Manages Custom Domains for Firebase Hosting. Custom Domains link your domain names with Firebase Hosting sites, allowing Hosting to serve content on those domain names.
To get more information about CustomDomain, see:
resource "google_firebase_hosting_custom_domain" "default" {
provider = google-beta
project = "my-project-name"
site_id = "site-id"
custom_domain = "custom.domain.com"
}
resource "google_firebase_hosting_site" "default" {
provider = google-beta
project = "my-project-name"
site_id = "site-id-full"
}
resource "google_firebase_hosting_custom_domain" "default" {
provider = google-beta
project = "my-project-name"
site_id = google_firebase_hosting_site.default.site_id
custom_domain = "source.domain.com"
cert_preference = "GROUPED"
redirect_target = "destination.domain.com"
wait_dns_verification = false
}
resource "google_firebase_hosting_site" "default" {
provider = google-beta
project = "my-project-name"
site_id = "site-id"
}
resource "google_cloud_run_v2_service" "default" {
provider = google-beta
project = "my-project-name"
name = "cloud-run-service-via-hosting"
location = "us-central1"
# Warning: allows all public traffic
ingress = "INGRESS_TRAFFIC_ALL"
template {
containers {
image = "us-docker.pkg.dev/cloudrun/container/hello"
}
}
}
resource "google_firebase_hosting_version" "default" {
provider = google-beta
site_id = google_firebase_hosting_site.default.site_id
config {
rewrites {
glob = "/hello/**"
run {
service_id = google_cloud_run_v2_service.default.name
region = google_cloud_run_v2_service.default.location
}
}
}
}
resource "google_firebase_hosting_release" "default" {
provider = google-beta
site_id = google_firebase_hosting_site.default.site_id
version_name = google_firebase_hosting_version.default.name
message = "Cloud Run Integration"
}
resource "google_firebase_hosting_custom_domain" "default" {
provider = google-beta
project = "my-project-name"
site_id = google_firebase_hosting_site.default.site_id
custom_domain = "run.custom.domain.com"
wait_dns_verification = false
}
The following arguments are supported:
site_id
-
(Required)
The ID of the site in which to create this custom domain association.
custom_domain
-
(Required)
The ID of the CustomDomain
, which is the domain name you'd like to use with Firebase Hosting.
cert_preference
-
(Optional)
A field that lets you specify which SSL certificate type Hosting creates
for your domain name. Spark plan CustomDomain
s only have access to the
GROUPED
cert type, while Blaze plan can select any option.
Possible values are: GROUPED
, PROJECT_GROUPED
, DEDICATED
.
redirect_target
-
(Optional)
A domain name that this CustomDomain should direct traffic towards. If
specified, Hosting will respond to requests against this CustomDomain
with an HTTP 301 code, and route traffic to the specified redirect_target
instead.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
wait_dns_verification
- (Optional) If true, Terraform will wait for DNS records to be fully resolved on the CustomDomain
.
If false, Terraform will not wait for DNS records on the CustomDomain
. Any issues in
the CustomDomain
will be returned and stored in the Terraform state.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/sites/{{site_id}}/customDomains/{{custom_domain}}
name
-
The fully-qualified name of the CustomDomain
.
create_time
-
The CustomDomain
's create time.
update_time
-
The last time the CustomDomain
was updated.
delete_time
-
The time the CustomDomain
was deleted; null for CustomDomains
that
haven't been deleted. Deleted CustomDomains
persist for approximately 30
days, after which time Hosting removes them completely.
expire_time
-
The minimum time before a soft-deleted CustomDomain
is completely removed
from Hosting; null for CustomDomains
that haven't been deleted.
etag
-
A string that represents the current state of the CustomDomain
and
allows you to confirm its initial state in requests that would modify it.
host_state
-
The host state of your domain name. Host state is determined by checking each
IP address associated with your domain name to see if it's serving
Hosting content.
HOST_UNHOSTED:
Your CustomDomain
's domain name isn't associated with any IP addresses.
HOST_UNREACHABLE:
Your CustomDomain
's domain name can't be reached. Hosting services' DNS
queries to find your domain name's IP addresses resulted in errors. See
your CustomDomain
's issues
field for more details.
HOST_MISMATCH:
Your CustomDomain
's domain name has IP addresses that don't ultimately
resolve to Hosting.
HOST_CONFLICT:
Your CustomDomain
's domain name has IP addresses that resolve to both
Hosting and other services. To ensure consistent results, remove A
and
AAAA
records related to non-Hosting services.
HOST_ACTIVE:
All requests against your CustomDomain
's domain name are served by
Hosting. If the CustomDomain
's OwnershipState
is also ACTIVE
, Hosting
serves your Hosting Site's content on the domain name.
ownership_state
-
The ownership state of your domain name. Ownership is determined at a
Firebase project level, and established by adding TXT
records to your
domain name's DNS records.
Ownership cascades to subdomains. Granting a project ownership of foo.com
also grants that project ownership over bar.foo.com
, unless you add
specific TXT
records to bar.foo.com
that grant a different project
ownership.
If your CustomDomain
is in an OwnershipState
other than
OWNERSHIP_ACTIVE
for more than 30 days and it hasn't been updated in at
least 30 days, Hosting's ownership systems delete the CustomDomain
.
OWNERSHIP_MISSING:
Your CustomDomain
's domain name has no Hosting-related ownership records;
no Firebase project has permission to act on the domain name's behalf.
OWNERSHIP_UNREACHABLE:
Your CustomDomain
's domain name can't be reached. Hosting services' DNS
queries to find your domain name's ownership records resulted in errors.
See your CustomDomain
's issues
field for more details.
OWNERSHIP_MISMATCH:
Your CustomDomain
's domain name is owned by another Firebase project.
Remove the conflicting TXT
records and replace them with project-specific
records for your current Firebase project.
OWNERSHIP_CONFLICT:
Your CustomDomain
's domain name has conflicting TXT
records that
indicate ownership by both your current Firebase project and another
project. Remove the other project's ownership records to grant the current
project ownership.
OWNERSHIP_PENDING:
Your CustomDomain
's DNS records are configured correctly. Hosting will
transfer ownership of your domain to this CustomDomain
within 24 hours.
OWNERSHIP_ACTIVE:
Your CustomDomain
's domain name has TXT
records that grant its project
permission to act on its behalf.
required_dns_updates
-
A set of updates you should make to the domain name's DNS records to
let Hosting serve secure content on its behalf.
Structure is documented below.
issues
-
A set of errors Hosting systems encountered when trying to establish
Hosting's ability to serve secure content for your domain name. Resolve
these issues to ensure your CustomDomain
behaves properly.
Structure is documented below.
cert
-
The SSL certificate Hosting has for this CustomDomain
's domain name.
For new CustomDomain
s, this often represents Hosting's intent to create
a certificate, rather than an actual cert. Check the state
field for
more.
Structure is documented below.
reconciling
-
if true, indicates that Hosting's systems are attmepting to
make the CustomDomain
's state match your preferred state. This is most
frequently true
when initially provisioning a CustomDomain
or when creating
a new SSL certificate to match an updated cert_preference
The required_dns_updates
block contains:
check_time
-
(Output)
The last time Hosting checked your CustomDomain's DNS records.
discovered
-
(Optional)
The set of DNS records Hosting discovered when inspecting a domain
Structure is documented below.
desired
-
(Optional)
The set of DNS records Hosting needs to serve secure content on the domain.
Structure is documented below.
The discovered
block supports:
domain_name
-
(Optional)
The domain name the record set pertains to.
records
-
(Optional)
Records on the domain
Structure is documented below.
domain_name
-
(Optional)
The domain name the record pertains to, e.g. foo.bar.com.
.
type
-
(Optional)
The record's type, which determines what data the record contains.
rdata
-
(Optional)
The data of the record. The meaning of the value depends on record type:
0 issue "pki.goog"
.required_action
-
(Optional)
Indicates the a required action for this record.
domain_name
-
(Optional)
The domain name the record set pertains to.
records
-
(Optional)
Records on the domain
Structure is documented below.
domain_name
-
(Optional)
The domain name the record pertains to, e.g. foo.bar.com.
.
type
-
(Optional)
The record's type, which determines what data the record contains.
rdata
-
(Optional)
The data of the record. The meaning of the value depends on record type:
0 issue "pki.goog"
.required_action
-
(Optional)
Indicates the a required action for this record.
code
-
(Optional)
The status code, which should be an enum value of google.rpc.Code
message
-
(Optional)
Error message
details
-
(Optional)
A list of messages that carry the error details.
type
-
(Optional)
The certificate's type.
state
-
(Optional)
The state of the certificate. Only the CERT_ACTIVE
and
CERT_EXPIRING_SOON
states provide SSL coverage for a domain name. If the
state is PROPAGATING
and Hosting had an active cert for the domain name
before, that formerly-active cert provides SSL coverage for the domain name
until the current cert propagates.
verification
-
(Optional)
A set of ACME challenges you can add to your DNS records or existing,
non-Hosting hosting provider to allow Hosting to create an SSL certificate
for your domain name before you point traffic toward hosting. You can use
thse challenges as part of a zero downtime transition from your old
provider to Hosting.
Structure is documented below.
The verification
block supports:
dns
-
(Optional)
A TXT
record to add to your DNS records that confirms your intent to
let Hosting create an SSL cert for your domain name.
Structure is documented below.
http
-
(Optional)
A file to add to your existing, non-Hosting hosting service that confirms
your intent to let Hosting create an SSL cert for your domain name.
Structure is documented below.
check_time
-
(Output)
The last time Hosting checked your CustomDomain's DNS records.
discovered
-
(Optional)
The set of DNS records Hosting discovered when inspecting a domain
Structure is documented below.
desired
-
(Optional)
The set of DNS records Hosting needs to serve secure content on the domain.
Structure is documented below.
The discovered
block supports:
domain_name
-
(Optional)
The domain name the record set pertains to.
records
-
(Optional)
Records on the domain
Structure is documented below.
domain_name
-
(Optional)
The domain name the record pertains to, e.g. foo.bar.com.
.
type
-
(Optional)
The record's type, which determines what data the record contains.
rdata
-
(Optional)
The data of the record. The meaning of the value depends on record type:
0 issue "pki.goog"
.required_action
-
(Optional)
Indicates the a required action for this record.
domain_name
-
(Optional)
The domain name the record set pertains to.
records
-
(Optional)
Records on the domain
Structure is documented below.
domain_name
-
(Optional)
The domain name the record pertains to, e.g. foo.bar.com.
.
type
-
(Optional)
The record's type, which determines what data the record contains.
rdata
-
(Optional)
The data of the record. The meaning of the value depends on record type:
0 issue "pki.goog"
.required_action
-
(Optional)
Indicates the a required action for this record.
path
-
(Optional)
The path to the file.
desired
-
(Optional)
A text string to serve at the path.
discovered
-
(Optional)
Whether Hosting was able to find the required file contents on the
specified path during its last check.
last_check_time
-
(Output)
The last time Hosting systems checked for the file contents.
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.CustomDomain can be imported using any of these accepted formats:
projects/{{project}}/sites/{{site_id}}/customDomains/{{custom_domain}}
sites/{{site_id}}/customDomains/{{custom_domain}}
{{project}}/{{site_id}}/{{custom_domain}}
{{site_id}}/{{custom_domain}}
In Terraform v1.5.0 and later, use an import
block to import CustomDomain using one of the formats above. For example:
import {
id = "projects/{{project}}/sites/{{site_id}}/customDomains/{{custom_domain}}"
to = google_firebase_hosting_custom_domain.default
}
When using the terraform import
command, CustomDomain can be imported using one of the formats above. For example:
$ terraform import google_firebase_hosting_custom_domain.default projects/{{project}}/sites/{{site_id}}/customDomains/{{custom_domain}}
$ terraform import google_firebase_hosting_custom_domain.default sites/{{site_id}}/customDomains/{{custom_domain}}
$ terraform import google_firebase_hosting_custom_domain.default {{project}}/{{site_id}}/{{custom_domain}}
$ terraform import google_firebase_hosting_custom_domain.default {{site_id}}/{{custom_domain}}
This resource supports User Project Overrides.