19

I have HTTP/HTTPS Load Balancing set up on Google Compute Engine with 2 Global Forwarding Rules (HTTP and HTTPS). Each rule points to a back-end service with a protocol of HTTP.

I want all requests to http://* to go to https://*.

As the load balancer talks to the back-end services over HTTP I don't think I can get nginx on the back-end service to send back a 301.

I've tried a dozen small tweaks on google compute and they all end up with google compute returning a 502.

I'm sure somebody else has set this up before. Any tips or pointers in the right direction are much appreciated.

Improve this question
5
  • HTTP to HTTPS redirection (using SSL) is currently not supported through HTTP/HTTPS load balancer. The redirection needs to be configured on your web server (apache, nginx etc). With that said, please don't hesitate to file a feature request for this on the Compute Engine public issue tracker (code.google.com/p/google-compute-engine/issues/list). Commented Nov 2, 2015 at 22:56
  • Thank you; opened an issue: code.google.com/p/google-compute-engine/issues/… Commented Nov 4, 2015 at 4:54
  • Ok perfect, I have forwarded the feature request to engineering. Commented Nov 4, 2015 at 15:18
  • @Faizan - is there a timeline when this feature will be available? It's been around 2 years since the feature was requested. The workaround is clunky. Commented Aug 21, 2017 at 6:10
  • The new link for this request is issuetracker.google.com/issues/35904733 (though the old one still redirects). Commented Oct 5, 2017 at 23:03

3 Answers 3

Reset to default
20

We have a similar setup using the HTTP / HTTPS load balancer and we managed to force HTTPS. Its not possible directly from the load balancer but you can set it up from your backend service. The Google Cloud load balancer will set the X-Forwarded-Proto http header with either the value http or https. You check this header in your backend service (in our case Varnish but this could also be done in Nginx) and if the value is http then you send back a 301.

Improve this answer
4
  • 8
    Thanks! For the sake of posterity: if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; } Commented Nov 13, 2015 at 8:27
  • You should use HTTP 426 upgrade header rather than 301. Read More: stackoverflow.com/questions/17873247/… Commented Jun 9, 2016 at 22:12
  • 3
    I disagree Vikram, you must use a 301 for SEO purposes. If you return a 4xx family code your pagerank will not flow across from links pointing to the old http over to https. 301 is the expected code, at least if you care about SEO on your site. Commented Jul 5, 2017 at 6:33
  • 1
    @VikramTiwari, the post answer actually states: "It's not even about upgrading from http:// to https:// at all" Commented Jul 1, 2018 at 12:59
2

Currently, you can do it directly from HTTP(S) Load Balancing. Google Cloud released Rewrites and Redirects support (since April 2020).

See this article to learn how to setup:

https://cloud.google.com/load-balancing/docs/https/setting-up-traffic-management#console More details about this feature:

https://cloud.google.com/load-balancing/docs/features#routing_and_traffic_management

Improve this answer
1

I faced this problem today and was able to resolve it using TCP load balancing. If you do not need the HTTP/HTTPS specific load balancer options, perhaps you can use the TCP Load balancer (no SSL) to receive traffic to both port 80 and 443. For traffic from port 80, you can send back 301.

Improve this answer
1
  • 1
    tcp load balancing is not permitted for port 80 doc > TCP Proxy Load Balancing supports the following ports: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 Commented Oct 30, 2017 at 16:43

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.