Google Cloud Tweak Ingress and Healthcheck

Now  you have everything is on the GKE cluster, differents namespaces, deployments, products and devs.

As always locally it works on the machine but once deployed you get the terrible HTTP/502 the new Blue Screen of Death.

Why ?

Then you troubleshoot ?

    You got 502 after a 30s timeout ?

    You log to the logs /index.html and get HTTP/404 !

What's wrong ? You look to ingress configuration Nginx container, ... then you realize each products have their specificites some have no /index.html, just a response to /, other need a longer timeout to upload or process stuff and so on.

Cloud brings another layer of complexity, for this reason sometimes you need to tweak backend-services and health-checks.

By default backend-services (loadbalancer) have a 30s timeout default.

You can list them and find you backend-services rules

gcloud compute backend-services list

Sometimes it's easier from the console to get the loadbalancer then the backend service you need.

Then you can check with describe

gcloud compute backend-services describe k8s-be-30080--9747qarggg396bf0 --global

Then you can update your timeout or any other settings

gcloud compute backend-services update k8s-be-30080--9747qarggg396bf0 --global --timeout=600

Take a coffee to give time to apply and Bingo your HTTP/502 disappear.

Well this one.

You can also tweak healthcheck

From the console find the healthcheck you need.

You can also list them 

gcloud compute health-checks list --global

Then describe to control

gcloud compute health-checks describe k8s-be-30569--9747df6bftswwq5c396bf0

Update the healthcheck to your needs

gcloud compute health-checks update http k8s-be-30569--9747df6bftswwq5c396bf0 --request-path=/

Now you managed a second HTTP/502 error.

Congratulations

What's next ?

Redirect HTTP to HTTPS using Apache and Google Cloud Platform Loadbalancer

Using Apache to redirect HTTP to HTTP, if https version of the site is not configured via Apache ModSSL it doesn't set %{HTTPS} variable to "on" and keeps redirecting infinitely.

The best way to do is to send X-Forwarded-Proto header from load balancer to Apache and configure RewriteCond as follow.

If not already done enablerewrite and ssl

a2enmod rewrite
a2enmod ssl

Then in HTTP vhost configure

<VirtualHost *:80>
....

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L,R=301]

...

</VirtualHost>

Instead of the common usage :

RewriteCond %{HTTPS} off

source : https://stackoverflow.com/a/19722706

Google cloud platform, forward HTTP to HTTPS

 Hello,

One of the common issue using GCP is loadbalancer HTTP to HTTPS forward.
Still a feature request but not resolved yet.

The best solution I found is the following.
Using Nginx server, HTTP connection are forward to HTTPS in server:443 part.

server {
        listen 443 ssl default_server;
        listen [::]:443 ssl;
if ($http_x_forwarded_proto = "http") {
        return 301 https://$host$request_uri;
    }
(rest of your configuration : ssl, ...)
}


This way your site is always HTTPS.