在我的负载均衡器中,我有 6 个主机,除一个主机外,其他所有主机的 HTTPS 重定向都运行正常。我尝试了所有可能的配置,并阅读了 Google 提供的所有文档(概念、操作指南、参考资料),例如https://cloud.google.com/load-balancing/docs/https/setting-up-http-https-redirect#setting_up_the_http_load_balancer无济于事……
让我抓狂的是,在同一个url-map
主机中,有一个主机的 HTTPS 重定向 100% 有效,它是无效主机的“相同”副本。这是我url-map
将两个主机隔离后的情况:
defaultUrlRedirect:
httpsRedirect: true
redirectResponseCode: MOVED_PERMANENTLY_DEFAULT
stripQuery: false
hostRules:
- hosts:
# I'm not using an actual record for this particular host, the following two are real
- app.rocketseat.dev
pathMatcher: path-matcher-staging
- hosts:
- app.rocketseat.com.br
pathMatcher: path-matcher-production
- hosts:
- umbriel.rocketseat.dev
pathMatcher: path-matcher-umbriel
pathMatchers:
- defaultService: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client-staging
name: path-matcher-staging
pathRules:
- paths:
- /api/*
routeAction:
urlRewrite:
pathPrefixRewrite: /
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendServices/app-staging
- paths:
- /*
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client-staging
- paths:
- /admin
routeAction:
urlRewrite:
pathPrefixRewrite: /index.html
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/admin-client-staging
- paths:
- /admin/*
routeAction:
urlRewrite:
pathPrefixRewrite: /
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/admin-client-staging
- paths:
- /h
routeAction:
urlRewrite:
pathPrefixRewrite: /index.html
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/hubble-client-staging
- paths:
- /h/*
routeAction:
urlRewrite:
pathPrefixRewrite: /
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/hubble-client-staging
- paths:
- /favicon.ico
routeAction:
urlRewrite:
pathPrefixRewrite: /favicon.png
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client-staging
- defaultService: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client
name: path-matcher-production
pathRules:
- paths:
- /api/*
routeAction:
urlRewrite:
pathPrefixRewrite: /
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendServices/app
- paths:
- /*
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client
- paths:
- /admin
routeAction:
urlRewrite:
pathPrefixRewrite: /index.html
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/admin-client
- paths:
- /admin/*
routeAction:
urlRewrite:
pathPrefixRewrite: /
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/admin-client
- paths:
- /h
routeAction:
urlRewrite:
pathPrefixRewrite: /index.html
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/hubble-client
- paths:
- /h/*
routeAction:
urlRewrite:
pathPrefixRewrite: /
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/hubble-client
- paths:
- /favicon.ico
routeAction:
urlRewrite:
pathPrefixRewrite: /favicon.png
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client
http://app.rocketseat.dev/api/hello
返回:
{
"jsonPayload": {
"@type": "type.googleapis.com/google.cloud.loadbalancing.type.LoadBalancerLogEntry",
"statusDetails": "response_sent_by_backend"
},
"resource": {
"type": "http_load_balancer",
"labels": {
"backend_service_name": "app-staging",
"forwarding_rule_name": "app-forwarding-rule-2",
"target_proxy_name": "app-target-https-proxy",
"url_map_name": "app-url-map"
}
},
"severity": "INFO"
}
http://app.rocketseat.com.br/api/hello
返回
{
"jsonPayload": {
"@type": "type.googleapis.com/google.cloud.loadbalancing.type.LoadBalancerLogEntry",
"statusDetails": "response_sent_by_backend"
},
"resource": {
"type": "http_load_balancer",
"labels": {
"backend_service_name": "app",
"forwarding_rule_name": "app-forwarding-rule",
"target_proxy_name": "app-target-http-proxy",
"url_map_name": "app-url-map"
}
},
"severity": "INFO"
}
我想,也许后端服务/存储桶配置可能会有所不同,但它们也是相同的。
附加输出:
# gcloud compute url-maps describe app-http-url-map
defaultUrlRedirect:
httpsRedirect: true
redirectResponseCode: MOVED_PERMANENTLY_DEFAULT
kind: compute#urlMap
name: app-http-url-map
selfLink: https://www.googleapis.com/compute/v1/projects/my-project-id/global/urlMaps/app-http-url-map
---
# gcloud compute target-http-proxies describe app-target-http-proxy
kind: compute#targetHttpProxy
name: app-target-http-proxy
selfLink: https://www.googleapis.com/compute/v1/projects/my-project-id/global/targetHttpProxies/app-target-http-proxy
urlMap: https://www.googleapis.com/compute/v1/projects/my-project-id/global/urlMaps/app-url-map
---
# gcloud compute target-https-proxies describe app-target-https-proxy
kind: compute#targetHttpsProxy
name: app-target-https-proxy
quicOverride: NONE
selfLink: https://www.googleapis.com/compute/v1/projects/my-project-id/global/targetHttpsProxies/app-target-https-proxy
sslCertificates:
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/xesque
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/europa
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/umbriel
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/flexbalancer
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/dev
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/app
urlMap: https://www.googleapis.com/compute/v1/projects/my-project-id/global/urlMaps/app-url-map
答案1
根据您提供的信息以及类似情况,您可能已为 HTTP 到 HTTPS 重定向配置了一个 URL 映射。然而,您需要创建一个 HTTP URL 映射,其唯一目的是将流量重定向到您配置 hostRules 和 pathMatchers 的 HTTPS URL 映射。
在此例子, “web-map-http” 仅用于将 HTTP 流量重定向到 HTTPS URL 映射“web-map-https”,而“web-map-https”是您配置 hostRules 和 pathMatchers 的地方。
为 HTTP 到 HTTPS 重定向和主机规则创建一个 URL 映射可能会有效,但这不是推荐的方式。
答案2
我最终意识到问题不在于主机本身,而是我的 URL 映射中的 HTTPS 重定向仅适用于来自Google 域名。我尝试将其余域名迁移到同一 DNS 提供商/服务(Google 云端 DNS),但重定向仍然不起作用。某种低级 HTTP 重定向,或者可能是 GCP 和 Google Domains 之间的集成?我不知道,我从未见过这样的事情。
我再次尝试遵循 HTTP 到 HTTPS 的重定向例子。同样,它不起作用,如果您按照示例操作,您将在访问 HTTP URL 时始终遇到 404 错误。
但是如果你向 URL 映射中添加带有路径匹配器的主机规则,如下所示:
defaultUrlRedirect:
httpsRedirect: true
redirectResponseCode: MOVED_PERMANENTLY_DEFAULT
stripQuery: false
hostRules:
- hosts:
- '*'
pathMatcher: path-matcher-wildcard
kind: compute#urlMap
name: app-http-url-map
pathMatchers:
- defaultUrlRedirect:
httpsRedirect: true
redirectResponseCode: MOVED_PERMANENTLY_DEFAULT
stripQuery: false
name: path-matcher-wildcard
selfLink: https://www.googleapis.com/compute/v1/projects/my-project-id/global/urlMaps/app-http-url-map
您的所有流量都将被重定向到 HTTPS。:)