Represents a RegionTargetHttpsProxy resource, which is used by one or more forwarding rules to route incoming HTTPS requests to a URL map.
To get more information about RegionTargetHttpsProxy, see:
resource "google_compute_region_target_https_proxy" "default" {
region = "us-central1"
name = "test-proxy"
url_map = google_compute_region_url_map.default.id
ssl_certificates = [google_compute_region_ssl_certificate.default.id]
}
resource "google_compute_region_ssl_certificate" "default" {
region = "us-central1"
name = "my-certificate"
private_key = file("path/to/private.key")
certificate = file("path/to/certificate.crt")
}
resource "google_compute_region_url_map" "default" {
region = "us-central1"
name = "url-map"
description = "a description"
default_service = google_compute_region_backend_service.default.id
host_rule {
hosts = ["mysite.com"]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = google_compute_region_backend_service.default.id
path_rule {
paths = ["/*"]
service = google_compute_region_backend_service.default.id
}
}
}
resource "google_compute_region_backend_service" "default" {
region = "us-central1"
name = "backend-service"
protocol = "HTTP"
load_balancing_scheme = "INTERNAL_MANAGED"
timeout_sec = 10
health_checks = [google_compute_region_health_check.default.id]
}
resource "google_compute_region_health_check" "default" {
region = "us-central1"
name = "http-health-check"
http_health_check {
port = 80
}
}
data "google_project" "project" {
provider = google-beta
}
resource "google_compute_region_target_https_proxy" "default" {
provider = google-beta
region = "us-central1"
name = "test-mtls-proxy"
url_map = google_compute_region_url_map.default.id
ssl_certificates = [google_compute_region_ssl_certificate.default.id]
server_tls_policy = google_network_security_server_tls_policy.default.id
}
resource "google_certificate_manager_trust_config" "default" {
provider = google-beta
location = "us-central1"
name = "my-trust-config"
description = "sample description for trust config"
trust_stores {
trust_anchors {
pem_certificate = file("test-fixtures/ca_cert.pem")
}
intermediate_cas {
pem_certificate = file("test-fixtures/ca_cert.pem")
}
}
labels = {
foo = "bar"
}
}
resource "google_network_security_server_tls_policy" "default" {
provider = google-beta
location = "us-central1"
name = "my-tls-policy"
description = "my description"
allow_open = "false"
mtls_policy {
client_validation_mode = "REJECT_INVALID"
client_validation_trust_config = "projects/${data.google_project.project.number}/locations/us-central1/trustConfigs/${google_certificate_manager_trust_config.default.name}"
}
}
resource "google_compute_region_ssl_certificate" "default" {
provider = google-beta
region = "us-central1"
name = "my-certificate"
private_key = file("path/to/private.key")
certificate = file("path/to/certificate.crt")
}
resource "google_compute_region_url_map" "default" {
provider = google-beta
region = "us-central1"
name = "url-map"
description = "a description"
default_service = google_compute_region_backend_service.default.id
host_rule {
hosts = ["mysite.com"]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = google_compute_region_backend_service.default.id
path_rule {
paths = ["/*"]
service = google_compute_region_backend_service.default.id
}
}
}
resource "google_compute_region_backend_service" "default" {
provider = google-beta
region = "us-central1"
name = "backend-service"
port_name = "http"
protocol = "HTTP"
timeout_sec = 10
load_balancing_scheme = "INTERNAL_MANAGED"
health_checks = [google_compute_region_health_check.default.id]
}
resource "google_compute_region_health_check" "default" {
provider = google-beta
region = "us-central1"
name = "http-health-check"
check_interval_sec = 1
timeout_sec = 1
http_health_check {
port = 80
}
}
resource "google_compute_region_target_https_proxy" "default" {
name = "target-http-proxy"
url_map = google_compute_region_url_map.default.id
certificate_manager_certificates = ["//certificatemanager.googleapis.com/${google_certificate_manager_certificate.default.id}"] # [google_certificate_manager_certificate.default.id] is also acceptable
}
resource "google_certificate_manager_certificate" "default" {
name = "my-certificate"
location = "us-central1"
self_managed {
pem_certificate = file("test-fixtures/cert.pem")
pem_private_key = file("test-fixtures/private-key.pem")
}
}
resource "google_compute_region_url_map" "default" {
name = "url-map"
default_service = google_compute_region_backend_service.default.id
region = "us-central1"
}
resource "google_compute_region_backend_service" "default" {
name = "backend-service"
region = "us-central1"
protocol = "HTTPS"
timeout_sec = 30
load_balancing_scheme = "INTERNAL_MANAGED"
}
The following arguments are supported:
name
-
(Required)
Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression [a-z]([-a-z0-9]*[a-z0-9])?
which means the
first character must be a lowercase letter, and all following
characters must be a dash, lowercase letter, or digit, except the last
character, which cannot be a dash.
url_map
-
(Required)
A reference to the RegionUrlMap resource that defines the mapping from URL
to the RegionBackendService.
description
-
(Optional)
An optional description of this resource.
certificate_manager_certificates
-
(Optional)
URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.
Currently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED.
sslCertificates and certificateManagerCertificates fields can not be defined together.
Accepted format is //certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}
or just the self_link projects/{project}/locations/{location}/certificates/{resourceName}
ssl_certificates
-
(Optional)
URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer.
At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates.
sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED.
ssl_policy
-
(Optional)
A reference to the Region SslPolicy resource that will be associated with
the TargetHttpsProxy resource. If not set, the TargetHttpsProxy
resource will not have any SSL policy configured.
server_tls_policy
-
(Optional)
A URL referring to a networksecurity.ServerTlsPolicy
resource that describes how the proxy should authenticate inbound
traffic. serverTlsPolicy only applies to a global TargetHttpsProxy
attached to globalForwardingRules with the loadBalancingScheme
set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED.
For details which ServerTlsPolicy resources are accepted with
INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED
loadBalancingScheme consult ServerTlsPolicy documentation.
If left blank, communications are not encrypted.
region
-
(Optional)
The Region in which the created target https proxy should reside.
If it is not provided, the provider region is used.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}
creation_timestamp
-
Creation timestamp in RFC3339 text format.
proxy_id
-
The unique identifier for the resource.
self_link
- The URI of the created resource.This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.RegionTargetHttpsProxy can be imported using any of these accepted formats:
projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}
{{project}}/{{region}}/{{name}}
{{region}}/{{name}}
{{name}}
In Terraform v1.5.0 and later, use an import
block to import RegionTargetHttpsProxy using one of the formats above. For example:
import {
id = "projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}"
to = google_compute_region_target_https_proxy.default
}
When using the terraform import
command, RegionTargetHttpsProxy can be imported using one of the formats above. For example:
$ terraform import google_compute_region_target_https_proxy.default projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}
$ terraform import google_compute_region_target_https_proxy.default {{project}}/{{region}}/{{name}}
$ terraform import google_compute_region_target_https_proxy.default {{region}}/{{name}}
$ terraform import google_compute_region_target_https_proxy.default {{name}}
This resource supports User Project Overrides.