Cloud Load Balancing HTTPS 리디렉션이 특정 호스트에서 작동하지 않음
Aug 20 2020
내로드 밸런서에는 모든 호스트에 6 개의 호스트가 있지만 하나는 HTTPS 리디렉션이 완벽하게 작동합니다. 가능한 모든 구성을 시도하고 Google에서 제공하는 모든 문서 (개념, 방법 가이드, 참조)를 읽었습니다.https://cloud.google.com/load-balancing/docs/https/setting-up-http-https-redirect#setting_up_the_http_load_balancer 소용 없어 ...
나를 미치게 만드는 것은 url-mapHTTPS 리디렉션이 100 % 작동하는 호스트가 있다는 것입니다. 이는 작동하지 않는 것과 "동일한"복사본입니다. 이것은 url-map두 개의 호스트가 격리 된 내 입니다.
defaultUrlRedirect:
httpsRedirect: true
redirectResponseCode: MOVED_PERMANENTLY_DEFAULT
stripQuery: false
hostRules:
- hosts:
# I'm not using an actual record for this particular host, the following two are real
- app.rocketseat.dev
pathMatcher: path-matcher-staging
- hosts:
- app.rocketseat.com.br
pathMatcher: path-matcher-production
- hosts:
- umbriel.rocketseat.dev
pathMatcher: path-matcher-umbriel
pathMatchers:
- defaultService: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client-staging
name: path-matcher-staging
pathRules:
- paths:
- /api/*
routeAction:
urlRewrite:
pathPrefixRewrite: /
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendServices/app-staging
- paths:
- /*
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client-staging
- paths:
- /admin
routeAction:
urlRewrite:
pathPrefixRewrite: /index.html
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/admin-client-staging
- paths:
- /admin/*
routeAction:
urlRewrite:
pathPrefixRewrite: /
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/admin-client-staging
- paths:
- /h
routeAction:
urlRewrite:
pathPrefixRewrite: /index.html
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/hubble-client-staging
- paths:
- /h/*
routeAction:
urlRewrite:
pathPrefixRewrite: /
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/hubble-client-staging
- paths:
- /favicon.ico
routeAction:
urlRewrite:
pathPrefixRewrite: /favicon.png
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client-staging
- defaultService: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client
name: path-matcher-production
pathRules:
- paths:
- /api/*
routeAction:
urlRewrite:
pathPrefixRewrite: /
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendServices/app
- paths:
- /*
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client
- paths:
- /admin
routeAction:
urlRewrite:
pathPrefixRewrite: /index.html
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/admin-client
- paths:
- /admin/*
routeAction:
urlRewrite:
pathPrefixRewrite: /
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/admin-client
- paths:
- /h
routeAction:
urlRewrite:
pathPrefixRewrite: /index.html
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/hubble-client
- paths:
- /h/*
routeAction:
urlRewrite:
pathPrefixRewrite: /
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/hubble-client
- paths:
- /favicon.ico
routeAction:
urlRewrite:
pathPrefixRewrite: /favicon.png
service: https://www.googleapis.com/compute/v1/projects/my-project-id/global/backendBuckets/student-client
http://app.rocketseat.dev/api/hello 보고:
{
"jsonPayload": {
"@type": "type.googleapis.com/google.cloud.loadbalancing.type.LoadBalancerLogEntry",
"statusDetails": "response_sent_by_backend"
},
"resource": {
"type": "http_load_balancer",
"labels": {
"backend_service_name": "app-staging",
"forwarding_rule_name": "app-forwarding-rule-2",
"target_proxy_name": "app-target-https-proxy",
"url_map_name": "app-url-map"
}
},
"severity": "INFO"
}
http://app.rocketseat.com.br/api/hello 보고
{
"jsonPayload": {
"@type": "type.googleapis.com/google.cloud.loadbalancing.type.LoadBalancerLogEntry",
"statusDetails": "response_sent_by_backend"
},
"resource": {
"type": "http_load_balancer",
"labels": {
"backend_service_name": "app",
"forwarding_rule_name": "app-forwarding-rule",
"target_proxy_name": "app-target-http-proxy",
"url_map_name": "app-url-map"
}
},
"severity": "INFO"
}
백엔드 서비스 / 버킷 구성에 약간의 차이가있을 수 있다고 생각했지만 동일합니다.
추가 출력 :
# gcloud compute url-maps describe app-http-url-map
defaultUrlRedirect:
httpsRedirect: true
redirectResponseCode: MOVED_PERMANENTLY_DEFAULT
kind: compute#urlMap
name: app-http-url-map
selfLink: https://www.googleapis.com/compute/v1/projects/my-project-id/global/urlMaps/app-http-url-map
---
# gcloud compute target-http-proxies describe app-target-http-proxy
kind: compute#targetHttpProxy
name: app-target-http-proxy
selfLink: https://www.googleapis.com/compute/v1/projects/my-project-id/global/targetHttpProxies/app-target-http-proxy
urlMap: https://www.googleapis.com/compute/v1/projects/my-project-id/global/urlMaps/app-url-map
---
# gcloud compute target-https-proxies describe app-target-https-proxy
kind: compute#targetHttpsProxy
name: app-target-https-proxy
quicOverride: NONE
selfLink: https://www.googleapis.com/compute/v1/projects/my-project-id/global/targetHttpsProxies/app-target-https-proxy
sslCertificates:
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/xesque
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/europa
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/umbriel
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/flexbalancer
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/dev
- https://www.googleapis.com/compute/v1/projects/my-project-id/global/sslCertificates/app
urlMap: https://www.googleapis.com/compute/v1/projects/my-project-id/global/urlMaps/app-url-map
답변
1 KhalidK Sep 05 2020 at 02:06
친절하게 제공 한 정보와 유사한 시나리오를 기반으로 HTTP-HTTPS 리디렉션에 대해 하나의 URL 맵을 구성했을 수 있습니다. 반면 hostRules 및 pathMatchers를 구성하는 HTTPS URL 맵으로 트래픽을 리디렉션하는 것이 유일한 목적인 HTTP URL 맵을 만들어야합니다.
이러한면에서 exemple , "웹지도-HTTP는"로 리디렉션 HTTP 트래픽만을 생성 된 HTTPS URL지도는 hostRules 및 pathMatchers를 구성 할 경우 "웹지도-HTTPS"입니다 "웹지도-HTTPS"와.
Cloud Console에 두 개의 부하 분산기가 표시되어야합니다.
HTTP에서 HTTPS 로의 리디렉션 및 호스트 규칙에 대해 하나의 URL 맵을 만들면 작동 할 수 있지만 권장되는 방법은 아닙니다.
1 GuilhermePellizzetti Sep 17 2020 at 03:29
결국 문제가 호스트 자체가 아니라 내 URL 맵의 HTTPS 리디렉션이 Google Domains의 도메인에서만 작동한다는 것을 깨달았습니다 . 나머지 도메인을 동일한 DNS 공급자 / 서비스 ( Google Cloud DNS ) 로 마이그레이션하려고 했지만 리디렉션이 여전히 작동하지 않습니다. 일종의 하위 수준 HTTP 리디렉션 또는 GCP와 Google Domains 간의 통합일까요? 모르겠어요. 그런 건 본 적이 없어요.
다시 한 번 HTTP-to-HTTPS 리디렉션 예제 를 따르려고했습니다 . 다시 말하지만, 작동하지 않았습니다. 예제를 따르면 HTTP URL에 액세스하는 동안 항상 404 오류가 발생합니다.
그러나 다음과 같은 경로 일치자가있는 호스트 규칙을 URL 맵에 추가하는 경우 :
defaultUrlRedirect:
httpsRedirect: true
redirectResponseCode: MOVED_PERMANENTLY_DEFAULT
stripQuery: false
hostRules:
- hosts:
- '*'
pathMatcher: path-matcher-wildcard
kind: compute#urlMap
name: app-http-url-map
pathMatchers:
- defaultUrlRedirect:
httpsRedirect: true
redirectResponseCode: MOVED_PERMANENTLY_DEFAULT
stripQuery: false
name: path-matcher-wildcard
selfLink: https://www.googleapis.com/compute/v1/projects/my-project-id/global/urlMaps/app-http-url-map
모든 트래픽이 HTTPS로 리디렉션됩니다. :)