3

We already tried other solutions on Stack Overflow but they didn't work for us.

We are having issues while redirecting our Domain url from http to https.

When we hit the http://example.com, it is not getting redirected to https://example.com. We have also set up a Google Managed SSL in the Load Balancer in our Google Cloud Network Service.

We are using the Google Cloud Compute Engine for hosting the website and Google domains for url. Apart from that we are using the NGINX as our web server and Laravel as our framework. We also contacted the Google support team but couldn't worked.

Front and Backend Load Balancer Configuration:

  • PHP Framework - Laravel V8
  • Compute Engine - Debian 10 Buster

Below is the code for NGINX config file.

NGINX Default Config file


server 
{
   listen 80;

    server_name example.in www.example.in;

    root /var/www/html/test;

    add_header X-Frame-Options "SAMEORIGIN";

    add_header X-XSS-Protection "1; mode=block";

    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    location / {

        try_files $uri $uri/ /index.php?$query_string;

    }

    location = /favicon.ico { access_log off; log_not_found off; }

    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /index.php;

    location ~ \.php$ {

        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;

        fastcgi_index index.php;

        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;

        include fastcgi_params;

    }

    location ~ /\.(?!well-known).* {

        deny all;

    }

}

Front End Configuration

Backend Configuration

halfer
  • 19,824
  • 17
  • 99
  • 186
Deven Nazare
  • 538
  • 5
  • 24
  • 1
    1) Since you are using a Google Load Balancer while not use URL Redirect in the load balancer? Show your front end and back end configurations in your question. Your Nginx config file shows nothing for HTTPS or redirects. 2) Suggestion. Use URL Redirects at the load balancer. Configure two frontends, one for port 80 (HTTP) and the second for port 443 (HTTPS), configure your backend for only port 80 (HTTP). SSL is handled by the load balancer and your backend instances only handle HTTP traffic. – John Hanley Dec 05 '20 at 08:00
  • @JohnHanley We have Configured only 1 Frontend for port 443 , and 1 Backend for the port 80 . Please find the above screenshot for the Load Balancer Configuration . Should i add port 80 for the Frontend ?? . We shown this to one of the Google Support guy he said the load balancers configurations were right . Please give your suggestions for the same – Deven Nazare Dec 05 '20 at 08:38
  • If the load balancer is not listening on port 80, then you do not have a redirect problem because nobody can connect over `http://` only `https://`. Yes, you should have a frontend listening on port 80. When users type a URL into their browser it defaults to port 80 usually. Some domains such as `.dev` are different (depends on the browser or tool). There are lots of white papers discussing load balancer and backend designs. Invest the time now otherwise spend 10x later fixing problems. – John Hanley Dec 05 '20 at 08:47
  • Hey @JohnHanley , Thank you, your above comment really solved my issue . I just added HTTP port 80 Configuration in my Front End Configuration of my Load balancer ! Really thanks a lot ;) – Deven Nazare Dec 05 '20 at 09:48
  • @JohnHanley i am facing issue while accessing https:// taagaa.in . I am getting error message on my browser as "The connection is not private ". My SSL certificate is based on https:/ /www.taagaa.in . Any guess what should i do ??? – Deven Nazare Jan 02 '21 at 05:14
  • SSL certificates contain `subject alternative names`. You need a name for each website. `www.example.com` is not the same website as `example.com` in respect to identity and security. If you are using Google Managed Certificates, you can create a new certificate with the additional name and add it to the frontend. Google certs do support more than one name in the same certificate. – John Hanley Jan 02 '21 at 05:37
  • @JohnHanley do you mean i should add www.example. com as well as example .com in my Google Managed SSL certificate in the fronted ? Will this work ?? – Deven Nazare Jan 02 '21 at 07:53
  • Yes, Each DNS name is a unique name for SSL certificates. Therefore you need one or more certificates with those names. Refer to this link for more information: https://en.wikipedia.org/wiki/Subject_Alternative_Name – John Hanley Jan 02 '21 at 08:17
  • @JohnHanley I tried adding two names in my Google cert SSL (example .com & www .example.com) but the site stopped working and showing an error as The Site cannot provide a secure connection ERR SSL VER Mismatch ;( . I tried checking the website after completing the Provisioning status with a green tick . Please help :( – Deven Nazare Jan 03 '21 at 10:17
  • This most likely means you have configured the front ends incorrectly. – John Hanley Jan 03 '21 at 17:57

2 Answers2

3

So the below configuration solved my issue.

I just added a new Port 80 (Http) configuration in my Front End configuration of my Load Balancer along with the Port 443 (Https).

Now the Domain URL is getting redirected from http to https with secure connections.

Please refer to the below screenshot of my Load Balancer Frontend Configuration.

Load Balancer Frontend Configuration

Thank you @JohnHanley for your answer ;)

halfer
  • 19,824
  • 17
  • 99
  • 186
Deven Nazare
  • 538
  • 5
  • 24
0

I think your NGINX configuration needs to adjust to listen on port 443 and you need to get the SSL certificate accordingly. Please refer : https://cloud.google.com/community/tutorials/https-load-balancing-nginx.

Sankalp Bhojwani
  • 1
  • 1
  • Nope i already tried your solutions before many times ,but could't work for me .Please look above for the answer that i posted it worked for me – Deven Nazare Dec 05 '20 at 09:58