google_compute_region_target_https_proxy

Represents a RegionTargetHttpsProxy resource, which is used by one or more forwarding rules to route incoming HTTPS requests to a URL map.

To get more information about RegionTargetHttpsProxy, see:

Open in Cloud Shell

Example Usage - Region Target Https Proxy Basic

resource "google_compute_region_target_https_proxy" "default" {
  region           = "us-central1"
  name             = "test-proxy"
  url_map          = google_compute_region_url_map.default.id
  ssl_certificates = [google_compute_region_ssl_certificate.default.id]
}

resource "google_compute_region_ssl_certificate" "default" {
  region      = "us-central1"
  name        = "my-certificate"
  private_key = file("path/to/private.key")
  certificate = file("path/to/certificate.crt")
}

resource "google_compute_region_url_map" "default" {
  region      = "us-central1"
  name        = "url-map"
  description = "a description"

  default_service = google_compute_region_backend_service.default.id

  host_rule {
    hosts        = ["mysite.com"]
    path_matcher = "allpaths"
  }

  path_matcher {
    name            = "allpaths"
    default_service = google_compute_region_backend_service.default.id

    path_rule {
      paths   = ["/*"]
      service = google_compute_region_backend_service.default.id
    }
  }
}

resource "google_compute_region_backend_service" "default" {
  region      = "us-central1"
  name        = "backend-service"
  protocol    = "HTTP"
  load_balancing_scheme = "INTERNAL_MANAGED"
  timeout_sec = 10

  health_checks = [google_compute_region_health_check.default.id]
}

resource "google_compute_region_health_check" "default" {
  region = "us-central1"
  name   = "http-health-check"
  http_health_check {
    port = 80
  }
}
Open in Cloud Shell

Example Usage - Region Target Https Proxy Mtls

data "google_project" "project" {
  provider = google-beta
}

resource "google_compute_region_target_https_proxy" "default" {
  provider          = google-beta
  region           = "us-central1"
  name              = "test-mtls-proxy"
  url_map           = google_compute_region_url_map.default.id
  ssl_certificates  = [google_compute_region_ssl_certificate.default.id]
  server_tls_policy = google_network_security_server_tls_policy.default.id
}

resource "google_certificate_manager_trust_config" "default" {
  provider    = google-beta
  location    = "us-central1"
  name        = "my-trust-config"
  description = "sample description for trust config"

  trust_stores {
    trust_anchors {
      pem_certificate = file("test-fixtures/ca_cert.pem")
    }
    intermediate_cas {
      pem_certificate = file("test-fixtures/ca_cert.pem")
    }
  }

  labels = {
    foo = "bar"
  }
}

resource "google_network_security_server_tls_policy" "default" {
  provider               = google-beta
  location               = "us-central1"
  name                   = "my-tls-policy"
  description            = "my description"
  allow_open             = "false"
  mtls_policy {
    client_validation_mode = "REJECT_INVALID"
    client_validation_trust_config = "projects/${data.google_project.project.number}/locations/us-central1/trustConfigs/${google_certificate_manager_trust_config.default.name}"
  }
}

resource "google_compute_region_ssl_certificate" "default" {
  provider    = google-beta
  region      = "us-central1"
  name        = "my-certificate"
  private_key = file("path/to/private.key")
  certificate = file("path/to/certificate.crt")
}

resource "google_compute_region_url_map" "default" {
  provider    = google-beta
  region      = "us-central1"
  name        = "url-map"
  description = "a description"

  default_service = google_compute_region_backend_service.default.id

  host_rule {
    hosts        = ["mysite.com"]
    path_matcher = "allpaths"
  }

  path_matcher {
    name            = "allpaths"
    default_service = google_compute_region_backend_service.default.id

    path_rule {
      paths   = ["/*"]
      service = google_compute_region_backend_service.default.id
    }
  }
}

resource "google_compute_region_backend_service" "default" {
  provider    = google-beta
  region      = "us-central1"
  name        = "backend-service"
  port_name   = "http"
  protocol    = "HTTP"
  timeout_sec = 10

  load_balancing_scheme = "INTERNAL_MANAGED"

  health_checks = [google_compute_region_health_check.default.id]
}

resource "google_compute_region_health_check" "default" {
  provider           = google-beta
  region             = "us-central1"
  name               = "http-health-check"
  check_interval_sec = 1
  timeout_sec        = 1

  http_health_check {
    port = 80
  }
}
Open in Cloud Shell

Example Usage - Region Target Https Proxy Certificate Manager Certificate

resource "google_compute_region_target_https_proxy" "default" {
  name                             = "target-http-proxy"
  url_map                          = google_compute_region_url_map.default.id
  certificate_manager_certificates =  ["//certificatemanager.googleapis.com/${google_certificate_manager_certificate.default.id}"] # [google_certificate_manager_certificate.default.id] is also acceptable
}

resource "google_certificate_manager_certificate" "default" {
  name              = "my-certificate"
  location          = "us-central1"
  self_managed {
    pem_certificate = file("test-fixtures/cert.pem")
    pem_private_key = file("test-fixtures/private-key.pem")                                                                                                                
  }
}

resource "google_compute_region_url_map" "default" {
  name            = "url-map"
  default_service = google_compute_region_backend_service.default.id
  region          = "us-central1"
}

resource "google_compute_region_backend_service" "default" {
  name                  = "backend-service"
  region                = "us-central1"
  protocol              = "HTTPS"
  timeout_sec           = 30
  load_balancing_scheme = "INTERNAL_MANAGED"
}

Argument Reference

The following arguments are supported:


Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

RegionTargetHttpsProxy can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import RegionTargetHttpsProxy using one of the formats above. For example:

import {
  id = "projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}"
  to = google_compute_region_target_https_proxy.default
}

When using the terraform import command, RegionTargetHttpsProxy can be imported using one of the formats above. For example:

$ terraform import google_compute_region_target_https_proxy.default projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}
$ terraform import google_compute_region_target_https_proxy.default {{project}}/{{region}}/{{name}}
$ terraform import google_compute_region_target_https_proxy.default {{region}}/{{name}}
$ terraform import google_compute_region_target_https_proxy.default {{name}}

User Project Overrides

This resource supports User Project Overrides.