stackoom
  简体   繁体   中英

Attaching SSL certificate to Azure application gateway in Terraform

 原文  2018-02-16 10:54:49       azure/ terraform/ azure-application-gateway

Question

It's been somewhat long I'm trying to automate the deployment of an application gateway using Terraform but it simply fails with an error message. I have made sure all protocol settings to HTTPS. However, I doubt there is something fishy with the PFX certificate.

Is it that I'm not supplying the authentication certificate due to which it's failing? Tried a lot over the web to get a solution but there are no mentions of this.

Terraform Code: 

# Create a resource group
resource "azurerm_resource_group" "rg" {
  name     = "my-rg-application-gateway-12345"
  location = "West US"
}

# Create a application gateway in the web_servers resource group
resource "azurerm_virtual_network" "vnet" {
  name                = "my-vnet-12345"
  resource_group_name = "${azurerm_resource_group.rg.name}"
  address_space       = ["10.254.0.0/16"]
  location            = "${azurerm_resource_group.rg.location}"
}

resource "azurerm_subnet" "sub1" {
  name                 = "my-subnet-1"
  resource_group_name  = "${azurerm_resource_group.rg.name}"
  virtual_network_name = "${azurerm_virtual_network.vnet.name}"
  address_prefix       = "10.254.0.0/24"
}

resource "azurerm_subnet" "sub2" {
  name                 = "my-subnet-2"
  resource_group_name  = "${azurerm_resource_group.rg.name}"
  virtual_network_name = "${azurerm_virtual_network.vnet.name}"
  address_prefix       = "10.254.2.0/24"
}

resource "azurerm_public_ip" "pip" {
  name                         = "my-pip-12345"
  location                     = "${azurerm_resource_group.rg.location}"
  resource_group_name          = "${azurerm_resource_group.rg.name}"
  public_ip_address_allocation = "dynamic"
}

# Create an application gateway
resource "azurerm_application_gateway" "network" {
  name                = "my-application-gateway-12345"
  resource_group_name = "${azurerm_resource_group.rg.name}"
  location            = "West US"

  sku {
    name           = "Standard_Small"
    tier           = "Standard"
    capacity       = 2
  }

  gateway_ip_configuration {
      name         = "my-gateway-ip-configuration"
      subnet_id    = "${azurerm_virtual_network.vnet.id}/subnets/${azurerm_subnet.sub1.name}"
  }

  ssl_certificate {
    name     = "certificate"
    data     = "${base64encode(file("mycert.pfx"))}"
    password = "XXXXXXX"
  }

  frontend_port {
      name         = "${azurerm_virtual_network.vnet.name}-feport"
      port         = 80
  }

  frontend_ip_configuration {
      name         = "${azurerm_virtual_network.vnet.name}-feip"
      public_ip_address_id = "${azurerm_public_ip.pip.id}"
  }

  backend_address_pool {
      name = "${azurerm_virtual_network.vnet.name}-beap"
  }

  backend_http_settings {
      name                  = "${azurerm_virtual_network.vnet.name}-be-htst"
      cookie_based_affinity = "Disabled"
      port                  = 443
      protocol              = "Https"
     request_timeout        = 1
  }

  http_listener {
        name                                  = "${azurerm_virtual_network.vnet.name}-httpslstn"
        frontend_ip_configuration_name        = "${azurerm_virtual_network.vnet.name}-feip"
        frontend_port_name                    = "${azurerm_virtual_network.vnet.name}-feport"
        protocol                              = "https"
  }

  request_routing_rule {
          name                       = "${azurerm_virtual_network.vnet.name}-rqrt"
          rule_type                  = "Basic"
          http_listener_name         = "${azurerm_virtual_network.vnet.name}-httpslstn"
          backend_address_pool_name  = "${azurerm_virtual_network.vnet.name}-beap"
          backend_http_settings_name = "${azurerm_virtual_network.vnet.name}-be-htst"
  }
}

Error: 

Error: Error applying plan:

1 error(s) occurred:

* azurerm_application_gateway.network: 1 error(s) occurred:

* azurerm_application_gateway.network: Error Creating/Updating ApplicationGateway "my-application-gateway-12345" (Resource Group "my-rg-application-gateway-12345"): network.ApplicationGatewaysClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="ApplicationGatewayHttpsListenerMustReferenceSslCert" Message="Http Listener /subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/my-rg-application-gateway-12345/providers/Microsoft.Network/applicationGateways/my-application-gateway-12345/httpListeners/my-vnet-12345-httpslstn uses protocol Https. Ssl Certificate must be specified." Details=[]

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

1 answers

solution1
 3 ACCPTED  2018-02-16 12:14:23

正如所提到的azurerm_application_gateway文档 ,您需要将添加ssl_certificate_namehttp_listener使用时,块https

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Trying to attach SSL certificate on application gateway using azure terraform SSL certificate for Azure Application Gateway for SSL offload Terraform Azure Application Gateway unable to associate with certificate in key vault Azure application Gateway terraform Azure Application Gateway SSL Certificate: Data must be specified for Certificat How to configure SSL in Azure Application GateWay with intermediate certificate and pfx file? Terraform bind SSL Certificate to Azure WebApp Client certificate with Azure Application Gateway Certificate error Azure Application Gateway Azure Application Gateway SSL setup
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM