feat: Added HTTPS redirection support (#111)

README.md

@@ -102,6 +102,7 @@ Current version is 3.0. Upgrade guides:
 | firewall\_networks | Names of the networks to create firewall rules in | list(string) | `<list>` | no |
 | firewall\_projects | Names of the projects to create firewall rules in | list(string) | `<list>` | no |
 | http\_forward | Set to `false` to disable HTTP port 80 forward | bool | `"true"` | no |
+| https\_redirect | Set to `true` to enable https redirect on the lb. | bool | `"false"` | no |
 | ip\_version | IP version for the Global address (IPv4 or v6) - Empty defaults to IPV4 | string | `"null"` | no |
 | name | Name for the forwarding rule and prefix for supporting resources | string | n/a | yes |
 | private\_key | Content of the private SSL key. Required if `ssl` is `true` and `ssl_certificates` is empty. | string | `"null"` | no |

autogen/main.tf.tmpl

@@ -18,12 +18,13 @@
 locals {
   address                 = var.create_address ? join("", google_compute_global_address.default.*.address) : var.address
   url_map                 = var.create_url_map ? join("", google_compute_url_map.default.*.self_link) : var.url_map
+  create_http_forward     = var.http_forward || var.https_redirect
   health_checked_backends = { for backend_index, backend_value in var.backends : backend_index => backend_value if backend_value["health_check"] != null }
 }
 
 resource "google_compute_global_forwarding_rule" "http" {
   project    = var.project
-  count      = var.http_forward ? 1 : 0
+  count      = local.create_http_forward ? 1 : 0
   name       = var.name
   target     = google_compute_target_http_proxy.default[0].self_link
   ip_address = local.address
@@ -49,10 +50,10 @@ resource "google_compute_global_address" "default" {
 # HTTP proxy when http forwarding is true
 resource "google_compute_target_http_proxy" "default" {
   project = var.project
-  count   = var.http_forward ? 1 : 0
+  count   = local.create_http_forward ? 1 : 0
   name    = "${var.name}-http-proxy"
-  url_map = local.url_map
-}
+  url_map = var.https_redirect == false ? local.url_map : join("", google_compute_url_map.https_redirect.*.self_link)
+} 
 
 # HTTPS proxy when ssl is true
 resource "google_compute_target_https_proxy" "default" {
@@ -86,6 +87,17 @@ resource "google_compute_url_map" "default" {
 
 }
 
+resource "google_compute_url_map" "https_redirect" {
+  project         = var.project
+  count           = var.https_redirect ? 1 : 0
+  name            = "${var.name}-https-redirect"
+  default_url_redirect {
+    https_redirect         = true
+    redirect_response_code = "MOVED_PERMANENTLY_DEFAULT"
+    strip_query            = false
+  }
+}
+
 resource "google_compute_backend_service" "default" {
   provider = google-beta
   for_each = var.backends

autogen/variables.tf.tmpl

@@ -180,3 +180,9 @@ variable "cdn" {
   type        = bool
   default     = false
 }
+
+variable "https_redirect" {
+  description = "Set to `true` to enable https redirect on the lb."
+  type        = bool
+  default     = false
+}

autogen/versions.tf.tmpl

@@ -15,7 +15,7 @@
  */
 
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6"
   required_providers {
     google      = ">= 3.32, <4.0.0"
     google-beta = ">= 3.32, <4.0.0"

examples/https-gke/README.md

@@ -18,10 +18,6 @@ This example creates an HTTPS load balancer to forward traffic to a custom URL m
 
 1. Install Terraform if it is not already installed (visit [terraform.io](https://terraform.io) for other distributions):
 
-```
-../terraform-install.sh
-```
-
 ## Set up the environment
 
 1. Set the project, replace `YOUR_PROJECT` with your project ID:

examples/https-redirect/README.md

@@ -0,0 +1,78 @@
+# HTTPS Redirect Example
+
+[![button](http://gstatic.com/cloudssh/images/open-btn.png)](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/terraform-google-lb-http&working_dir=examples/https-redirect&page=shell&tutorial=README.md)
+
+This example shows how to enable HTTPS Redirection on Google HTTP/S Loadbalancers.
+
+## Change to the example directory
+
+```
+[[ `basename $PWD` != multiple-certs ]] && cd examples/multiple-certs
+```
+
+## Install Terraform
+
+1. Install Terraform if it is not already installed (visit [terraform.io](https://terraform.io) for other distributions):
+
+## Set up the environment
+
+1. Set the project, replace `YOUR_PROJECT` with your project ID:
+
+```
+PROJECT=YOUR_PROJECT
+```
+
+```
+gcloud config set project ${PROJECT}
+```
+
+2. Configure the environment for Terraform:
+
+```
+[[ $CLOUD_SHELL ]] || gcloud auth application-default login
+export GOOGLE_PROJECT=$(gcloud config get-value project)
+```
+
+## Run Terraform
+
+```
+terraform init
+terraform apply
+```
+
+## Testing
+
+1. Open URL of load balancer in browser:
+
+```
+echo http://$(terraform output load-balancer-ip)
+```
+
+> You should see the GCP logo and instance details.
+
+## Cleanup
+
+1. Remove all resources created by terraform:
+
+```
+terraform destroy
+```
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| network\_name |  | string | `"tf-lb-https-redirect-nat"` | no |
+| project |  | string | n/a | yes |
+| region |  | string | `"us-east1"` | no |
+| zone |  | string | `"us-east1-b"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| backend\_services |  |
+| load-balancer-ip |  |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/https-redirect/gceme.sh.tpl

@@ -0,0 +1,127 @@
+#!/bin/bash -xe
+
+# introducing sleep so network interfaces and routes can get ready before fetching software
+sleep 10
+
+RPM_INSTALL_ARGS="install -y httpd php php-common"
+
+if [ -f "/etc/redhat-release" ]; then
+  yum update -y || dnf update -y
+  yum $RPM_INSTALL_ARGS || dnf $RPM_INSTALL_ARGS
+else
+  apt-get update
+  apt-get install -y apache2 libapache2-mod-php
+fi
+
+cat > /var/www/html/index.php <<'EOF'
+<?php
+function metadata_value($value) {
+    $opts = array(
+        "http" => array(
+            "method" => "GET",
+            "header" => "Metadata-Flavor: Google"
+        )
+    );
+    $context = stream_context_create($opts);
+    $content = file_get_contents("http://metadata/computeMetadata/v1/$value", false, $context);
+    return $content;
+}
+if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == "http") {
+		$redirect = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
+		header('HTTP/1.1 301 Moved Permanently');
+		header('Location: ' . $redirect);
+		exit();
+}
+?>
+
+<!doctype html>
+<html>
+<head>
+<!-- Compiled and minified CSS -->
+<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/materialize/0.97.0/css/materialize.min.css">
+
+<!-- Compiled and minified JavaScript -->
+<script src="https://cdnjs.cloudflare.com/ajax/libs/materialize/0.97.0/js/materialize.min.js"></script>
+<title>Frontend Web Server</title>
+</head>
+<body>
+<div class="container">
+<div class="row">
+<div class="col s2">&nbsp;</div>
+<div class="col s8">
+
+<img src="/assets/gcp-logo.svg"/>
+
+<div class="card blue">
+<div class="card-content white-text">
+<div class="card-title">Backend that serviced this request</div>
+</div>
+<div class="card-content white">
+<table class="bordered">
+  <tbody>
+	<tr>
+	  <td>Name</td>
+	  <td><?php printf(metadata_value("instance/name")) ?></td>
+	</tr>
+	<tr>
+	  <td>ID</td>
+	  <td><?php printf(metadata_value("instance/id")) ?></td>
+	</tr>
+	<tr>
+	  <td>Hostname</td>
+	  <td><?php printf(metadata_value("instance/hostname")) ?></td>
+	</tr>
+	<tr>
+	  <td>Zone</td>
+	  <td><?php printf(metadata_value("instance/zone")) ?></td>
+	</tr>
+    <tr>
+	  <td>Machine Type</td>
+	  <td><?php printf(metadata_value("instance/machine-type")) ?></td>
+	</tr>
+	<tr>
+	  <td>Project</td>
+	  <td><?php printf(metadata_value("project/project-id")) ?></td>
+	</tr>
+	<tr>
+	  <td>Internal IP</td>
+	  <td><?php printf(metadata_value("instance/network-interfaces/0/ip")) ?></td>
+	</tr>
+	<tr>
+	  <td>External IP</td>
+	  <td><?php printf(metadata_value("instance/network-interfaces/0/access-configs/0/external-ip")) ?></td>
+	</tr>
+  </tbody>
+</table>
+</div>
+</div>
+
+<div class="card blue">
+<div class="card-content white-text">
+<div class="card-title">Proxy that handled this request</div>
+</div>
+<div class="card-content white">
+<table class="bordered">
+  <tbody>
+	<tr>
+	  <td>Address</td>
+	  <td><?php printf($_SERVER["HTTP_HOST"]); ?></td>
+	</tr>
+  </tbody>
+</table>
+</div>
+
+</div>
+</div>
+<div class="col s2">&nbsp;</div>
+</div>
+</div>
+</html>
+EOF
+
+mv /var/www/html/index.html /var/www/html/index.html.old || echo "Old index doesn't exist"
+
+[[ -n "${PROXY_PATH}" ]] && mkdir -p /var/www/html/${PROXY_PATH} && cp /var/www/html/index.php /var/www/html/${PROXY_PATH}/index.php
+
+chkconfig httpd on || systemctl enable httpd || systemctl enable apache2
+service httpd restart || systemctl restart httpd || systemctl restart apache2