
properties:
target: $(ref.lb-http-proxy.selfLink)
IPAddress: $(ref.lb-ipaddress.address)
IPProtocol: TCP
portRange: 80-80
- name: lb-https-forwardingrule
type: compute.v1.globalForwardingRule
properties:
target: $(ref.lb-https-proxy.selfLink)
IPAddress: $(ref.lb-ipaddress.address)
IPProtocol: TCP
portRange: 443-443
模板-bundle.yaml
imports:
- path: backendbuckets-template.jinja
- path: httpproxies-template.jinja
- path: ipaddresses-template.jinja
- path: loadbalancer-template.jinja
- path: storagebuckets-template.jinja
- path: sslcertificates-template.jinja
resources:
- name: storagebuckets
type: storagebuckets-template.jinja
properties:
bucketExample: example-sb
- name: backendbuckets
type: backendbuckets-template.jinja
properties:
bucketExample: example-sb
- name: loadbalancer
type: loadbalancer-template.jinja
properties:
bucketExample: $(ref.example-sb-backend.selfLink)
- name: ipaddresses
type: ipaddresses-template.jinja
- name: httpproxies
type: httpproxies-template.jinja
- name: sslcertificates
type: sslcertificates-template.jinja
$ gcloud deployment-manager deployments create infrastructure --config=templates-bundle.yaml > output
命令输出
NAME TYPE STATE ERRORS INTENT
centralized-lb-http compute.v1.urlMap COMPLETED []
centralized-lb-https compute.v1.urlMap COMPLETED []
example compute.v1.sslCertificate COMPLETED []
example-sb storage.v1.bucket COMPLETED []
example-sb-backend compute.beta.backendBucket COMPLETED []
lb-http-forwardingrule compute.v1.globalForwardingRule COMPLETED []
lb-http-proxy compute.v1.targetHttpProxy COMPLETED []
lb-https-forwardingrule compute.v1.globalForwardingRule COMPLETED []
lb-https-proxy compute.v1.targetHttpsProxy COMPLETED []
lb-ipaddress compute.v1.globalAddress COMPLETED []
推荐阅读
- android - 未检测到 Firebase 远程配置条件国家/地区
- ocaml - Ocalmfind 找不到 Z3 包
- apache-kafka - kafka-consumer 在赔偿期间如何工作?
- python - 反 ROC-AUC 值?
- perl - 如何在 perl 中使用对象对哈希进行排序
- libgit2 - 如何从给定文件提交?
- dialogflow-es - DialogFlow 必需参数寿命
- c# - 如何在 TabPage 标题旁边显示 ErrorProvider 错误图标?
- postgresql - ASP NET CORE 部署无法访问我在 Postgresql 上的数据库
- spring-boot - 日志不显示错误级别以下级别的文本