Using Target Proxies

Target proxies are referenced by one or more forwarding rules. In the case of HTTP(S) load balancing, proxies route incoming requests to a URL map. In the case of SSL proxy and TCP proxy load balancing, target proxies route incoming requests directly to backend services.

Target proxy properties

See the TargetHttpProxies, TargetHttpsProxies, TargetSslProxies, and TargetTcpProxies resource for descriptions of the properties and methods available to you when working with target proxies through either the REST API or the gcloud command-line tool.

Add a target proxy

To add a target proxy using the Google Cloud Platform Console, perform the following steps:

Console: HTTP

  1. Go to the Load balancing page.

    Go to the Load balancing page

  2. Select Advanced menu.
  3. Select Target proxies.
  4. Click Create target proxy.
  5. Enter a Name.
  6. Optional: Enter a Description.
  7. Select Type HTTP Proxy.
  8. Select a URL map.
  9. Click Create.

Console: HTTPS

  1. Go to the Load balancing page.

    Go to the Load balancing page

  2. Select Advanced menu.
  3. Select Target proxies.
  4. Click Create target proxy.
  5. Enter a Name.
  6. Optional: Enter a Description.
  7. Select Type HTTPS Proxy.
  8. If you already have an SSL certificate resource you want to use as the primary SSL certificate, select it from the Certificate drop-down menu. If not, select Create a new certificate.
    1. Enter a Name.
    2. Either upload (recommended) the following files or copy and paste their contents into the appropriate fields:
      • Public key certificate (.crt file).
      • Certificate chain (.csr file).
      • Private key (.key file).
  9. Add up to 14 additional certificates by repeating the previous step.
  10. Select a URL map.
  11. Click Create.

To add a target proxy using the gcloud command-line tool, use one of the following commands:

gcloud: HTTP 

gcloud compute target-http-proxies create [HTTP_PROXY] \
  --url-map URL_MAP [--description [DESCRIPTION]]

gcloud: HTTPS

HTTPS load balancing supports creating a target HTTPS proxy that has up to 15 SSL certificates. Before you run this command, you must create an SSL certificate resource for each certificate.

You can use SSL policies to control how your HTTPS load balancer negotiates SSL with clients.

You can attach an SSL policy to your target HTTPS proxy by specifying --ssl-policy when you create or update the target proxy.

You can enable or disable the QUIC protocol by specifying --quic-override.

 gcloud compute target-https-proxies create [HTTPS_PROXY] \
   --url-map URL_MAP \
   --ssl-certificates [SSL_CERT_1][,[SSL_CERT_2],...] \
   [--ssl-policy POLICY_NAME] \
   [--quic-override=ENABLE|DISABLE|NONE]

To create a target proxy through the API, send a POST request to:

API: HTTP 

POST https://www.googleapis.com/v1/compute/projects/PROJECT_ID/global/targetHttpProxies

{
  "name": [PROXY_NAME],
  "urlMap": [URL_MAP]
}

API: HTTPS 

POST https://www.googleapis.com/v1/compute/projects/[PROJECT_ID]/global/targetHttpsProxies

{
  "name": [PROXY_NAME],
  "urlMap": [URL_MAP],
  "sslCertificates": [SSL_CERT_1][,[SSL_CERT_2],...]
}

List target proxies

To list target proxies using the GCP Console, perform the following steps:

Console:

  1. Go to the Load balancing page.

    Go to the Load balancing page

  2. Select Advanced menu.
  3. Select Target proxies. You can click on the Type field to sort the results.

To list target proxies using the gcloud command-line tool, use the following command:

gcloud: HTTP 

gcloud compute target-http-proxies list

gcloud: HTTPS 

gcloud compute target-https-proxies list

In the API, send an empty GET request to the following URI:

API: HTTP 

https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/global/targetHttpProxies

API: HTTPS 

https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/global/targetHttpsProxies

Get information about a target proxy

To get information about a single target HTTP or HTTPS proxy using the GCP Console, perform the following steps:

Console

  1. Go to the Load balancing page.

    Go to the Load balancing page

  2. Select Advanced menu.
  3. Select Target proxies.
  4. Select a Target name.
  5. View the Target details screen. To return to the Load balancing screen, click the left-facing arrow at the top of the screen.

To get information about a single target proxy using the gcloud command-line tool, use the following command:

gcloud: HTTP 

gcloud compute target-http-proxies describe [PROXY_NAME]

gcloud: HTTPS 

gcloud compute target-https-proxies describe [PROXY_NAME]

In the API, send an empty GET request to the following URI:

API: HTTP 

https://www.googleapis.com/compute/v1/projects/PROJECT_ID/global/targetHttpProxies/[PROXY_NAME]

API: HTTPS 

https://www.googleapis.com/compute/v1/projects/PROJECT_ID/global/targetHttpsProxies/[PROXY_NAME]

Delete a target proxy

To delete an HTTP or HTTPS target proxy using the GCP Console, perform the following steps:

Console

  1. Go to the Load balancing page.

    Go to the Load balancing page

  2. Select Advanced menu.
  3. Select Target proxies.
  4. Click the checkbox for the Target name to delete.
  5. Click Delete.

To delete a target proxy using the gcloud command-line tool, use the following command:

gcloud: HTTP 

gcloud compute target-http-proxies delete [PROXY_NAME]

gcloud: HTTPS 

gcloud compute target-https-proxies delete [PROXY_NAME]

In the API, send an empty DELETE request to the following URI:

API: HTTP 

https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/global/targetHttpProxies/[PROXY_NAME]

API: HTTPS 

https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/global/targetHttpsProxies/[PROXY_NAME]

Update target proxies

The following three sections contain instructions for updating URL maps and SSL certificate resources, and determining whether the QUIC protocol is enabled.

Update a URL map for the target proxy

To use the GCP Console to update the URL map associated with a target proxy, perform the following steps:

Console: HTTP

  1. Go to the Load balancing page.

    Go to the Load balancing page

  2. Select Advanced menu.
  3. Select Target proxies.
  4. Select a Target name.
  5. Click the Edit pencil.
  6. Select a URL map.
  7. Click Save.
  8. View the Target details screen containing the updated URL map. To return to the Load balancing screen, click the left-facing arrow at the top of the screen.

Console: HTTPS

HTTPS proxies can't be edited. Instead, delete and re-add the target proxy.

To update the URL map associated with a target proxy, use the following gcloud command. The --quic-override flag is valid with the gcloud compute target-https-proxies update command.

gcloud: HTTP 

gcloud compute target-http-proxies update [PROXY_NAME] \
   --url-map [URL_MAP]

gcloud: HTTPS 

gcloud compute target-https-proxies update [PROXY_NAME] \
   --url-map [URL_MAP]

In the API, send a POST request to the following URI, passing the fully-qualified URI to the URL maps to add or remove in the request body:

API: HTTP 

POST https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/global/targetHttpProxies/[PROXY_NAME]/setUrlMap

{
  "urlMap": [URL_MAP]
}

API: HTTPS 

POST https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/global/targetHttpsProxies/[PROXY_NAME]/setUrlMap

{
  "urlMap": [URL_MAP]
}

Update the SSL certificate resource for an HTTPS target proxy

Because HTTP proxies do not use SSL certificates, these instructions only apply to HTTPS proxies.

To update the SSL certificate resources associated with an HTTPS target proxy using the GCP Console, perform the following steps, during which you can specify up to 15 SSL certificate resources:

Console:

  1. Go to the Load balancing page.

    Go to the Load balancing page

  2. Click the Edit pencil for the load balancer that includes the URL map (Host and path rules) for the target proxy.
  3. Click the Edit pencil for an HTTPS Frontend configuration.
  4. In the Certificate pull-down menu, select an existing certificate, or Create a new certificate using these instructions.

gcloud:

To update the SSL certificate resources associated with an HTTPS target proxy using the gcloud command-line tool, use the following command, in which you can specify up to 15 SSL certificate resources:

       gcloud compute target-https-proxies update [PROXY_NAME]   

            --ssl-certificates [SSL_CERT_1][,[SSL_CERT_2],...]

API:

In the API, send a POST request to the following URI, passing the fully-qualified URI of the SSL certificate resources to add or remove in the request body:

POST https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/global/targetHttpsProxies/[PROXY_NAME]/setSslCertificates

{
 "sslCertificates": [ SSL_CERT_1][,[SSL_CERT_2],... ]

}

Update the QUIC protocol setting

HTTPS load balancing supports the use of the QUIC transport protocol with the optional flag --quic-override.

[--quic-override=ENABLE|DISABLE|NONE]

The effects of the flag are as follows:

  • When --quic-override is set to NONE, Google manages whether or not QUIC is used.
  • When the flag is set to ENABLE, the load balancer uses QUIC when possible.
  • When the flag is set to DISABLE, QUIC is not used.

If the --quic-override flag is not specified, NONE is implied.

gcloud compute target-https-proxies update [PROXY_NAME]   \
     --quic-override=ENABLE|DISABLE|NONE

What's next

For more information on the QUIC transport protocol, see QUIC protocol support for HTTPS load balancing.

¿Te ha resultado útil esta página? Enviar comentarios:

Enviar comentarios sobre...

Esta página
Comentarios sobre la documentación
Load Balancing
Comentarios sobre el producto