Open iranzoferri opened 6 months ago
Firstly, I am glad to hear you like this provider :)
I am trying to reproduce this issue, but I am unable to get it. Have you imported the resource after manually creating it?
I am correct to assume you already have an SSL certificate setup in the SSL Certificates
tab? If so, then you should be able to just copy the ID (can be found by clicking on the 3 dots) and placing that in the certificate_id property of the nginxproxymanager_proxy_host
resource.
resource "nginxproxymanager_proxy_host" "fog" {
...
certificate_id = 1
}
After the next apply, you should not receive any changes the next times.
Sorry if I don't explain the situation very well, the steps I follow to arrive to this situation are:
I defined the nginxproxymanager_proxy_host like that:
resource "nginxproxymanager_proxy_host" "redacted" {
domain_names = ["redacted.com", "www.redacted.com"]
forward_scheme = "https"
forward_host = "xxx.xxx.xxx.14"
forward_port = 80
caching_enabled = true
allow_websocket_upgrade = true
block_exploits = true
access_list_id = 0 # Publicly Accessible
certificate_id = 68
ssl_forced = false
hsts_enabled = false
hsts_subdomains = false
http2_support = false
advanced_config = ""
}
ssl_forced = true
hsts_enabled = true
hsts_subdomains = false
http2_support = true
At this point I don't know how to maintain the infra because,
Please help me, I don't understand, I don't know if I'm doing something wrong. Thank you very much.
Oh!, I catch the exception, If every think is the same, I mean, it is in sync, then the terraform output is:
No changes. Your infrastructure matches the configuration.
but, just when you change something, "https" -> "http" in this case, the meta is deleted as is shown below:
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following
symbols:
~ update in-place
Terraform will perform the following actions:
# nginxproxymanager_proxy_host.********** will be updated in-place
~ resource "nginxproxymanager_proxy_host" "**********" {
~ forward_scheme = "https" -> "http"
id = 53
~ meta = {
- "dns_challenge" = "true"
- "dns_provider" = "\"route53\""
- "dns_provider_credentials" = "\"[default]\\r\\naws_access_key_id=*********************\\r\\naws_secret_access_key=********************************\""
- "letsencrypt_agree" = "true"
- "letsencrypt_email" = "\"**********@**********.com\""
- "nginx_err" = "null"
- "nginx_online" = "true"
} -> (known after apply)
~ modified_on = "2023-12-22T16:41:02.000Z" -> (known after apply)
# (15 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
I hope that this example helps to understand the issue. Thanks. Best regards.
I think I understand what your issue is, but there is no need to store the DNS settings in the proxy host. They only need to be stored in the certificate. You can safely let the metadata be removed from the proxy provider.
First, thank you very much for this amazing work, I appreciate it a lot.
I have dns_challenge on all my hosts, this setting is read-only and I can't configure it before the first plan/apply, ok, no problem I will do that after, manually, so... next, in each plan/apply, this "meta" data is deleted.
This is the output when I try to plan each change, making this provider unusable when you have dns_challenge configured:
Obviously, when I try to configure it, I can't, the output is: "Cannot set value for this attribute as the provider has marked it as read-only. Remove the configuration line setting the value."
The question is, is there a way to tell to the provider do not touch this data, or is it really not read-only? Please, if this a well known fact and there is no way to solve it, it'll a good idea to put a brief note advertising this behavior.
Thanks in advance.