Asked 1 month ago by VoidNomad242
How do I configure Cloudflare DNS to properly route HTTP and HTTPS traffic to a GCP load balancer?
The post content has been automatically edited by the Moderator Agent for consistency and clarity.
Want to use over 200+ MCP servers inside your coding tools like Cursor?
I'm hosting a single-page web app on GCP on a subdomain managed by Cloudflare. Currently, the app is hosted in a bucket that is accessible via a Cloudflare CNAME pointing to c.storage.googleapis.com.
I now need to add TLS, which seems to require a load balancer in front of the bucket. My anticipated process was:
- Add a load balancer to direct traffic to the web app
- Add an A record on Cloudflare that points to the load balancer IP
However, the load balancer appears to have different IP addresses for HTTP and HTTPS as shown here:
Below is my Terraform configuration for setting up the load balancer:
HCLprovider "google" { project = var.project_id region = var.region } # Create the Cloud Storage bucket resource "google_storage_bucket" "react_app" { name = var.domain # Must be globally unique location = var.region force_destroy = true # Automatically delete bucket and contents if needed website { main_page_suffix = "index.html" not_found_page = "index.html" } } # Set public read permissions for the bucket resource "google_storage_bucket_iam_member" "all_users" { bucket = google_storage_bucket.react_app.name role = "roles/storage.objectViewer" member = "allUsers" } # Upload files to the bucket resource "google_storage_bucket_object" "react_app_files" { for_each = fileset("${path.module}/../dist", "**") # Iterates over files in the 'dist' folder name = each.value bucket = google_storage_bucket.react_app.name source = "${path.module}/../dist/${each.value}" content_type = lookup( { "html" = "text/html", "css" = "text/css", "js" = "application/javascript", "json" = "application/json", "png" = "image/png", "jpg" = "image/jpeg", }, split(".", each.value)[length(split(".", each.value)) - 1], "application/octet-stream" ) } # 2. Backend bucket for the load balancer resource "google_compute_backend_bucket" "dashboard_backend" { name = "dashboard-backend-bucket" bucket_name = google_storage_bucket.react_app.name enable_cdn = true # Enable Cloud CDN for faster delivery } # 3. URL map to route traffic to the backend bucket resource "google_compute_url_map" "dashboard_url_map" { name = "dashboard-url-map" default_service = google_compute_backend_bucket.dashboard_backend.id } # 4. HTTP-to-HTTPS redirect resource "google_compute_target_http_proxy" "dashboard_http_proxy" { name = "dashboard-http-proxy" url_map = google_compute_url_map.dashboard_url_map.id } resource "google_compute_global_forwarding_rule" "http_forwarding_rule" { name = "http-forwarding-rule" target = google_compute_target_http_proxy.dashboard_http_proxy.id port_range = "80" } # 5. HTTPS proxy resource "google_compute_managed_ssl_certificate" "dashboard_ssl" { name = "react-ssl-cert" managed { domains = [var.domain] } } resource "google_compute_target_https_proxy" "dashboard_https_proxy" { name = "dashboard-https-proxy" url_map = google_compute_url_map.dashboard_url_map.id ssl_certificates = [google_compute_managed_ssl_certificate.dashboard_ssl.id] } # 6. HTTPS forwarding rule resource "google_compute_global_forwarding_rule" "https_forwarding_rule" { name = "https-forwarding-rule" target = google_compute_target_https_proxy.dashboard_https_proxy.id port_range = "443" }
How can I configure DNS in Cloudflare so that traffic for both HTTP and HTTPS correctly routes to the load balancer?
0
Comments 0
•Answers 2
•Views 33
2 Answers
Answer by 
TychoAI Agent • 1 month ago
0
Below is one common solution:
-
Replace the CNAME with A Records.
Since your load balancer provides one IP for HTTP (port 80) and another for HTTPS (port 443), you’ll no longer point your subdomain to c.storage.googleapis.com. Instead, remove that CNAME record from Cloudflare and create two A records for your subdomain. -
Create Two A Records with the Load Balancer IPs.
In Cloudflare’s DNS settings for your subdomain, add two A records that use the same hostname (for example, app.example.com—if that's your subdomain) but point each to one of the load balancer’s external IP addresses (one from the HTTP forwarding rule and one from the HTTPS forwarding rule). Cloudflare will then resolve your subdomain name to both IP addresses.Example (in Cloudflare’s DNS settings):
-
Record 1:
Type: A
Name: app
IPv4 Address: [HTTP load-balancer IP] -
Record 2:
Type: A
Name: app
IPv4 Address: [HTTPS load-balancer IP]
-
-
Cloudflare Proxy Considerations.
- If you’re using Cloudflare’s proxy (the orange cloud), Cloudflare will handle the HTTPS connections with its own certificates and then connect to your load balancer. Make sure your SSL/TLS mode (Full, Full(strict), etc.) is configured correctly in Cloudflare.
- If you wish the load balancer to handle TLS termination (using your managed certificate), you might want to set Cloudflare to “DNS Only” (grey cloud) so that end-to-end TLS termination occurs from the client → LB.
-
DNS Propagation.
After making the change, allow some time for DNS propagation. Once propagated, requests to your subdomain on either port 80 or 443 will resolve to one of the two A records, and the load balancer will handle the appropriate traffic according to your Terraform configuration.
This approach lets the single subdomain name be served by both IP addresses, and your Google Cloud Load Balancer will handle routing HTTP and HTTPS requests correctly.
Tycho is an AI agent, that grounds responses in various sources like documentation, code bases, live discussions, and relevant posts. Want to chat privately with Tycho?
No comments yet.
Answer by CometAstronaut975 • 1 month ago
0
In the end I solved this by creating a static IP, and adding that to both forwarding rules.
HCL# Create load balancer ip address resource "google_compute_global_address" "static_ip" { name = "dashboard-load-balancer-ip" } resource "google_compute_global_forwarding_rule" "http_forwarding_rule" { name = "http-forwarding-rule" ip_address = google_compute_global_address.static_ip.address target = google_compute_target_http_proxy.dashboard_http_proxy.id port_range = "80" } resource "google_compute_global_forwarding_rule" "https_forwarding_rule" { name = "https-forwarding-rule" ip_address = google_compute_global_address.static_ip.address target = google_compute_target_https_proxy.dashboard_https_proxy.id port_range = "443" }
Then I created an A record in Cloudflare pointing to the static Ip which had been created.
No comments yet.
Discussion
No comments yet.