Skip to content

Commit 431da26

Browse files
jakubnojakubno
authored
Add SSL policies to HTTPS proxies in network configuration (#1468)
1 parent 8b08f0c commit 431da26

2 files changed

Lines changed: 16 additions & 0 deletions

File tree

iac/provider-gcp/nomad-cluster/network/ingress.tf

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -62,9 +62,17 @@ resource "google_compute_global_address" "ingress_ipv4" {
6262
ip_version = "IPV4"
6363
}
6464

65+
resource "google_compute_ssl_policy" "ingress" {
66+
name = "${var.prefix}ingress-ssl-policy"
67+
profile = "MODERN"
68+
min_tls_version = "TLS_1_2"
69+
}
70+
6571
resource "google_compute_target_https_proxy" "ingress" {
6672
name = "${var.prefix}ingress-https"
6773
url_map = google_compute_url_map.ingress.self_link
6874

75+
ssl_policy = google_compute_ssl_policy.ingress.self_link
76+
6977
certificate_map = "//certificatemanager.googleapis.com/${google_certificate_manager_certificate_map.certificate_map.id}"
7078
}

iac/provider-gcp/nomad-cluster/network/main.tf

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -321,10 +321,18 @@ resource "google_compute_url_map" "orch_map" {
321321
}
322322

323323
### IPv4 block ###
324+
resource "google_compute_ssl_policy" "default" {
325+
name = "${var.prefix}https-proxy-ssl-policy"
326+
profile = "MODERN"
327+
min_tls_version = "TLS_1_2"
328+
}
329+
324330
resource "google_compute_target_https_proxy" "default" {
325331
name = "${var.prefix}https-proxy"
326332
url_map = google_compute_url_map.orch_map.self_link
327333

334+
ssl_policy = google_compute_ssl_policy.default.self_link
335+
328336
certificate_map = "//certificatemanager.googleapis.com/${google_certificate_manager_certificate_map.certificate_map.id}"
329337
}
330338

0 commit comments

Comments
 (0)