-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to give certificate to HTTPS target proxy when creating new beta Internal HTTPS Loadbalancers ? #4157
Comments
Can you do that change manually via Web UI? |
Hi, with no beta provider, i have this today in my GCP test: Error: Error creating TargetHttpsProxy: googleapi: Error 400: Invalid value for field 'resource.sslCertificates': ''. No SSL certificate can be specified in TargetHttpsProxy when using Traffic Director. Please use SslPolicy instead., invalid on load_balancing.tf line 17, in resource "google_compute_target_https_proxy" "appserver": Error: Error creating TargetHttpsProxy: googleapi: Error 400: Invalid value for field 'resource.sslCertificates': ''. No SSL certificate can be specified in TargetHttpsProxy when using Traffic Director. Please use SslPolicy instead., invalid on load_balancing.tf line 17, in resource "google_compute_target_https_proxy" "appserver": Extract of part of code : resource "google_compute_ssl_policy" "appserver" { if i commented the certificate line in target_proxy definition i have this : on load_balancing.tf line 17, in resource "google_compute_target_https_proxy" "appserver": "The argument "ssl_certificates" is required, but no definition was found..." |
Can you share the config for your load balancing resources? Specifically, I'm interested in the backend service, target HTTPs proxy and URL map. |
always in terraform 0.12, I have made some changes now but same final issue : resource "google_compute_global_address" "nginx" { resource "google_compute_global_forwarding_rule" "nginxhttps" { resource "google_compute_target_https_proxy" "nginx" { resource "google_compute_ssl_policy" "appserver" { resource "google_compute_ssl_certificate" "totodotfr" { resource "google_compute_url_map" "nginx" { host_rule { path_matcher {
} resource "google_compute_backend_service" "nginx" { // Fix for group value issue : hashicorp/terraform#4336 health_checks = ["${google_compute_health_check.autohealing.self_link}"] resource "google_compute_http_health_check" "nginx" { ... i have now : on load_balancing.tf line 16, in resource "google_compute_target_https_proxy" "nginx": Error: Error creating TargetHttpsProxy: googleapi: Error 400: Invalid value for field 'resource.sslCertificates': ''. No SSL certificate can be specified in TargetHttpsProxy when using Traffic Director. Please use SslPolicy instead., invalid on load_balancing.tf line 16, in resource "google_compute_target_https_proxy" "nginx": If i comment ssl_certificates parm in "google_compute_target_https_proxy" i have this : Error: Missing required argument on load_balancing.tf line 16, in resource "google_compute_target_https_proxy" "nginx": The argument "ssl_certificates" is required, but no definition was found. |
We don't have support for L7 ILB yet, so this isn't possible today. Once supported, there'll be regional variants of each of these LB resources. By using the global variants, your config is effectively using Traffic Director. Per my understanding based on https://cloud.google.com/traffic-director/docs/traffic-director-concepts#limitations, HTTPS traffic is unsupported. If you're interested in L7 ILB support, please 👍 #4190. I'd suggest including specific GCP guides / resources for the feature that you're interested in as well. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
I tried to deploy an internal HTTP(S) Loadbalancer on GCP (beta version), as this new feature was recently released in beta.
My deployment worked correctly, until I tried to add an SSL certificate to the HTTPS target proxy.
When I try to add a SSL certificate (that already exists on my account) to a HTTPS target proxy that is already created, I get this error:
When I try to add one directly to a HTTPS target proxy that is not yet created, I get this error:
I don't understand these errors and did not find anything on internet about it.
Here is my terraform config for the HTTPS target proxy resource:
Is something wrong in my Target HTTPS proxy configuration or is this a bug?
The text was updated successfully, but these errors were encountered: