当 IAP 配置了 GCP 负载均衡器时，如何从 HTTP 重定向到 HTTPS？

Question

您描述的方式看起来你的 url-map 有问题因为您可以访问http您的网站的版本。

为了绝对确定，请再检查一次（或创建新的）url-map 使用gcloud命令：

gcloud compute url-maps describe web-map-http

creationTimestamp: '2020-12-02T03:18:27.053-08:00'
defaultUrlRedirect:
  httpsRedirect: true
  redirectResponseCode: MOVED_PERMANENTLY_DEFAULT
fingerprint: KU2hPu1ao=
id: '50586028237895404'
kind: compute#urlMap
name: web-map-http
selfLink: https://www.googleapis.com/compute/v1/projects/xxxxx/global/urlMaps/web-map-http

准备好 URL 映射后，创建目标代理：

gcloud compute target-http-proxies create http-lb-proxy \
   --url-map=web-map-http \
   --global

结果：

gcloud compute target-http-proxies describe http-lb-proxy
creationTimestamp: '2020-12-02T03:19:39.090-08:00'
fingerprint: lgJkIY8E=
id: '3781119498457764'
kind: compute#targetHttpProxy
name: http-lb-proxy
selfLink: https://www.googleapis.com/compute/v1/projects/xxxx/global/targetHttpProxies/http-lb-proxy
urlMap: https://www.googleapis.com/compute/v1/projects/xxxx/global/urlMaps/web-map-http

以及转发规则：

gcloud compute forwarding-rules create http-content-rule \
   --address=lb-ipv4-1 \ # Same IP address used for HTTPS load balancer
   --global \
   --target-http-proxy=http-lb-proxy \
   --ports=80

看起来应该是这样的：

gcloud compute forwarding-rules describe http-content-rule --global
IPAddress: 34.107.123.141
IPProtocol: TCP
creationTimestamp: '2020-12-02T03:22:38.132-08:00'
description: ''
fingerprint: L1vA0Ik9Y=
id: '888330202637841'
kind: compute#forwardingRule
loadBalancingScheme: EXTERNAL
name: http-content-rule
networkTier: PREMIUM
portRange: 80-80
selfLink: https://www.googleapis.com/compute/v1/projects/xxxx/global/forwardingRules/http-content-rule
target: https://www.googleapis.com/compute/v1/projects/xxxx/global/targetHttpProxies/http-lb-proxy

确保 HTTP 和 HTTPS LB 使用相同的公共 IP。如果传入流量未被阻止，请检查防火墙规则。

如果您所有操作都正确，您应该会得到curl与示例中所示的相同的输出。

Answer 1