谷歌云转发规则使用terraform的http -> https

Question

我已经设置了转发规则，以便使用Terraform将URL映射到我的GCS Bucket。现在，我正在寻找一种方法来自动转发所有流量从HTTP到HTTPS，这样每个人通过HTTP到达我的页面自动进入安全页面。

你知道我怎么用terraform做到这一点吗？到目前为止，你可以在下面找到我用来设置它的所有代码，它们工作得很好。我只需要这个额外的转发规则，但不知道如何设置。任何帮助都将不胜感激。

locals {
  static_bucket_name = "${var.environment}-${var.project_name}-static-pages"
  domain_name        = var.environment == "prd" ? "products.${project_name}.org" : "${var.environment}.products.${project_name}.org"
}

module "static-assets_cloud-storage-static-website" {
  source                           = "gruntwork-io/static-assets/google//modules/cloud-storage-static-website"
  version                          = "0.2.0"
  website_domain_name              = local.static_bucket_name
  project                          = var.project_id
  website_location                 = "EU"
  force_destroy_access_logs_bucket = true
  force_destroy_website            = true

  custom_labels = {
    environment = var.environment
    purpose     = "static-site"
  }
}


resource "google_compute_backend_bucket" "static_pages" {
  name        = local.static_bucket_name
  description = "Contains static app assets"
  bucket_name = module.static-assets_cloud-storage-static-website.website_bucket_name
  enable_cdn  = true
}


resource "google_compute_url_map" "static_pages" {
  name            = "${var.environment}-products"
  default_service = google_compute_backend_bucket.static_pages.self_link
}

resource "google_compute_global_address" "static_pages" {
  name = "${var.environment}-products-ip"
}

resource "google_compute_global_forwarding_rule" "http_to_static_pages" {
  name       = "${var.environment}-products-forward-rule"
  target     = google_compute_target_http_proxy.http_static_pages.self_link
  ip_address = google_compute_global_address.static_pages.address
  port_range = "80"
}

resource "google_compute_target_http_proxy" "http_static_pages" {
  name    = "${var.environment}-products-target-proxy"
  url_map = google_compute_url_map.static_pages.self_link
}

resource "google_compute_target_https_proxy" "https_static_pages" {
  project          = var.project_id
  name             = "${var.environment}-products-target-proxy"
  url_map          = google_compute_url_map.static_pages.self_link
  ssl_certificates = [google_compute_managed_ssl_certificate.static_pages.self_link]
}

resource "google_compute_global_forwarding_rule" "https_to_static_pages" {
  name       = "${var.environment}-products-https-forward-rule"
  target     = google_compute_target_https_proxy.https_static_pages.self_link
  ip_address = google_compute_global_address.static_pages.address
  port_range = "443"
}

resource "google_compute_managed_ssl_certificate" "static_pages" {
  provider = google-beta
  project  = var.project_id
  name     = "${var.environment}-products-certificate"
  managed {
    domains = [local.domain_name]
  }
}

Answer 1

Google通过三个额外的Terraform资源很好地支持了这一点，这些资源创建了第二个负载均衡器，没有后端，但有一个转发规则，只重定向到https。

以下是their documentation的(工作)翻译

resource "google_compute_url_map" "http-redirect" {
  name = "http-redirect"

  default_url_redirect {
    redirect_response_code = "MOVED_PERMANENTLY_DEFAULT"  // 301 redirect
    strip_query            = false
    https_redirect         = true  // this is the magic
  }
}

resource "google_compute_target_http_proxy" "http-redirect" {
  name    = "http-redirect"
  url_map = google_compute_url_map.http-redirect.self_link
}

resource "google_compute_global_forwarding_rule" "http-redirect" {
  name       = "http-redirect"
  target     = google_compute_target_http_proxy.http-redirect.self_link
  ip_address = google_compute_global_address.static_pages.address
  port_range = "80"
}