Redirect all HTTP traffic to HTTPS when using the HTTP(S) Load Balancer on Google Compute Engine

I have HTTP/HTTPS Load Balancing set up on Google Compute Engine with 2 Global Forwarding Rules (HTTP and HTTPS). Each rule points to a back-end service with a protocol of HTTP.

I want all requests to http://* to go to https://*.

As the load balancer talks to the back-end services over HTTP I don't think I can get nginx on the back-end service to send back a 301.

I've tried a dozen small tweaks on google compute and they all end up with google compute returning a 502.

I'm sure somebody else has set this up before. Any tips or pointers in the right direction are much appreciated.

Solution 1:

We have a similar setup using the HTTP / HTTPS load balancer and we managed to force HTTPS. Its not possible directly from the load balancer but you can set it up from your backend service. The Google Cloud load balancer will set the X-Forwarded-Proto http header with either the value http or https. You check this header in your backend service (in our case Varnish but this could also be done in Nginx) and if the value is http then you send back a 301.

Solution 2:

Currently, you can do it directly from HTTP(S) Load Balancing. Google Cloud released Rewrites and Redirects support (since April 2020).

See this article to learn how to setup:

https://cloud.google.com/load-balancing/docs/https/setting-up-traffic-management#console More details about this feature:

https://cloud.google.com/load-balancing/docs/features#routing_and_traffic_management

Solution 3:

I faced this problem today and was able to resolve it using TCP load balancing. If you do not need the HTTP/HTTPS specific load balancer options, perhaps you can use the TCP Load balancer (no SSL) to receive traffic to both port 80 and 443. For traffic from port 80, you can send back 301.