Il reindirizzamento HTTPS di Cloud Load Balancing non funziona per un host specifico

Aug 20 2020

Nel mio bilanciamento del carico ho 6 host, in tutti gli host tranne uno il reindirizzamento HTTPS funziona perfettamente. Ho provato ogni configurazione possibile e ho letto tutti i documenti forniti da Google (concetti, guide pratiche, riferimenti), comehttps://cloud.google.com/load-balancing/docs/https/setting-up-http-https-redirect#setting_up_the_http_load_balancer inutilmente...

Quello che mi fa impazzire è che nella stessa url-mapc'è un host, il cui reindirizzamento HTTPS funziona al 100%, che è una copia "identica" di quello che non funziona. Questo è il mio url-mapcon i due host isolati:

defaultUrlRedirect:
  httpsRedirect: true
  redirectResponseCode: MOVED_PERMANENTLY_DEFAULT
  stripQuery: false

hostRules:
 - hosts:
   # I'm not using an actual record for this particular host, the following two are real
 - app.rocketseat.dev
  pathMatcher: path-matcher-staging
 - hosts:
 - app.rocketseat.com.br
  pathMatcher: path-matcher-production
 - hosts:
 - umbriel.rocketseat.dev
  pathMatcher: path-matcher-umbriel


pathMatchers:
- defaultService: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client-staging
  name: path-matcher-staging
  pathRules:
  - paths:
    - /api/*
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendServices/app-staging
  - paths:
    - /*
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client-staging
  - paths:
    - /admin
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /index.html
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/admin-client-staging
  - paths:
    - /admin/*
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/admin-client-staging
  - paths:
    - /h
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /index.html
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/hubble-client-staging
  - paths:
    - /h/*
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/hubble-client-staging
  - paths:
    - /favicon.ico
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /favicon.png
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client-staging


- defaultService: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client
  name: path-matcher-production
  pathRules:
  - paths:
    - /api/*
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendServices/app
  - paths:
    - /*
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client
  - paths:
    - /admin
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /index.html
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/admin-client
  - paths:
    - /admin/*
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/admin-client
  - paths:
    - /h
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /index.html
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/hubble-client
  - paths:
    - /h/*
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/hubble-client
  - paths:
    - /favicon.ico
    routeAction:
      urlRewrite:
        pathPrefixRewrite: /favicon.png
    service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client

http://app.rocketseat.dev/api/hello ritorna:

{
  "jsonPayload": {
    "@type": "type.googleapis.com/google.cloud.loadbalancing.type.LoadBalancerLogEntry",
    "statusDetails": "response_sent_by_backend"
  },
  "resource": {
    "type": "http_load_balancer",
    "labels": {
      "backend_service_name": "app-staging",
      "forwarding_rule_name": "app-forwarding-rule-2",
      "target_proxy_name": "app-target-https-proxy",
      "url_map_name": "app-url-map"
    }
  },
  "severity": "INFO"
}

http://app.rocketseat.com.br/api/hello ritorna

{
  "jsonPayload": {
    "@type": "type.googleapis.com/google.cloud.loadbalancing.type.LoadBalancerLogEntry",
    "statusDetails": "response_sent_by_backend"
  },
  "resource": {
    "type": "http_load_balancer",
    "labels": {
      "backend_service_name": "app",
      "forwarding_rule_name": "app-forwarding-rule",
      "target_proxy_name": "app-target-http-proxy",
      "url_map_name": "app-url-map"
    }
  },
  "severity": "INFO"
}

Ho pensato, forse potrebbe esserci qualche differenza nella configurazione del servizio / bucket di backend, ma sono anche identici.

Uscita aggiuntiva:

# gcloud compute url-maps describe app-http-url-map

defaultUrlRedirect:
  httpsRedirect: true
  redirectResponseCode: MOVED_PERMANENTLY_DEFAULT
kind: compute#urlMap
name: app-http-url-map
selfLink: https://www.googleapis.com/compute/v1/projects/my-project-id/global/urlMaps/app-http-url-map

---
# gcloud compute target-http-proxies describe app-target-http-proxy

kind: compute#targetHttpProxy
name: app-target-http-proxy
selfLink: https://www.googleapis.com/compute/v1/projects/my-project-id/global/targetHttpProxies/app-target-http-proxy
urlMap: https://www.googleapis.com/compute/v1/projects/my-project-id/global/urlMaps/app-url-map

---
# gcloud compute target-https-proxies describe app-target-https-proxy

kind: compute#targetHttpsProxy
name: app-target-https-proxy
quicOverride: NONE
selfLink: https://www.googleapis.com/compute/v1/projects/my-project-id/global/targetHttpsProxies/app-target-https-proxy
sslCertificates:
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/xesque
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/europa
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/umbriel
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/flexbalancer
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/dev
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/app
urlMap: https://www.googleapis.com/compute/v1/projects/my-project-id/global/urlMaps/app-url-map

Risposte

1 KhalidK Sep 05 2020 at 02:06

In base alle informazioni gentilmente fornite e in scenari simili, è possibile che tu abbia configurato una mappa URL per il reindirizzamento da HTTP a HTTPS. Considerando che, è necessario creare una mappa URL HTTP il cui unico scopo è reindirizzare il traffico alla mappa URL HTTPS in cui si configurano hostRules e pathMatcher.

In questo esempio , "web-map-http" viene creato esclusivamente per reindirizzare il traffico HTTP alla mappa URL HTTPS "web-map-https" e "web-map-https" è dove si configurano hostRules e pathMatcher.

La Cloud Console dovrebbe visualizzare due bilanciatori del carico

La creazione di una mappa URL per il reindirizzamento da HTTP a HTTPS e le regole host potrebbe funzionare ma non è il modo consigliato.

1 GuilhermePellizzetti Sep 17 2020 at 03:29

Ho finito per rendermi conto che il problema non era con l'host stesso, ma che il reindirizzamento HTTPS nella mia mappa URL funzionava solo per i domini di Google Domains . Ho provato a migrare il resto dei domini allo stesso provider / servizio DNS ( Google Cloud DNS ) ma il reindirizzamento continua a non funzionare. Una sorta di reindirizzamento HTTP di livello inferiore o forse un'integrazione tra GCP e Google Domains? Non lo so, non ho mai visto niente del genere.

Ancora una volta, ho provato a seguire l' esempio di reindirizzamento da HTTP a HTTPS . Anche in questo caso, non ha funzionato, se segui l'esempio incontrerai sempre un errore 404 durante l'accesso all'URL HTTP.