Is there a web redirect method or example using an application gateway using terraform?

Question

Hello, im trying to create a service for web redirect through the application gateway using terraform.

I would like to authenticate the application gateway sl with the free certified (azurm_app_service_managed_certified) of the azure app service plan, is there an example?

Currently, thinking about the composition as follows. However, azurem_application_gateway is demanding ssl certification, so I don't know how to work.

Please let me know if there's a way to solve the problem in that way or in another way.

The problem with the script below is that if you want to use https in the application gateway, you have to use certificate, and I want to make and use free certificated in the service plan.

 resource "azurerm_application_gateway" "app_gateway" {
   provider = azurerm.generic

   name                = "${local.service_name}-app-gateway"
   resource_group_name = azurerm_resource_group.rg.name
   location            = azurerm_resource_group.rg.location
   enable_http2        = true

   sku {
     name     = "Standard_Small"
     tier     = "Standard" # v1
     capacity = 2
   }

   gateway_ip_configuration {
     name      = "${local.service_name}-ip-config"
     subnet_id = azurerm_subnet.front_subnet.id
   }

   frontend_port {
     name = local.frontend_port_name
     port = 80
   }        

   frontend_ip_configuration {
     name                 = local.frontend_ip_configuration_name
     public_ip_address_id = azurerm_public_ip.pub_ip.id
   }

   backend_address_pool {
     name  = "${azurerm_virtual_network.vn.name}-beap"
     fqdns = [local.host_name]
   }

   backend_http_settings {
     name                  = local.http_setting_name
     cookie_based_affinity = "Disabled"
     port                  = 80
     protocol              = "Http"
     request_timeout       = 60
     host_name             = local.host_name
   }

   http_listener {
     name                           = "${local.listener_name}-http"
     frontend_ip_configuration_name = local.frontend_ip_configuration_name
     frontend_port_name             = local.frontend_port_name
     protocol                       = "Http"
   }

   request_routing_rule {
     name                       = "${local.request_routing_rule_name}-http"
     rule_type                  = "Basic"
     http_listener_name         = "${local.listener_name}-http"
     redirect_configuration_name = local.redirect_configuration_name 
   }

   redirect_configuration {
     name                 = local.redirect_configuration_name
     redirect_type        = "Permanent"
     include_path         = false
     include_query_string = false
     target_listener_name = "${local.listener_name}-https"
   }

   lifecycle {
     ignore_changes = [
       backend_address_pool,
       backend_http_settings,
       frontend_port,
       http_listener,
       request_routing_rule,
       ssl_certificate,
       redirect_configuration
     ]
   }
 }
 resource "azurerm_dns_zone" "zone" {
   provider = azurerm.generic

   for_each            = toset(local.dns_zone_names)
   name                = each.key
   resource_group_name = azurerm_resource_group.rg.name
 }

 resource "azurerm_app_service_plan" "service_plan" {
   provider = azurerm.generic

   name                = "${local.service_name}-service-plan"
   location            = azurerm_resource_group.rg.location
   resource_group_name = azurerm_resource_group.rg.name

   sku {
     tier = "Basic"
     size = "B1"
   }
 }

 resource "azurerm_app_service" "service" {
   provider = azurerm.generic

   name                = "${local.service_name}-service"
   app_service_plan_id = azurerm_app_service_plan.service_plan.id
   location            = azurerm_resource_group.rg.location
   resource_group_name = azurerm_resource_group.rg.name
 }

resource "azurerm_dns_cname_record" "dns_cname" {
  provider = azurerm.generic

  name                = "www"
  for_each            = azurerm_dns_zone.zone
  zone_name           = azurerm_dns_zone.zone[each.key].name
  resource_group_name = azurerm_resource_group.rg.name
  ttl                 = 300
  record              = azurerm_app_service.service.default_site_hostname
}

resource "azurerm_dns_txt_record" "dns_txt" {
  provider = azurerm.generic

  for_each            = azurerm_dns_zone.zone
  name                = "asuid.${azurerm_dns_cname_record.dns_cname[each.key].name}"
  zone_name           = azurerm_dns_zone.zone[each.key].name
  resource_group_name = azurerm_resource_group.rg.name
  ttl                 = 300
  record {
    value = azurerm_app_service.service.custom_domain_verification_id
  }
}

 resource "azurerm_app_service_custom_hostname_binding" "service_host_bind" {
   provider = azurerm.generic

   count               = length(local.dns_zone_names)
   hostname            = "${local.dns_zone_names[count.index]}"
   app_service_name    = azurerm_app_service.service.name
   resource_group_name = azurerm_resource_group.rg.name

   lifecycle {
     ignore_changes = [ssl_state, thumbprint]
   }

   depends_on                      = [
     azurerm_app_service.service,
     azurerm_resource_group.rg
   ]
 }

 resource "azurerm_app_service_managed_certificate" "service_manage_cert" {
   provider = azurerm.generic

   count                       = length(local.dns_zone_names)
   custom_hostname_binding_id  = azurerm_app_service_custom_hostname_binding.service_host_bind[count.index].id
 }

 resource "azurerm_app_service_certificate_binding" "service_certi_bind" {
   provider = azurerm.generic

   count                       = length(local.dns_zone_names)
   hostname_binding_id = azurerm_app_service_custom_hostname_binding.service_host_bind[count.index].id
   certificate_id      = azurerm_app_service_managed_certificate.service_manage_cert[count.index].id

   ssl_state = "SniEnabled"
 }

i want a service that simply directs to another website through dns using terraform, and if there is any other way, please let us know. (include http to https)

To protect and prevent website abuse, we would like to redirect multiple domains to one website.
e.x)
adomain.net -> www.example.com
bdomain.tv -> www.example.com
...

Answer 1

@Heeyoung Eom (엄희영) Thankyou for your pateince while I was looking into this issue.

I understand that you want to make use of the free certificate in the App service plan and use it with the Application Gateway. However, this is not possible as the App Service Managed Certificate (ASMC) only lives within App Service.

Further, I also see that you want to redirect multiple domains to one website using Application Gateway, please correct me otherwise. In order to achieve this, you can make use of Application Gateway redirect feature. It does the following redirects:

• Global redirection

Redirects from one listener to another listener on the gateway. This enables HTTP to HTTPS redirection on a site.

• Path-based redirection

This type of redirection enables HTTP to HTTPS redirection only on a specific site area, for example a shopping cart area denoted by /cart/*.

• Redirect to external site

Regarding Terraform support, we do not provide it here and suggest you to reach out to the Terraform community for the same. Hope this helps. Please do let us know if you have further questions/concerns and we will be glad to assist further. Thank you!

Remember:

Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

Want a reminder to come back and check responses? Here is how to subscribe to a notification.