如何使用GCP负载均衡器将HTTP重定向到HTTPS

本文介绍了如何使用GCP负载均衡器将HTTP重定向到HTTPS的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我正在使用域lblb.tonegroup在GCP中设置我的负载平衡器，其中有2个节点(ApacheHTTPD)。

目前我的负载均衡器工作正常，流量正在两个节点之间切换，但我如何配置以重定向lblb.tonegroup到lblb.tonegroup？

是否可以在负载均衡器级别配置它，或者我需要在Apache级配置它？我已安装Google托管的SSL证书，仅供参考。

推荐答案

现在，使用负载平衡器的流量管理可以将从http重定向到HTTPS。

下面是如何在他们的文档中设置它的示例： cloud.google/load-balancing/docs/https/setting-up-traffic-management#console

基本上，您将为每个"转发规则"创建两个目标代理和urlmap。

2 URLMap

• 在第一个URL映射中，您只需设置重定向。定义重定向规则如下，不需要在此定义后端服务
  • httpsRedirect: true
  • redirectResponseCode: FOUND
• 在第二张地图中，您必须在那里定义您的后端服务

2转发规则

• 第一条转发规则是服务http请求，因此基本上是端口80
• 第二条转发规则是服务http请求SO端口443

2目标代理

• 第一个目标代理是targetHttpProxy，这将是第一个转发规则转发到的位置并映射到第一个URLMap
• 第二个目标代理是转发第二个转发规则并映射到第二个URLMap的位置targetHttpsProxy

========================================================================

下面是一个使用托管证书和存储存储桶作为后端的云部署管理器示例

storagebuckets-template.jinja

resources: - name: {{ properties["bucketExample"] }} type: storage.v1.bucket properties: storageClass: REGIONAL location: asia-east2 cors: - origin: ["*"] method: [GET] responseHeader: [Content-Type] maxAgeSeconds: 3600 defaultObjectAcl: - bucket: {{ properties["bucketExample"] }} entity: allUsers role: READER website: mainPageSuffix: index.html

backendbuckets-template.jinja

resources: - name: {{ properties["bucketExample"] }}-backend type: compute.beta.backendBucket properties: bucketName: $(ref.{{ properties["bucketExample"] }}.name) enableCdn: true

ipaddresses-template.jinja

resources: - name: lb-ipaddress type: compute.v1.globalAddress

sslcertificates-template.jinja

resources: - name: example type: compute.v1.sslCertificate properties: type: MANAGED managed: domains: - example1 - example2 - example3

loadbalancer-template.jinja

resources: - name: centralized-lb-http type: compute.v1.urlMap properties: defaultUrlRedirect: httpsRedirect: true redirectResponseCode: FOUND - name: centralized-lb-https type: compute.v1.urlMap properties: defaultService: {{ properties["bucketExample"] }} pathMatchers: - name: example defaultService: {{ properties["bucketExample"] }} pathRules: - service: {{ properties["bucketExample"] }} paths: - /* hostRules: - hosts: - example1 pathMatcher: example - hosts: - example2 pathMatcher: example - hosts: - example3 pathMatcher: example

httpproxies-template.jinja

resources: - name: lb-http-proxy type: compute.v1.targetHttpProxy properties: urlMap: $(ref.centralized-lb-http.selfLink) - name: lb-https-proxy type: compute.v1.targetHttpsProxy properties: urlMap: $(ref.centralized-lb-https.selfLink) sslCertificates: [$(ref.example.selfLink)] - name: lb-http-forwardingrule type: compute.v1.globalForwardingRule properties: target: $(ref.lb-http-proxy.selfLink) IPAddress: $(ref.lb-ipaddress.address) IPProtocol: TCP portRange: 80-80 - name: lb-https-forwardingrule type: compute.v1.globalForwardingRule properties: target: $(ref.lb-https-proxy.selfLink) IPAddress: $(ref.lb-ipaddress.address) IPProtocol: TCP portRange: 443-443

模板-bundle.yaml

imports: - path: backendbuckets-template.jinja - path: httpproxies-template.jinja - path: ipaddresses-template.jinja - path: loadbalancer-template.jinja - path: storagebuckets-template.jinja - path: sslcertificates-template.jinja resources: - name: storagebuckets type: storagebuckets-template.jinja properties: bucketExample: example-sb - name: backendbuckets type: backendbuckets-template.jinja properties: bucketExample: example-sb - name: loadbalancer type: loadbalancer-template.jinja properties: bucketExample: $(ref.example-sb-backend.selfLink) - name: ipaddresses type: ipaddresses-template.jinja - name: httpproxies type: httpproxies-template.jinja - name: sslcertificates type: sslcertificates-template.jinja

$ gcloud deployment-manager deployments create infrastructure --config=templates-bundle.yaml > output 命令输出

NAME TYPE STATE ERRORS INTENT centralized-lb-http compute.v1.urlMap COMPLETED [] centralized-lb-https compute.v1.urlMap COMPLETED [] example compute.v1.sslCertificate COMPLETED [] example-sb storage.v1.bucket COMPLETED [] example-sb-backend compute.beta.backendBucket COMPLETED [] lb-http-forwardingrule compute.v1.globalForwardingRule COMPLETED [] lb-http-proxy compute.v1.targetHttpProxy COMPLETED [] lb-https-forwardingrule compute.v1.globalForwardingRule COMPLETED [] lb-https-proxy compute.v1.targetHttpsProxy COMPLETED [] lb-ipaddress compute.v1.globalAddress COMPLETED []