Google 云转发规则 http -> https 使用 terraform
Google Cloud forwarding rule http -> https using terraform
我设置了转发规则,使用 Terraform 将 URL 映射到我的 GCS Bucket。现在,我正在寻找一种自动将所有流量从 HTTP 转发到 HTTPS 的方法,这样通过 HTTP 访问我页面的每个人都会自动进入安全页面。
知道如何使用 terraform 做到这一点吗?您可以在下面找到到目前为止我用来设置它的所有代码,它们工作得很好。我只需要这个额外的转发规则,但不知道如何设置。任何帮助将不胜感激。
locals {
static_bucket_name = "${var.environment}-${var.project_name}-static-pages"
domain_name = var.environment == "prd" ? "products.${project_name}.org" : "${var.environment}.products.${project_name}.org"
}
module "static-assets_cloud-storage-static-website" {
source = "gruntwork-io/static-assets/google//modules/cloud-storage-static-website"
version = "0.2.0"
website_domain_name = local.static_bucket_name
project = var.project_id
website_location = "EU"
force_destroy_access_logs_bucket = true
force_destroy_website = true
custom_labels = {
environment = var.environment
purpose = "static-site"
}
}
resource "google_compute_backend_bucket" "static_pages" {
name = local.static_bucket_name
description = "Contains static app assets"
bucket_name = module.static-assets_cloud-storage-static-website.website_bucket_name
enable_cdn = true
}
resource "google_compute_url_map" "static_pages" {
name = "${var.environment}-products"
default_service = google_compute_backend_bucket.static_pages.self_link
}
resource "google_compute_global_address" "static_pages" {
name = "${var.environment}-products-ip"
}
resource "google_compute_global_forwarding_rule" "http_to_static_pages" {
name = "${var.environment}-products-forward-rule"
target = google_compute_target_http_proxy.http_static_pages.self_link
ip_address = google_compute_global_address.static_pages.address
port_range = "80"
}
resource "google_compute_target_http_proxy" "http_static_pages" {
name = "${var.environment}-products-target-proxy"
url_map = google_compute_url_map.static_pages.self_link
}
resource "google_compute_target_https_proxy" "https_static_pages" {
project = var.project_id
name = "${var.environment}-products-target-proxy"
url_map = google_compute_url_map.static_pages.self_link
ssl_certificates = [google_compute_managed_ssl_certificate.static_pages.self_link]
}
resource "google_compute_global_forwarding_rule" "https_to_static_pages" {
name = "${var.environment}-products-https-forward-rule"
target = google_compute_target_https_proxy.https_static_pages.self_link
ip_address = google_compute_global_address.static_pages.address
port_range = "443"
}
resource "google_compute_managed_ssl_certificate" "static_pages" {
provider = google-beta
project = var.project_id
name = "${var.environment}-products-certificate"
managed {
domains = [local.domain_name]
}
}
```
Google 通过(仅)三个额外的 Terraform 资源很好地支持这一点,这些资源创建没有后端但具有仅重定向到 https 的转发规则的第二个负载均衡器。
以下是their documentation的(有效)翻译:
resource "google_compute_url_map" "http-redirect" {
name = "http-redirect"
default_url_redirect {
redirect_response_code = "MOVED_PERMANENTLY_DEFAULT" // 301 redirect
strip_query = false
https_redirect = true // this is the magic
}
}
resource "google_compute_target_http_proxy" "http-redirect" {
name = "http-redirect"
url_map = google_compute_url_map.http-redirect.self_link
}
resource "google_compute_global_forwarding_rule" "http-redirect" {
name = "http-redirect"
target = google_compute_target_http_proxy.http-redirect.self_link
ip_address = google_compute_global_address.static_pages.address
port_range = "80"
}
我稍微修改了上面 的 Terraform 代码。
我删除了"redirect_response_code",结果是一样的:
resource "google_compute_url_map" "http-redirect" {
name = "http-redirect"
default_url_redirect {
// "redirect_response_code" is removed
// redirect_response_code = "MOVED_PERMANENTLY_DEFAULT" // 301 redirect
strip_query = false
https_redirect = true // this is the magic
}
}
resource "google_compute_target_http_proxy" "http-redirect" {
name = "http-redirect"
url_map = google_compute_url_map.http-redirect.self_link
}
resource "google_compute_global_forwarding_rule" "http-redirect" {
name = "http-redirect"
target = google_compute_target_http_proxy.http-redirect.self_link
ip_address = google_compute_global_address.static_pages.address
port_range = "80"
}
我设置了转发规则,使用 Terraform 将 URL 映射到我的 GCS Bucket。现在,我正在寻找一种自动将所有流量从 HTTP 转发到 HTTPS 的方法,这样通过 HTTP 访问我页面的每个人都会自动进入安全页面。
知道如何使用 terraform 做到这一点吗?您可以在下面找到到目前为止我用来设置它的所有代码,它们工作得很好。我只需要这个额外的转发规则,但不知道如何设置。任何帮助将不胜感激。
locals {
static_bucket_name = "${var.environment}-${var.project_name}-static-pages"
domain_name = var.environment == "prd" ? "products.${project_name}.org" : "${var.environment}.products.${project_name}.org"
}
module "static-assets_cloud-storage-static-website" {
source = "gruntwork-io/static-assets/google//modules/cloud-storage-static-website"
version = "0.2.0"
website_domain_name = local.static_bucket_name
project = var.project_id
website_location = "EU"
force_destroy_access_logs_bucket = true
force_destroy_website = true
custom_labels = {
environment = var.environment
purpose = "static-site"
}
}
resource "google_compute_backend_bucket" "static_pages" {
name = local.static_bucket_name
description = "Contains static app assets"
bucket_name = module.static-assets_cloud-storage-static-website.website_bucket_name
enable_cdn = true
}
resource "google_compute_url_map" "static_pages" {
name = "${var.environment}-products"
default_service = google_compute_backend_bucket.static_pages.self_link
}
resource "google_compute_global_address" "static_pages" {
name = "${var.environment}-products-ip"
}
resource "google_compute_global_forwarding_rule" "http_to_static_pages" {
name = "${var.environment}-products-forward-rule"
target = google_compute_target_http_proxy.http_static_pages.self_link
ip_address = google_compute_global_address.static_pages.address
port_range = "80"
}
resource "google_compute_target_http_proxy" "http_static_pages" {
name = "${var.environment}-products-target-proxy"
url_map = google_compute_url_map.static_pages.self_link
}
resource "google_compute_target_https_proxy" "https_static_pages" {
project = var.project_id
name = "${var.environment}-products-target-proxy"
url_map = google_compute_url_map.static_pages.self_link
ssl_certificates = [google_compute_managed_ssl_certificate.static_pages.self_link]
}
resource "google_compute_global_forwarding_rule" "https_to_static_pages" {
name = "${var.environment}-products-https-forward-rule"
target = google_compute_target_https_proxy.https_static_pages.self_link
ip_address = google_compute_global_address.static_pages.address
port_range = "443"
}
resource "google_compute_managed_ssl_certificate" "static_pages" {
provider = google-beta
project = var.project_id
name = "${var.environment}-products-certificate"
managed {
domains = [local.domain_name]
}
}
```
Google 通过(仅)三个额外的 Terraform 资源很好地支持这一点,这些资源创建没有后端但具有仅重定向到 https 的转发规则的第二个负载均衡器。
以下是their documentation的(有效)翻译:
resource "google_compute_url_map" "http-redirect" {
name = "http-redirect"
default_url_redirect {
redirect_response_code = "MOVED_PERMANENTLY_DEFAULT" // 301 redirect
strip_query = false
https_redirect = true // this is the magic
}
}
resource "google_compute_target_http_proxy" "http-redirect" {
name = "http-redirect"
url_map = google_compute_url_map.http-redirect.self_link
}
resource "google_compute_global_forwarding_rule" "http-redirect" {
name = "http-redirect"
target = google_compute_target_http_proxy.http-redirect.self_link
ip_address = google_compute_global_address.static_pages.address
port_range = "80"
}
我稍微修改了上面
我删除了"redirect_response_code",结果是一样的:
resource "google_compute_url_map" "http-redirect" {
name = "http-redirect"
default_url_redirect {
// "redirect_response_code" is removed
// redirect_response_code = "MOVED_PERMANENTLY_DEFAULT" // 301 redirect
strip_query = false
https_redirect = true // this is the magic
}
}
resource "google_compute_target_http_proxy" "http-redirect" {
name = "http-redirect"
url_map = google_compute_url_map.http-redirect.self_link
}
resource "google_compute_global_forwarding_rule" "http-redirect" {
name = "http-redirect"
target = google_compute_target_http_proxy.http-redirect.self_link
ip_address = google_compute_global_address.static_pages.address
port_range = "80"
}