19

I have HTTP/HTTPS Load Balancing set up on Google Compute Engine with 2 Global Forwarding Rules (HTTP and HTTPS). Each rule points to a back-end service with a protocol of HTTP.

I want all requests to http://* to go to https://*.

As the load balancer talks to the back-end services over HTTP I don't think I can get nginx on the back-end service to send back a 301.

I've tried a dozen small tweaks on google compute and they all end up with google compute returning a 502.

I'm sure somebody else has set this up before. Any tips or pointers in the right direction are much appreciated.

Ryan Leckey
  • 293
  • 1
  • 2
  • 5
  • HTTP to HTTPS redirection (using SSL) is currently not supported through HTTP/HTTPS load balancer. The redirection needs to be configured on your web server (apache, nginx etc). With that said, please don't hesitate to file a feature request for this on the Compute Engine public issue tracker (https://code.google.com/p/google-compute-engine/issues/list). – Faizan Nov 02 '15 at 22:56
  • Thank you; opened an issue: https://code.google.com/p/google-compute-engine/issues/detail?id=255&thanks=255&ts=1446612833 – Ryan Leckey Nov 04 '15 at 04:54
  • Ok perfect, I have forwarded the feature request to engineering. – Faizan Nov 04 '15 at 15:18
  • @Faizan - is there a timeline when this feature will be available? It's been around 2 years since the feature was requested. The workaround is clunky. – talonx Aug 21 '17 at 06:10
  • The new link for this request is https://issuetracker.google.com/issues/35904733 (though the old one still redirects). – Daniel Compton Oct 05 '17 at 23:03

3 Answers3

20

We have a similar setup using the HTTP / HTTPS load balancer and we managed to force HTTPS. Its not possible directly from the load balancer but you can set it up from your backend service. The Google Cloud load balancer will set the X-Forwarded-Proto http header with either the value http or https. You check this header in your backend service (in our case Varnish but this could also be done in Nginx) and if the value is http then you send back a 301.

Lennert Kuijpers
  • 516
  • 3
  • 5
  • 8
    Thanks! For the sake of posterity: `if ($http_x_forwarded_proto = "http") {` `return 301 https://$host$request_uri;` `}` – Ryan Leckey Nov 13 '15 at 08:27
  • You should use HTTP `426` upgrade header rather than 301. Read More: http://stackoverflow.com/questions/17873247/is-http-status-code-426-upgrade-required-only-meant-signal-an-upgrade-to-a-secur – Vikram Tiwari Jun 09 '16 at 22:12
  • 3
    I disagree Vikram, you must use a 301 for SEO purposes. If you return a 4xx family code your pagerank will not flow across from links pointing to the old http over to https. 301 is the expected code, at least if you care about SEO on your site. – Cyril Graze Jul 05 '17 at 06:33
  • 1
    @VikramTiwari, the post answer actually states: "It's not even about upgrading from http:// to https:// at all" – Rambatino Jul 01 '18 at 12:59
2

Currently, you can do it directly from HTTP(S) Load Balancing. Google Cloud released Rewrites and Redirects support (since April 2020).

See this article to learn how to setup:

https://cloud.google.com/load-balancing/docs/https/setting-up-traffic-management#console More details about this feature:

https://cloud.google.com/load-balancing/docs/features#routing_and_traffic_management

Sergio Francisco
  • 31
  • 3
1

I faced this problem today and was able to resolve it using TCP load balancing. If you do not need the HTTP/HTTPS specific load balancer options, perhaps you can use the TCP Load balancer (no SSL) to receive traffic to both port 80 and 443. For traffic from port 80, you can send back 301.

gselva
  • 11
  • 1
  • 1
    tcp load balancing is not permitted for port 80 [doc](https://cloud.google.com/compute/docs/load-balancing/tcp-ssl/tcp-proxy) > TCP Proxy Load Balancing supports the following ports: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 – Giovanni Toraldo Oct 30 '17 at 16:43