El contenido no se encuentra disponible en el idioma seleccionado. Estamos trabajando continuamente para agregar más idiomas. Gracias por su apoyo.

Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Situation Awareness
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
Software Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive
Help Center/ Elastic Load Balance/ Best Practices/ Using ELB to Redirect HTTP Requests to an HTTPS Listener for Higher Service Security

Using ELB to Redirect HTTP Requests to an HTTPS Listener for Higher Service Security

Updated on 2024-11-12 GMT+08:00

Scenarios

HTTPS is an extension of HTTP. HTTPS encrypts data between a web server and a browser. You can use ELB to redirect HTTP requests to an HTTPS listener to improve your service security.

CAUTION:
  • If the listener protocol is HTTP, only the GET or HEAD method can be used for redirection. If you create a redirect for an HTTP listener, the client browser will change POST or other methods to GET. If you want to use other methods rather than GET and HEAD, add an HTTPS listener.
  • HTTP requests are forwarded to the HTTPS listener as HTTPS requests, which are then routed to backend servers over HTTP.
  • If HTTP requests are redirected to an HTTPS listener, no certificate can be deployed on the backend servers associated with the HTTPS listener. If certificates are deployed, HTTPS requests will not take effect.

Prerequisites

  • You have created a dedicated load balancer. For details, see Creating a Dedicated Load Balancer.
  • You have created two ECSs (ECS_client and ECS_server) that are running in the same VPC as the dedicated load balancer. ECS_client sends HTTP requests, while ECS_server processes requests. For details, see Purchasing an ECS.
  • You have gotten a server certificate ready for adding an HTTPS listener. For details, see Adding a Server Certificate.

Procedure

Figure 1 Procedure for redirecting HTTPS requests to an HTTPS listener

Step 1: Create an HTTPS Listener

  1. Go to the load balancer list page.
  2. On the displayed page, locate the target load balancer and click its name.
  3. On the Listeners tab, click Add Listener. Configure the parameters based on Table 1.
    Figure 2 Adding an HTTPS listener
    Table 1 Parameters for configuring an HTTPS listener

    Parameter

    Example Value

    Description

    Name

    listener-HTTPS

    Specifies the listener name.

    Frontend Protocol

    HTTPS

    Specifies the protocol that will be used by the load balancer to receive requests from clients.

    Frontend Port

    443

    Specifies the port that will be used by the load balancer to receive requests from clients.

    SSL Authentication

    One-way authentication

    Specifies how you want the clients and backend servers to be authenticated. In this practice, One-way authentication is selected.

    Server Certificate

    The existing server certificate

    Specifies the certificate that will be used by the backend server for SSL handshake negotiation to authenticate clients and ensure encrypted transmission.

    Enable SNI

    Not enabled

    Specifies whether to enable SNI when HTTPS is used as the frontend protocol. SNI can be used when a server uses multiple domain names and certificates.

    Access Control

    All IP addresses

    Specifies how access to the listener is controlled. Access from specific IP addresses can be controlled using a whitelist or blacklist.

    Transfer Client IP Address

    Enabled by default

    Specifies whether to transmit IP addresses of the clients to backend servers.

    Advanced Forwarding

    Enabled

    Specifies whether to enable the advanced forwarding policy. You can add advanced forwarding policies to HTTP or HTTPS listeners to forward requests to different backend server groups.

  4. Retain the default values for parameters under Advanced Settings and click Next: Configure Request Routing Policy.
  5. Select Create new for Backend Server Group, retain the default values for other parameters, and click Next: Add Backend Server.
  6. Add ECS_server to the backend server group you have created, enable Health Check, and retain the default values for the health check.
  7. Click Next: Confirm and then click Submit.

Step 2: Configure HTTP to HTTPS Redirection

You can enable redirection when adding an HTTP listener and select an HTTPS listener to which requests are redirected. Alternatively, you can add a forwarding policy for an HTTP listener to redirect requests to an HTTPS listener.

  1. Log in to the management console.
  2. In the upper left corner of the page, click and select the desired region and project.
  3. Click in the upper left corner to display Service List and choose Networking > Elastic Load Balance.
  4. On the Load Balancers page, locate the target load balancer and click its name.
  5. On the Listeners tab, click Add Listener. Configure the parameters based on Table 2.
    Figure 3 Adding an HTTP Listener
    Table 2 Parameters for configuring an HTTP listener

    Parameter

    Example Value

    Description

    Name

    listener-HTTP

    Specifies the listener name.

    Frontend Protocol

    HTTP

    Specifies the protocol that will be used by the load balancer to receive requests from clients.

    Frontend Port

    80

    Specifies the port that will be used by the load balancer to receive requests from clients.

    Redirect

    Enabled

    Specifies whether to enable redirection. You can use this function to redirect the requests from an HTTP listener to an HTTPS listener to ensure security.

    Redirected To

    listener-HTTPS

    Specifies the HTTPS listener to which requests are redirected. Select the HTTPS listener created in section Step 1: Create an HTTPS Listener, listener-HTTPS.

    Access Control

    All IP addresses

    Specifies how access to the listener is controlled. Access from specific IP addresses can be controlled using a whitelist or blacklist.

    Transfer Client IP Address

    Enabled by default

    Specifies whether to transmit IP addresses of the clients to backend servers.

    Advanced Forwarding

    Enabled

    Specifies whether to enable the advanced forwarding policy. You can add advanced forwarding policies to HTTP or HTTPS listeners to forward requests to different backend server groups.

  6. Retain the default values for parameters under Advanced Settings and click Next: Confirm.
  7. Click Submit.
  1. Log in to the management console.
  2. In the upper left corner of the page, click and select the desired region and project.
  3. Click in the upper left corner to display Service List and choose Networking > Elastic Load Balance.
  4. On the Load Balancers page, locate the target load balancer and click its name.
  5. On the Listeners tab, click Add Listener. Configure the parameters based on Table 3.
    Figure 4 Adding an HTTP Listener
    Table 3 Parameters for configuring an HTTP listener

    Parameter

    Example Value

    Description

    Name

    listener-HTTP

    Specifies the listener name.

    Frontend Protocol

    HTTP

    Specifies the protocol that will be used by the load balancer to receive requests from clients.

    Frontend Port

    80

    Specifies the port that will be used by the load balancer to receive requests from clients.

    Redirect

    Not enabled

    Specifies whether to enable redirection. You can use this function to redirect the requests from an HTTP listener to an HTTPS listener to ensure security.

    Access Control

    All IP addresses

    Specifies how access to the listener is controlled. Access from specific IP addresses can be controlled using a whitelist or blacklist.

    Transfer Client IP Address

    Enabled by default

    Specifies whether to transmit IP addresses of the clients to backend servers.

    Advanced Forwarding

    Enabled

    Specifies whether to enable the advanced forwarding policy. You can add advanced forwarding policies to HTTP or HTTPS listeners to forward requests to different backend server groups.

  6. Retain the default values for parameters under Advanced Settings and click Next: Configure Request Routing Policy.
  7. Select Create new for Backend Server Group, retain the default values for other parameters, and click Next: Add Backend Server.
  8. Add ECS_server to the backend server group you have created, enable Health Check, and retain the default values for the health check.
  9. Click Next: Confirm and then click Submit.
  10. On the Configuration Result page, click Add now under the Next: Add a Forwarding Policy (Optional) area.
  11. Click Add Forwarding Policy to configure redirection.
    Table 4 Configuring parameters for redirection

    Parameter

    Setting

    Action

    Select Redirect to another listener.

    Listener

    Select the HTTPS listener to which requests are redirected.

  12. After the forwarding policy is added, click Save.
    Figure 5 Redirection to an HTTPS listener
  1. Log in to the management console.
  2. In the upper left corner of the page, click and select the desired region and project.
  3. Click in the upper left corner to display Service List and choose Networking > Elastic Load Balance.
  4. On the Load Balancers page, locate the target load balancer and click its name.
  5. On the Listeners tab, click Add Listener. Configure the parameters based on Table 2.
    Figure 3 Adding an HTTP Listener
    Table 2 Parameters for configuring an HTTP listener

    Parameter

    Example Value

    Description

    Name

    listener-HTTP

    Specifies the listener name.

    Frontend Protocol

    HTTP

    Specifies the protocol that will be used by the load balancer to receive requests from clients.

    Frontend Port

    80

    Specifies the port that will be used by the load balancer to receive requests from clients.

    Redirect

    Enabled

    Specifies whether to enable redirection. You can use this function to redirect the requests from an HTTP listener to an HTTPS listener to ensure security.

    Redirected To

    listener-HTTPS

    Specifies the HTTPS listener to which requests are redirected. Select the HTTPS listener created in section Step 1: Create an HTTPS Listener, listener-HTTPS.

    Access Control

    All IP addresses

    Specifies how access to the listener is controlled. Access from specific IP addresses can be controlled using a whitelist or blacklist.

    Transfer Client IP Address

    Enabled by default

    Specifies whether to transmit IP addresses of the clients to backend servers.

    Advanced Forwarding

    Enabled

    Specifies whether to enable the advanced forwarding policy. You can add advanced forwarding policies to HTTP or HTTPS listeners to forward requests to different backend server groups.

  6. Retain the default values for parameters under Advanced Settings and click Next: Confirm.
  7. Click Submit.
  1. Log in to the management console.
  2. In the upper left corner of the page, click and select the desired region and project.
  3. Click in the upper left corner to display Service List and choose Networking > Elastic Load Balance.
  4. On the Load Balancers page, locate the target load balancer and click its name.
  5. On the Listeners tab, click Add Listener. Configure the parameters based on Table 3.
    Figure 4 Adding an HTTP Listener
    Table 3 Parameters for configuring an HTTP listener

    Parameter

    Example Value

    Description

    Name

    listener-HTTP

    Specifies the listener name.

    Frontend Protocol

    HTTP

    Specifies the protocol that will be used by the load balancer to receive requests from clients.

    Frontend Port

    80

    Specifies the port that will be used by the load balancer to receive requests from clients.

    Redirect

    Not enabled

    Specifies whether to enable redirection. You can use this function to redirect the requests from an HTTP listener to an HTTPS listener to ensure security.

    Access Control

    All IP addresses

    Specifies how access to the listener is controlled. Access from specific IP addresses can be controlled using a whitelist or blacklist.

    Transfer Client IP Address

    Enabled by default

    Specifies whether to transmit IP addresses of the clients to backend servers.

    Advanced Forwarding

    Enabled

    Specifies whether to enable the advanced forwarding policy. You can add advanced forwarding policies to HTTP or HTTPS listeners to forward requests to different backend server groups.

  6. Retain the default values for parameters under Advanced Settings and click Next: Configure Request Routing Policy.
  7. Select Create new for Backend Server Group, retain the default values for other parameters, and click Next: Add Backend Server.
  8. Add ECS_server to the backend server group you have created, enable Health Check, and retain the default values for the health check.
  9. Click Next: Confirm and then click Submit.
  10. On the Configuration Result page, click Add now under the Next: Add a Forwarding Policy (Optional) area.
  11. Click Add Forwarding Policy to configure redirection.
    Table 4 Configuring parameters for redirection

    Parameter

    Setting

    Action

    Select Redirect to another listener.

    Listener

    Select the HTTPS listener to which requests are redirected.

  12. After the forwarding policy is added, click Save.
    Figure 5 Redirection to an HTTPS listener
NOTE:
  • After the redirection is added, the configurations for the HTTP listener will not be applied, but access control configured for that listener will still be applied.
  • After the redirection is added for an HTTP listener, the backend server will return 301 Moved Permanently to the clients.

Step 3: Verify the Redirection to HTTPS

Remotely log in to ECS_client and run curl -H "Accept-Language: zh-CN,zh" "http://ELB-private-IP-address:80 to check whether HTTP requests are redirected.

If 301 Moved Permanently is returned, as shown in the below figure, HTTP requests are directed to an HTTP listener.

Figure 6 Verifying redirection to an HTTPS listener

Utilizamos cookies para mejorar nuestro sitio y tu experiencia. Al continuar navegando en nuestro sitio, tú aceptas nuestra política de cookies. Descubre más

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback