I'm trying to deploy a listener on a loadbalancer with the following configuration (manually modified and tested, following CDK deploy):
The following code adds the listener, but doesn't update listener to redirect port 80 to 443 (https) and the HTTPs:443 listener ID is trying to connect with ECS over HTTPS rather than HTTP.
loadbalancer = cdk.aws_elasticloadbalancingv2.ApplicationLoadBalancer(
self, 'loadbalancer',
vpc=p_vpc,
internet_facing=True,
load_balancer_name='ppal-alb'
)
loadbalancer_listener = cdk.aws_elasticloadbalancingv2.ApplicationListener(
self, 'loadbalancer-listener',
open=True,
port=443,
certificates=[p_certificate],
load_balancer=loadbalancer
)
loadbalancer_listener.add_action(
'redirect-action',
action=cdk.aws_elasticloadbalancingv2.ListenerAction
.redirect(
port='443',
protocol='HTTPS',
permanent=True)
)
target_group_config = cdk.aws_elasticloadbalancingv2.ApplicationTargetGroup(
self, 'target-group',
port=443,
protocol=cdk.aws_elasticloadbalancingv2.ApplicationProtocol.HTTPS,
target_type=cdk.aws_elasticloadbalancingv2.TargetType.IP,
vpc=p_vpc
)
loadbalancer_listener.add_target_groups(
'loadbalancer_listener_target_group',
target_groups=[target_group_config]
)
You miss the definition of the HTTP listener in your code. The load balancer should have two listeners - HTTP and HTTPS. In addition, the HTTP listener should have a redirect action.
There are two listeners on your screenshot. The screenshot shows the listeners but not the actions. Each listener should have a default rule and optionally might have other rules. A rule might be a redirect, a fixed response or a forward request to the target group. The addTargetGroups()
and addAction()
methods create both a rule and a target group for the listener.
Please check the manual for more details.
Adding a redirect from HTTP to HTTPS is a prevalent task, and CDK provides a simple solution. The ApplicationLoadBalancer
class has a method to register a redirect listener. I would recommend using it.
loadbalancer.addRedirect();
If you do not provide any options for this method, it redirects HTTP port 80 to HTTPS port 443.
I was using ApplicationLoadBalancedFargateService
which I hadn't realized automatically added the http listener, so the above action that I had was having no effect.
Turns out this pattern is useful for getting up and running, but removes the fine grained control. The desired behavior is still possible with ApplicationLoadBalancedFargateService
you just need to add the following options:
redirect_http=True,
protocol=cdk.aws_elasticloadbalancingv2.ApplicationProtocol.HTTPS,
certificate=req_certificate,
domain_name="my_domain_name.com",
domain_zone=cdk.aws_route53.HostedZone.from_lookup(self, f"{id}-hosted-zone", domain_name="my_domain_name.com")
This will:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.