incalculable-flag-48574
10/04/2022, 3:00 PMminiature-musician-31262
10/06/2022, 8:31 PMManagedSSLCertificate
, so not exactly the same thing as what you linked, but perhaps useful to refer to: https://www.pulumi.com/registry/packages/google-cloud-static-website/refined-pilot-45584
10/07/2022, 8:36 PMincalculable-flag-48574
10/12/2022, 1:19 PM// Create SSL certificat ressource
const myCertificate = new gcp.compute.SSLCertificate("defaultSSLCertificat", {
namePrefix: "my-domain-",
description: "certificates ressource for my-domain",
privateKey: fs.readFileSync("/PATH/TO/privkey.pem", "utf8"),
certificate: fs.readFileSync("/PATH/TO/fullchaincert.pem", "utf8")
});
// Create an HTTPS proxy to route requests to the URLMap.
const httpsProxy = new gcp.compute.TargetHttpsProxy("https-proxy", {
urlMap: urlMap.selfLink,
sslCertificates: [myCertificate.id]
});
// Create a GlobalForwardingRule rule to route requests to the HTTPS proxy.
const httpsForwardingRule = new gcp.compute.GlobalForwardingRule("https-forwarding-rule", {
ipAddress: ip.address,
ipProtocol: "TCP",
portRange: "443",
target: httpsProxy.selfLink,
});
But after that, as I have access to DNS manager, I also tested a ManagedSSLCertificate ressource using this two how-to:
https://cloud.google.com/certificate-manager/docs/deploy-google-managed-dns-auth
https://blog.searce.com/gcp-certificate-manager-dns-authorization-4c582b4b8a20
Even if there is some scripting to configure DNS authorization and ManagedSSLCertificate, I think it's a better way as certificate is self renewed.
Here is the code, "dns-auth-cert" is the name of ManagedSSLCertificate ressource created with "$ gcloud certificate-manager certificates create dns-auth-cert" :
// Get certificate from Managed Certificate ressource
const myCertificate = new gcp.compute.ManagedSslCertificate("dns-auth-cert", {
managed: {
domains: ['www.my.domain', 'my.domain']
}
});
Also, I defined an another httpProxy to redirect every http requests to httpsProxy :
// Create HTTP to HTTPS redirect
const urlMapRedirect = new gcp.compute.URLMap("url-map-redirect", {
defaultUrlRedirect: {
stripQuery: false,
httpsRedirect: true,
}
});
const httpProxy = new gcp.compute.TargetHttpProxy("http-proxy", {
urlMap: urlMapRedirect.selfLink,
})
const httpForwardingRule = new gcp.compute.GlobalForwardingRule("http-forwarding-rule", {
target: httpProxy.selfLink,
ipAddress: ip.address,
ipProtocol: "TCP",
portRange: "80",
// loadBalancingScheme: 'EXTERNAL', // default
});
All works fine, I can give you the complete sample if needed.
PS. This static http serverless sample is the frontend of a onepage JS app that need to call a REST API for backend storage. I try to configure this backend with GC Functions (https://www.pulumi.com/blog/simple-serverless-programming-with-google-cloud-functions-and-pulumi/) but that doesn't work by now. If you can help me, let me know ;-)