search

Azure / terraform-azurerm-avm-res-network-applicationgateway

Azure Application Gateway serves as a web traffic load balancer, allowing you to efficiently handle traffic for your web applications. This Terraform module is designed for the rapid creation of an Application Gateway that includes various customizable features.
MIT License
7 stars 6 forks source link

[AVM Module Issue]: Using letsencrypt certificates within http_listeners #88

Open izvictor opened 2 days ago

izvictor commented 2 days ago

Check for previous/existing GitHub issues

Issue Type?

I'm not sure

(Optional) Module Version

No response

(Optional) Correlation Id

No response

Description

Hello, The public IP resource creation is today incorporated in the AVM App Gateway module and as mentioned by the issue 67 it was a choice of having this behavior in order maintain the same setup as the portal experience. The issue we are encountering is the usage of a letsencrypt certificate for our http_listeners during the app gateway creation .

Before the usage of the app gateway AVM module the order of the app gateway creation was:

  1. Creating the public IP resource
  2. Creating the DNS A record for the public IP (public host name)
  3. Creating the acme letsencrypt certificate for the public host name , the host name creation is important because of the DNS challenge of letsencrypt
  4. Storing the certificate in a key vault
  5. Creation of the App gateway using the new created key vault certificate reference.

The problem if we want to use the current AVM App Gateway the PIP is not accessible and the DNS record cannot be created before the creation of the PIP resource and so we are unable to create an SSL certificate because of the DNS challenge failure of acme letsencrypt.

Will you be willing to reconsider the creation of the PIP resource inside the AVM App Gateway module and allow users to define their own PIP instance and link it with the app gateway instance ?

What do you think ? Thanks for help and suggestions Victor

mofaizal commented 1 day ago

Thanks @izvictor for the feedback, understand the requirements will work this.

You can provide input to use pre-created public IP. otherwise default module will create public IP, hope this helps

88 Option to create a new public IP or use an existing one

public_ip_resource_id = azurerm_public_ip.public_ip.id create_public_ip = false

mofaizal commented 14 hours ago

The changes right now at branch version 0.3.0, possible please validate let me know your feedback, if not comment or changes i will merge with main and release it.

The example at https://github.com/Azure/terraform-azurerm-avm-res-network-applicationgateway/tree/version-0.3.0/examples/simple_http_probe_app_gateway