DocsICP FilingConsole
官方文档
首页

Redirect HTTP to HTTPS with CLB

更新时间:
复制 MD 格式
产品详情
我的收藏

HTTPS is a secure protocol that encrypts data in transit. After you upgrade your services to HTTPS, you can use CLB to seamlessly redirect HTTP requests to HTTPS. This topic describes how to use CLB to redirect HTTP requests to HTTPS.

Key features

  • Seamless transition: The fast and seamless redirection from HTTP to HTTPS ensures an uninterrupted browsing experience for your users.

  • Reduced server load: The load balancer handles redirection, offloading this task from your backend servers. This frees your servers to focus on core application logic and improves their efficiency.

Use cases

  • Upgrade to HTTPS: Secure existing websites or applications by migrating from HTTP to HTTPS. This enhances data transmission security.

  • Domain name changes or site migration: When you move a website to a new domain, use redirection to ensure uninterrupted access for users.

Example

A company that purchased a CLB instance and configured an HTTP listener now needs to upgrade its website to HTTPS for better data security. To prevent service interruptions during the upgrade, the company uses the CLB instance to redirect HTTP requests to HTTPS. This ensures a smooth transition and secures business data.

image

Usage notes

  • The HTTP redirection feature of CLB is available in all regions. You can configure the redirection status code only in the UK (London) region. In other regions, the default redirection status code is 302.

  • When you configure HTTP to HTTPS redirection, the HTTP and HTTPS listeners must be on the same CLB instance.

  • Redirection by Listener cannot be enabled for an existing HTTP listener on a CLB instance. You must enable Redirection by Listener when you create the HTTP listener.

Prerequisites

  • Create two backend servers, ECS01 and ECS02, and deploy an application on each. In this topic, the servers use the Alibaba Cloud Linux 3.2104 LTS 64-bit operating system. For more information, see Create an instance by using the wizard.

    Example commands to deploy test services on ECS instances

    Example commands for deploying a test application on ECS01:

    yum install -y nginx
systemctl start nginx.service
cd /usr/share/nginx/html/
echo "Hello World ! This is ECS01." > index.html

    Example commands for deploying a test application on ECS02:

    yum install -y nginx
systemctl start nginx.service
cd /usr/share/nginx/html/
echo "Hello World ! This is ECS02." > index.html

  • Create a CLB instance. This topic uses an internet-facing CLB instance as an example. For more information, see Create and manage CLB instances.

  • Purchase a certificate or upload a third-party certificate to Certificate Management Service and bind it to your domain name. For more information, see Enable HTTPS for a website by using a certificate.

Procedure

Step 1: Create an HTTPS listener

  1. Log on to the Classic Load Balancer console.

  2. In the top navigation bar, select the region where your CLB instance is deployed.

  3. On the Instances page, find the target instance, and then click Configure Listener in the Actions column.

  4. In the Protocol & Listener step, configure the listener as follows and click Next.

    This topic describes only the required parameters. Keep the default values for all other parameters. For more information about other parameters, see Add an HTTPS listener.

    • Select Listener Protocol: HTTPS.

    • Listener Port: 443.

  5. In the Certificate Management Service step, select an existing server certificate, or click Create Server Certificate from the Server Certificate drop-down list. Keep the default values for other parameters and click Next.

  6. In the Backend Servers step, add backend servers to a server group. This topic uses the Default Server Group as an example.

    1. Select Default Server Group and click Add More.

    2. In the Servers panel, select ECS01 and ECS02, and then click Next.

    3. In the Ports/Weights step, set the weights for ECS01 and ECS02, and then click Add.

    4. Set the ports for both ECS01 and ECS02 to 80, and then click Next.

  7. In the Health Check step, keep the default settings and click Next.

  8. In the Confirm step, review the listener configuration and click Submit. When the confirmation dialog box appears, click OK.

Step 2: Configure the HTTP listener forwarding rule

  1. On the Listener tab, click Add Listener.

  2. In the Protocol & Listener step, configure the listener using the following information, accept the defaults for other settings, and click Next.

    Parameter

    Description

    Select Listener Protocol

    The protocol used by the listener.

    In this topic, select HTTP.

    Listener Port

    The port that receives requests and forwards them to backend servers.

    In this topic, set this parameter to 80.

    Advanced Settings

    Click Modify to expand the advanced settings.

    In this topic, only Redirection by Listener is modified. Keep the default values for other parameters.

    Redirection by Listener

    Enables redirection of traffic from the HTTP listener to an HTTPS listener.

    In this topic, enable Redirection by Listener, and for Listener, select the HTTPS listener that you created in Step 1: Create an HTTPS listener.

    Only the UK (London) region supports Custom Redirect Status Code. You can configure other redirect status codes. The default value of Custom Redirect Status Code is 302.

  3. On the Confirm page, click Submit. After the configuration is successful, click OK.

After Redirection by Listener is enabled, all requests to HTTP:80 on the CLB instance are redirected to HTTPS:443. The requests are then forwarded based on the HTTPS listener's configuration.

Step 3: Configure DNS

Note

  • If your domain name is not registered with Alibaba Cloud, you must first add it to the Alibaba Cloud DNS console before you can configure domain name resolution.

  • If your CLB instance is internal-facing, you must associate an Elastic IP address (EIP) with it and then create an A record that maps the domain name to the EIP for public access.

  1. In the left-side navigation pane, choose CLB > Instances.

  2. On the Instances page, select the target instance and copy its IP Address.

  3. To add an A record:

    1. Log on to the Alibaba Cloud DNS console.

    2. On the Public Zone page, find the target domain name and click Settings in the Actions column.

    3. On the Settings page, click Add Record.

    4. In the Add Record panel, configure the following parameters. You can leave the other parameters at their default values or modify them as needed. Then, click OK.

      Parameter

      Description

      Record Type

      Select A from the drop-down list.

      Hostname

      The prefix for your domain name.

      Note

      If you are creating a record for a root domain, set the hostname to @.

      Record Value

      Enter the IP address of your CLB instance that you copied.

Step 4: Verify the result

From a client with internet access, test if HTTP requests to the CLB instance are redirected to HTTPS.

  1. Open a command-line interface (CLI) on your client.

  2. Run the curl -v http://<CLB domain name> command. A 302 status code is returned, which indicates that requests to CLB are redirected to HTTPS.

    C:\Users\admin>curl -v http://your.domain.com
*   Trying 192.0.2.1:80...
* Connected to your.domain.com (192.0.2.1) port 80
> GET / HTTP/1.1
> Host: your.domain.com
> User-Agent: curl/8.4.0
> Accept: */*
>
&lt; HTTP/1.1 302 Found
&lt; Date: Wed, 17 Jul 2024 03:13:13 GMT
&lt; Content-Type: text/html
&lt; Content-Length: 154
&lt; Connection: keep-alive
&lt; Location: https://your.domain.com
&lt; Via: HTTP/1.1 SLB.94
&lt;
&lt;html&gt;
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host your.domain.com left intact

Redirection status codes

The following table describes the redirection status codes that CLB supports.

Status code

Description

301

Permanent redirection. Indicates the resource has permanently moved to a new URL. Clients should use the new URL for future requests.

302

Temporary redirection. Indicates the resource is temporarily at a different URL. Clients should continue using the original URL for future requests.

307

Temporary redirection. Unlike 302, this status code does not allow changing the request method from POST to GET.

FAQ

Cannot find the Redirection by Listener option

Redirection by Listener cannot be enabled for an existing HTTP listener on a CLB instance. You must recreate the HTTP listener to enable Redirection by Listener.

References

CLB redirects traffic based on listener rules. In contrast, Application Load Balancer (ALB) redirects requests at the application layer, which provides more flexibility and a wider range of configuration options, such as path-based or header-based redirection. For more information, see Use ALB to redirect HTTP requests to HTTPS.

Previous:Advanced Forwarding FeaturesNext:Configure path-based forwarding rules