This example shows how to use URL map redirects to redirect all requests from HTTP to HTTPS. This example shows how you set up redirects by using the well-known ports 80 (for HTTP) and 443 (for HTTPS). However, you're not required to use these specific port numbers. Each forwarding rule for an Application Load Balancer can reference a single port from 1-65535.
HTTPS uses TLS (SSL) to encrypt HTTP requests and responses, making it
safer and more secure. A website that uses HTTPS has https://
in the beginning
of its URL instead of http://
.
For existing load balancers
If you already have an HTTPS Application Load Balancer (called here LB1) that is serving HTTPS traffic on port 443, you must create a partial HTTP Application Load Balancer (called here LB2) with the following setup:
- The same frontend IP address used by LB1
- A redirect configured in the URL map
This partial HTTP load balancer uses the same IP address as your HTTPS load balancer and redirects HTTP requests to your load balancer's HTTPS frontend.
This architecture is shown in the following diagram.
Redirecting traffic to your HTTPS load balancer
After you have verified that your HTTPS load balancer (LB1) is working, you can create the partial HTTP load balancer (LB2) with its frontend configured to redirect traffic to LB1.
This example uses the 301 response code. You can instead use a different response code.
To configure the redirect with gcloud
, you must import a YAML file and make
sure that your target HTTP proxy points to the URL map that redirects
traffic. If you're using the Google Cloud console, this is handled for you.
Regional external Application Load Balancers aren't supported in the Google Cloud console.
gcloud
- Create a YAML file
/tmp/web-map-http.yaml
. This example uses MOVED_PERMANENTLY_DEFAULT as the response code. - Validate the URL map.
- Create the HTTP load balancer's URL map by importing the YAML
file. The name for this URL map is
web-map-http
. - Verify that the URL map is updated. Your HTTP load balancer's URL map should look something like this:
- Create a new target HTTP proxy or update an existing target HTTP proxy,
using
web-map-http
as the URL map. - Create a forwarding rule to route incoming requests to
the proxy. The
--address
flag specifieslb-ipv4-1
, which is the same IP address used for the external HTTPS load balancer.
kind: compute#urlMap name: web-map-http defaultUrlRedirect: redirectResponseCode: MOVED_PERMANENTLY_DEFAULT httpsRedirect: True tests: - description: Test with no query parameters host: example.com path: /test/ expectedOutputUrl: https://example.com/test/ expectedRedirectResponseCode: 301 - description: Test with query parameters host: example.com path: /test/?parameter1=value1¶meter2=value2 expectedOutputUrl: https://example.com/test/?parameter1=value1¶meter2=value2 expectedRedirectResponseCode: 301
If the tests pass and the command outputs a success message, save the changes to the URL map.
If you are updating an existing URL map, the following prompt appears:
Url Map [web-map-http] will be overwritten. Do you want to continue (Y/n)?
To continue, press Y.
Testing the HTTP-to-HTTPS redirect
Note the reserved IP address that you are using for both load balancers.
In this example, assume that the reserved IP address is 34.98.77.106
. The
http://34.98.77.106/
URL redirects to https://34.98.77.106/
.
After a few minutes have passed, you can test this by running the following
curl
command.
curl -v http://hostname.com
Sample output:
* Connected to 34.98.77.106 (34.98.77.106) port 80 (#0) > GET / HTTP/1.1 > Host: hostname.com > User-Agent: curl/7.64.0 > Accept: */* > < HTTP/1.1 301 Moved Permanently < Cache-Control: private < Content-Type: text/html; charset=UTF-8 < Referrer-Policy: no-referrer < Location: https://hostname.com < Content-Length: 220 < Date: Fri, 30 Jul 2021 21:32:25 GMT < <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> <TITLE>301 Moved</TITLE></HEAD><BODY> <H1>301 Moved</H1> The document has moved <A HREF="https://hostname.com">here</A>. </BODY></HTML> * Connection #0 to host hostname.com left intact
Related procedures
To use Terraform, see the HTTP-to-HTTPS redirect tab.
For GKE, see the HTTP-to-HTTPS redirects in the GKE documentation.
For internal Application Load Balancers, see Setting up HTTP-to-HTTPS redirect for internal Application Load Balancers.
For other types of redirects, see URL redirects.