我尝试使用 Terraform 自动部署应用程序网关已经花了很长时间,但它只是失败并显示错误消息。我已确保所有协议设置为 HTTPS。不过,我怀疑 PFX 证书有问题。
是不是我没有提供身份验证证书导致失败?在网上尝试了很多方法来获得解决方案,但没有提到这一点。
地形代码:
# Create a resource group
resource "azurerm_resource_group" "rg" {
name = "my-rg-application-gateway-12345"
location = "West US"
}
# Create a application gateway in the web_servers resource group
resource "azurerm_virtual_network" "vnet" {
name = "my-vnet-12345"
resource_group_name = "${azurerm_resource_group.rg.name}"
address_space = ["10.254.0.0/16"]
location = "${azurerm_resource_group.rg.location}"
}
resource "azurerm_subnet" "sub1" {
name = "my-subnet-1"
resource_group_name = "${azurerm_resource_group.rg.name}"
virtual_network_name = "${azurerm_virtual_network.vnet.name}"
address_prefix = "10.254.0.0/24"
}
resource "azurerm_subnet" "sub2" {
name = "my-subnet-2"
resource_group_name = "${azurerm_resource_group.rg.name}"
virtual_network_name = "${azurerm_virtual_network.vnet.name}"
address_prefix = "10.254.2.0/24"
}
resource "azurerm_public_ip" "pip" {
name = "my-pip-12345"
location = "${azurerm_resource_group.rg.location}"
resource_group_name = "${azurerm_resource_group.rg.name}"
public_ip_address_allocation = "dynamic"
}
# Create an application gateway
resource "azurerm_application_gateway" "network" {
name = "my-application-gateway-12345"
resource_group_name = "${azurerm_resource_group.rg.name}"
location = "West US"
sku {
name = "Standard_Small"
tier = "Standard"
capacity = 2
}
gateway_ip_configuration {
name = "my-gateway-ip-configuration"
subnet_id = "${azurerm_virtual_network.vnet.id}/subnets/${azurerm_subnet.sub1.name}"
}
ssl_certificate {
name = "certificate"
data = "${base64encode(file("mycert.pfx"))}"
password = "XXXXXXX"
}
frontend_port {
name = "${azurerm_virtual_network.vnet.name}-feport"
port = 80
}
frontend_ip_configuration {
name = "${azurerm_virtual_network.vnet.name}-feip"
public_ip_address_id = "${azurerm_public_ip.pip.id}"
}
backend_address_pool {
name = "${azurerm_virtual_network.vnet.name}-beap"
}
backend_http_settings {
name = "${azurerm_virtual_network.vnet.name}-be-htst"
cookie_based_affinity = "Disabled"
port = 443
protocol = "Https"
request_timeout = 1
}
http_listener {
name = "${azurerm_virtual_network.vnet.name}-httpslstn"
frontend_ip_configuration_name = "${azurerm_virtual_network.vnet.name}-feip"
frontend_port_name = "${azurerm_virtual_network.vnet.name}-feport"
protocol = "https"
}
request_routing_rule {
name = "${azurerm_virtual_network.vnet.name}-rqrt"
rule_type = "Basic"
http_listener_name = "${azurerm_virtual_network.vnet.name}-httpslstn"
backend_address_pool_name = "${azurerm_virtual_network.vnet.name}-beap"
backend_http_settings_name = "${azurerm_virtual_network.vnet.name}-be-htst"
}
}
Error:
Error: Error applying plan:
1 error(s) occurred:
* azurerm_application_gateway.network: 1 error(s) occurred:
* azurerm_application_gateway.network: Error Creating/Updating ApplicationGateway "my-application-gateway-12345" (Resource Group "my-rg-application-gateway-12345"): network.ApplicationGatewaysClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="ApplicationGatewayHttpsListenerMustReferenceSslCert" Message="Http Listener /subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/my-rg-application-gateway-12345/providers/Microsoft.Network/applicationGateways/my-application-gateway-12345/httpListeners/my-vnet-12345-httpslstn uses protocol Https. Ssl Certificate must be specified." Details=[]
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
正如中提到的azurerm_application_gateway 文档你需要添加ssl_certificate_name
给你的http_listener
使用时阻塞https
.
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)