Cloud Load Balancing HTTPS 重定向不適用於特定主機

tag-icon tag-icon load-balancing google-cloud-platform
Cloud Load Balancing HTTPS 重定向不適用於特定主機

在我的負載平衡器中,我有 6 台主機,在所有主機中,除了一台 HTTPS 重定向運作良好。我嘗試了所有可能的配置,並閱讀了 Google 提供的所有文件(概念、操作指南、參考),例如https://cloud.google.com/load-balancing/docs/https/setting-up-http-https-redirect#setting_up_the_http_load_balancer無濟於事...

讓我發瘋的是,在同一個主機中url-map,有一個主機,其 HTTPS 重定向工作 100%,這是不起作用的主機的「相同」副本。這是我的url-map兩台主機隔離的情況:

defaultUrlRedirect:
  httpsRedirect: true
  redirectResponseCode: MOVED_PERMANENTLY_DEFAULT
  stripQuery: false

hostRules:
 - hosts:
   # I'm not using an actual record for this particular host, the following two are real
 - app.rocketseat.dev
  pathMatcher: path-matcher-staging
 - hosts:
 - app.rocketseat.com.br
  pathMatcher: path-matcher-production
 - hosts:
 - umbriel.rocketseat.dev
  pathMatcher: path-matcher-umbriel


pathMatchers:
- defaultService: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client-staging
  name: path-matcher-staging
  pathRules:
  - paths:
    - /api/*
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendServices/app-staging
  - paths:
    - /*
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client-staging
  - paths:
    - /admin
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /index.html
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/admin-client-staging
  - paths:
    - /admin/*
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/admin-client-staging
  - paths:
    - /h
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /index.html
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/hubble-client-staging
  - paths:
    - /h/*
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/hubble-client-staging
  - paths:
    - /favicon.ico
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /favicon.png
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client-staging


- defaultService: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client
  name: path-matcher-production
  pathRules:
  - paths:
    - /api/*
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendServices/app
  - paths:
    - /*
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client
  - paths:
    - /admin
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /index.html
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/admin-client
  - paths:
    - /admin/*
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/admin-client
  - paths:
    - /h
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /index.html
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/hubble-client
  - paths:
    - /h/*
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/hubble-client
  - paths:
    - /favicon.ico
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /favicon.png
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client

http://app.rocketseat.dev/api/hello返回:

{
  "jsonPayload": {
    "@type": "type.googleapis.com/google.cloud.loadbalancing.type.LoadBalancerLogEntry",
    "statusDetails": "response_sent_by_backend"
  },
  "resource": {
    "type": "http_load_balancer",
    "labels": {
      "backend_service_name": "app-staging",
      "forwarding_rule_name": "app-forwarding-rule-2",
      "target_proxy_name": "app-target-https-proxy",
      "url_map_name": "app-url-map"
    }
  },
  "severity": "INFO"
}

http://app.rocketseat.com.br/api/hello回報

{
  "jsonPayload": {
    "@type": "type.googleapis.com/google.cloud.loadbalancing.type.LoadBalancerLogEntry",
    "statusDetails": "response_sent_by_backend"
  },
  "resource": {
    "type": "http_load_balancer",
    "labels": {
      "backend_service_name": "app",
      "forwarding_rule_name": "app-forwarding-rule",
      "target_proxy_name": "app-target-http-proxy",
      "url_map_name": "app-url-map"
    }
  },
  "severity": "INFO"
}

我想,也許後端服務/儲存桶配置可能有所不同,但它們也是相同的。

附加輸出:

# gcloud compute url-maps describe app-http-url-map

defaultUrlRedirect:
  httpsRedirect: true
  redirectResponseCode: MOVED_PERMANENTLY_DEFAULT
kind: compute#urlMap
name: app-http-url-map
selfLink: https://www.googleapis.com/compute/v1/projects/my-project-id/global/urlMaps/app-http-url-map

---
# gcloud compute target-http-proxies describe app-target-http-proxy

kind: compute#targetHttpProxy
name: app-target-http-proxy
selfLink: https://www.googleapis.com/compute/v1/projects/my-project-id/global/targetHttpProxies/app-target-http-proxy
urlMap: https://www.googleapis.com/compute/v1/projects/my-project-id/global/urlMaps/app-url-map

---
# gcloud compute target-https-proxies describe app-target-https-proxy

kind: compute#targetHttpsProxy
name: app-target-https-proxy
quicOverride: NONE
selfLink: https://www.googleapis.com/compute/v1/projects/my-project-id/global/targetHttpsProxies/app-target-https-proxy
sslCertificates:
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/xesque
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/europa
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/umbriel
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/flexbalancer
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/dev
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/app
urlMap: https://www.googleapis.com/compute/v1/projects/my-project-id/global/urlMaps/app-url-map

答案1

根據您提供的資訊以及在類似情況下,您可能為 HTTP 到 HTTPS 重新導向配置了一個 URL 對應。然而,您需要建立一個 HTTP URL 映射,其唯一目的是將流量重新導向到您在其中配置 hostRules 和 pathMatchers 的 HTTPS URL 映射。

在這個例子,「web-map-http」的建立只是為了將 HTTP 流量重新導向到 HTTPS URL 映射“web-map-https”,而「web-map-https」是您配置 hostRules 和 pathMatchers 的位置。

Cloud Console 應顯示兩個負載平衡器

為 HTTP 到 HTTPS 重定向和主機規則建立一個 url 映射可能有效,但這不是建議的方法。

答案2

我最終意識到問題不在於主機本身,而是我的 URL 映射中的 HTTPS 重定向僅適用於以下網域:谷歌域名。我嘗試將其餘網域遷移到同一個 DNS 提供者/服務(Google雲端DNS)但重定向仍然不起作用。某種較低層級的 HTTP 重定向或 GCP 和 Google Domains 之間的整合?我不知道,我從來沒有見過這樣的事情。

我再次嘗試遵循 HTTP 到 HTTPS 重定向例子。同樣,它不起作用,如果您按照範例進行操作,則在存取 HTTP URL 時總是會遇到 404 錯誤。

但是,如果您將帶有以下路徑匹配器的主機規則新增至 URL 對應:

defaultUrlRedirect:
  httpsRedirect: true
  redirectResponseCode: MOVED_PERMANENTLY_DEFAULT
  stripQuery: false
hostRules:
- hosts:
  - '*'
  pathMatcher: path-matcher-wildcard
kind: compute#urlMap
name: app-http-url-map
pathMatchers:
- defaultUrlRedirect:
    httpsRedirect: true
    redirectResponseCode: MOVED_PERMANENTLY_DEFAULT
    stripQuery: false
  name: path-matcher-wildcard
selfLink: https://www.googleapis.com/compute/v1/projects/my-project-id/global/urlMaps/app-http-url-map

您的所有流量將被重新導向到 HTTPS。 :)

相關內容