5

I have a simple containerized web app (Nginx serving HTML and Javascript) that I deployed to Google Cloud Run.

The problem is, I can't seem to force HTTPS connections even though I already verified and updated the DNS records to do so. A user can still access the unsecured http endpoint of my Cloud Run application if they wanted to.

How to set up a Google Cloud Run service that forces or redirects users to use HTTPS?

Improve this question
3
  • It's not clear to me what you're observing here. You can only do HTTP or HTTPS over a single port, not both at the same time. Commented Apr 16, 2019 at 3:11
  • @DougStevenson Cloud Run could potentially allow users to force HTTPS by redirecting all http requests to https. Commented Apr 16, 2019 at 4:07
  • 1
    Beshoy, I edited the question a bit to take out the irrelevant parts let me know if it loses meaning. Commented Apr 16, 2019 at 4:10

1 Answer 1

Reset to default
7

The LB sends a header called X-Forwarded-Proto that contains either http or https so you can easily redirect with 301 Moved Permanently in case you detect that.

Sample for the edited question with Nginx: http://scottwb.com/blog/2013/10/28/always-on-https-with-nginx-behind-an-elb/

Example Go code:

func main() { http.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) { if request.Header["X-Forwarded-Proto"][0] == "http" { http.Redirect(writer, request, "https://" + request.Host + request.RequestURI, http.StatusMovedPermanently) return } fmt.Printf("Request: %+v, headers: %+v \n", request, request.Header) writer.Write([]byte("hello world")) }) http.ListenAndServe(":"+os.Getenv("PORT"), nil) }
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

No control over LB since essentially Cloud Run is a Knative Paas.
You don't need to control anything. These headers are sent to you by the LB, so all you need to do is return 301 redirect whenever you detect that
My mistake. I should have specified in my question that the only code running in the container is transpiled javascript. This answer is something I could work to implement.
In that case, the container must have some HTTP server running that's serving files. You can use Nginx or other servers to detect such configuration and redirect as well
scottwb.com/blog/2013/10/28/… line 27 and 34-36 looks like they have the answer
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.