prehistoric-nail-50687
11/09/2020, 3:00 PMpulumi/azure-nextgen
now I need to add a custom domain (and a managed certificate) to a web.WebApp
but I can’t find any hint on how to do so. Anyone knows more?tall-librarian-49374
11/09/2020, 6:52 PMprehistoric-nail-50687
11/10/2020, 7:39 AMconst verificationRecord = new cloudflare.Record("TXT verification record", {
zoneId: cloudflareZoneId,
name: `asuid.${subdomain}`,
type: "TXT",
value: `${azureAppVerificationToken}`,
});
const jobToolConfigServerApp = new web.WebApp(
"Docker App",
{
name: `pulumi-config`,
resourceGroupName: resourceGroup.name,
location: resourceGroup.location,
serverFarmId: plan.id,
siteConfig: {
alwaysOn: true,
linuxFxVersion: `DOCKER|${dockerImage}`,
},
},
{ dependsOn: verificationRecord }
);
const dnsRecord = new cloudflare.Record("CNAME record", {
name: subdomain,
zoneId: cloudflareZoneId,
type: "CNAME",
value: jobToolConfigServerApp.defaultHostName,
ttl: 300,
proxied: false,
});
const cert = new web.Certificate("Certificate", {
name: "mycert",
password: "xxxx",
location: resourceGroup.location,
resourceGroupName: resourceGroup.name,
serverFarmId: plan.id,
canonicalName: `${subdomain}.<http://mydomain.com|mydomain.com>`,
});
const hostNameBinding = new web.WebAppHostNameBinding("custom domain binding", {
name: "custom-domain-binding",
resourceGroupName: resourceGroup.name,
hostName: `${subdomain}.<http://mydomain.com|mydomain.com>`,
thumbprint: cert.thumbprint,
sslState: "SniEnabled",
});
This would do exactly what i want, if I omit/comment the creation of the cert
and the thumbprint
in the hostNameBinding
on the first run.
If I don’t do that, I get this:
azure-nextgen:web/latest:Certificate (mycert):
error: Code="BadRequest" Message="Properties.CanonicalName is invalid. Certificate creation requires hostname <http://pulumi-config.job-tool.net|pulumi-config.job-tool.net> added to an app in the serverFarmId /subscriptions/55f6bc5c-cb2d-4352-b37e-6b3c0854adcf/resourceGroups/pulumi-rg/providers/Microsoft.Web/serverfarms/linux-asp" Details=[{"Message":"Properties.CanonicalName is invalid. Certificate creation requires hostname <http://pulumi-config.job-tool.net|pulumi-config.job-tool.net> added to an app in the serverFarmId /subscriptions/55f6bc5c-cb2d-4352-b37e-6b3c0854adcf/resourceGroups/pulumi-rg/providers/Microsoft.Web/serverfarms/linux-asp"},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","ExtendedCode":"51021","Message":"Properties.CanonicalName is invalid. Certificate creation requires hostname <http://pulumi-config.job-tool.net|pulumi-config.job-tool.net> added to an app in the serverFarmId /subscriptions/55f6bc5c-cb2d-4352-b37e-6b3c0854adcf/resourceGroups/pulumi-rg/providers/Microsoft.Web/serverfarms/linux-asp","MessageTemplate":"{0} is invalid. {1}","Parameters":["Properties.CanonicalName","Certificate creation requires hostname <http://pulumi-config.job-tool.net|pulumi-config.job-tool.net> added to an app in the serverFarmId /subscriptions/55f6bc5c-cb2d-4352-b37e-6b3c0854adcf/resourceGroups/pulumi-rg/providers/Microsoft.Web/serverfarms/linux-asp"]}}]
The error message explains the issue quite clear: the WebAppHostNameBinding
has to exist before we are able to create a certificate for the given custom domain. Its easy to create a WebAppHostNameBinding
without the thumbprint
, but once cert was created, i have to go back and set the thumbprint
of the certificate back on the WebAppHostNameBinding
- is this somehow possible without running the stack twice with different resources?tall-librarian-49374
11/13/2020, 12:57 PMprehistoric-nail-50687
11/13/2020, 2:10 PMazure-nextgen
is not the best, I have identified two issues with it and both are related to bad API design on Azure/MS site. This one here and the one where ApplicationGateway needs references to resources within itself ( https://pulumi-community.slack.com/archives/CRVK66N5U/p1605110647220000). This kind of gives me the feeling that exposing the azure types directly is not the best thing to do.tall-librarian-49374
11/13/2020, 3:01 PMprehistoric-nail-50687
11/13/2020, 3:15 PMazurerm_app_service_custom_hostname_binding
to break the circular dependency: https://github.com/terraform-providers/terraform-provider-azurerm/issues/8069tall-librarian-49374
11/13/2020, 3:16 PMprehistoric-nail-50687
11/13/2020, 3:17 PM