Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure Application Gateway with end-to-end SSL #16896

Closed
edsonmarquezani opened this issue Dec 11, 2017 · 2 comments
Closed

Azure Application Gateway with end-to-end SSL #16896

edsonmarquezani opened this issue Dec 11, 2017 · 2 comments
Labels
provider/azurerm question

Comments

@edsonmarquezani
Copy link

I'm currently having a hard time trying to setup an Application Gateway with end-to-end SSL on Azure.

First of all, I noticed the configuration (and documentation as well) is a bit confusing. The backend_http_settings block expects an authentication_certificate nested object/block, instead of a reference to it like all the other blocks (frontend_ip_configuration_name, backend_address_pool_name, etc).

I could get it to work with a configuration like this.

  backend_http_settings {
    name                  = "https"
    cookie_based_affinity = "Disabled"
    port                  = "${var.master_port}"
    protocol              = "Https"
    request_timeout       = 5
    probe_name            = "default"

    authentication_certificate {
      name = "master"
    }
  }

I'm also declaring a separate authentication_certificate block.

  authentication_certificate {
    name = "master"
    data = "${base64encode(file("files/keys/master.cer"))}"
  }

Documentation seems to indicate there's something to be fixed regarding this.
image

Anyway, applying it, I get a generic error from the API, and the resource ends up stuck with a Failed status on panel.

Error Creating/Updating ApplicationGateway network.ApplicationGatewaysClient#CreateOrUpdate: Failure sending request: StatusCode=200 -- Original Error: Long running operation terminated with status 'Failed': Code="InternalServerError" Message="An error occurred."

image

Any clues on this?

The complete resource configuration is below:

resource "azurerm_application_gateway" "master" {
  name                = "${var.master_lb_name_prefix}"
  location            = "${var.location}"
  resource_group_name = "${azurerm_resource_group.openshift.name}"

  sku {
    name     = "Standard_Small"
    tier     = "Standard"
    capacity = 2
  }

  gateway_ip_configuration {
    name      = "${var.master_lb_name_prefix}"
    subnet_id = "${var.application_gateway_subnet}"
  }

  ssl_certificate {
    name     = "default"
    data     = "${base64encode(file("files/keys/master.pfx"))}"
    password = ""
  }

  authentication_certificate {
    name = "master"
    data = "${base64encode(file("files/keys/master.cer"))}"
  }

  frontend_port {
    name = "https"
    port = "${var.master_port}"
  }

  frontend_ip_configuration {
    name                          = "default"
    private_ip_address_allocation = "Dynamic"
    subnet_id                     = "${var.application_gateway_subnet}"
  }

  backend_address_pool {
    name            = "${var.master_lb_name_prefix}-instances"
    ip_address_list = ["${azurerm_network_interface.master-if0.*.private_ip_address}"]
  }

  probe {
    name                = "default"
    protocol            = "Https"
    path                = "/"
    interval            = 5
    host                = "master.${var.cluster_domain}"
    timeout             = 4
    unhealthy_threshold = 3
  }

  backend_http_settings {
    name                  = "https"
    cookie_based_affinity = "Disabled"
    port                  = "${var.master_port}"
    protocol              = "Https"
    request_timeout       = 5
    probe_name            = "default"

    authentication_certificate {
      name = "master"
    }
  }

  http_listener {
    name                           = "https"
    frontend_ip_configuration_name = "default"
    frontend_port_name             = "https"
    protocol                       = "Https"
    ssl_certificate_name           = "default"
  }

  request_routing_rule {
    name                       = "default"
    rule_type                  = "Basic"
    http_listener_name         = "https"
    backend_address_pool_name  = "${var.master_lb_name_prefix}-instances"
    backend_http_settings_name = "https"
  }
}
@hashibot hashibot mentioned this issue Dec 11, 2017
Closed
@hashibot
Copy link
Contributor

This issue has been automatically migrated to hashicorp/terraform-provider-azurerm#619 because it looks like an issue with that provider. If you believe this is not an issue with the provider, please reply to this issue and let us know.

@ghost
Copy link

ghost commented Apr 5, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 5, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
provider/azurerm question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jbardin @edsonmarquezani @hashibot