6

I've setup the standard GCP load balancer to point to my instance group. It talks over the same port on the instance. I would like to redirect http to https. I would normally do this in nginx or apache on the instance but that won't work since its https already from the load balancer.

Is there a way to rewrite the url similar to if I was using nginx and apache to load balance in GCP's Load Balancer? or should I forward http and https to the instance and have the instance handle the rewrite as I normally would. I'm new to GCP thanks in advance.

Community
  • 1
  • 1
Jared
  • 1,269
  • 2
  • 10
  • 14
  • ever figure this out? – Riley Lark Jun 09 '16 at 19:28
  • 1
    Naturally I found a great answer right after adding this bounty! Anyone who wants to do a nice writeup of http://serverfault.com/questions/733166/redirect-all-http-traffic-to-https-when-using-the-https-load-balancer-on-googl or just link this question there can have my points! – Riley Lark Jun 09 '16 at 19:33

1 Answers1

4

You can set it up the same way as Nginx does. When you see traffic on a port which is not https, you redirect it to HTTPs.

To do this, you can use X-Forwarded-Proto header which contains the protocol using which the traffic came in. On your server, you can simply look for traffic that has http header and upgrade that request to HTTPS.

Most commonly used way is to use 301 redirect, but that is not a great practice. One should use HTTP 426 upgrade request header.

Read more: Is HTTP status code 426 Upgrade Required only meant signal an upgrade to a secure channel is required?

RFC doc: https://www.rfc-editor.org/rfc/rfc2616#section-14.42

Community
  • 1
  • 1
Vikram Tiwari
  • 3,615
  • 1
  • 29
  • 39