diff --git a/modules/net-lb-app-ext/README.md b/modules/net-lb-app-ext/README.md
index 159d4c9f58..f404f105e1 100644
--- a/modules/net-lb-app-ext/README.md
+++ b/modules/net-lb-app-ext/README.md
@@ -12,6 +12,7 @@ Due to the complexity of the underlying resources, changes to the configuration
- [Minimal HTTPS examples](#minimal-https-examples)
- [HTTP backends](#http-backends)
- [HTTPS backends](#https-backends)
+ - [HTTP to HTTPS redirect](#http-to-https-redirect)
- [Classic vs Non-classic](#classic-vs-non-classic)
- [Health Checks](#health-checks)
- [Backend Types and Management](#backend-types-and-management)
@@ -32,7 +33,6 @@ Due to the complexity of the underlying resources, changes to the configuration
- [Outputs](#outputs)
-
### Minimal HTTP Example
An HTTP load balancer with a backend service pointing to a GCE instance group:
@@ -123,6 +123,63 @@ module "glb-0" {
# tftest modules=1 resources=6
```
+#### HTTP to HTTPS redirect
+
+Redirect is implemented via an additional HTTP load balancer with a custom URL map, similarly to how it's done via the GCP Console. The address shared by the two load balancers needs to be reserved.
+
+```hcl
+module "addresses" {
+ source = "./fabric/modules/net-address"
+ project_id = "myprj"
+ global_addresses = ["glb-test-0"]
+}
+
+module "glb-test-0-redirect" {
+ source = "./fabric/modules/net-lb-app-ext"
+ project_id = "myprj"
+ name = "glb-test-0-redirect"
+ address = (
+ module.addresses.global_addresses["glb-test-0"].address
+ )
+ health_check_configs = {}
+ urlmap_config = {
+ description = "URL redirect for glb-test-0."
+ default_url_redirect = {
+ https = true
+ response_code = "MOVED_PERMANENTLY_DEFAULT"
+ }
+ }
+}
+
+module "glb-test-0" {
+ source = "./fabric/modules/net-lb-app-ext"
+ project_id = "myprj"
+ name = "glb-test-0"
+ use_classic_version = false
+ address = (
+ module.addresses.global_addresses["glb-test-0"].address
+ )
+ backend_service_configs = {
+ default = {
+ backends = [
+ { backend = "projects/myprj/zones/europe-west8-b/instanceGroups/myig-b" },
+ ]
+ protocol = "HTTP"
+ }
+ }
+ protocol = "HTTPS"
+ ssl_certificates = {
+ managed_configs = {
+ default = {
+ domains = ["glb-test.example.com"]
+ }
+ }
+ }
+}
+
+# tftest modules=3 resources=10
+```
+
### Classic vs Non-classic
The module uses a classic Global Load Balancer by default. To use the non-classic version set the `use_classic_version` variable to `false` as in the following example, note that the module is not enforcing feature sets between the two versions:
@@ -782,7 +839,6 @@ module "glb-0" {
-
## Files
| name | description | resources |
@@ -819,7 +875,7 @@ module "glb-0" {
| [ports](variables.tf#L187) | Optional ports for HTTP load balancer, valid ports are 80 and 8080. | list(string)
| | null
|
| [protocol](variables.tf#L198) | Protocol supported by this load balancer. | string
| | "HTTP"
|
| [ssl_certificates](variables.tf#L211) | SSL target proxy certificates (only if protocol is HTTPS) for existing, custom, and managed certificates. | object({…})
| | {}
|
-| [urlmap_config](variables-urlmap.tf#L19) | The URL map configuration. | object({…})
| | {…}
|
+| [urlmap_config](variables-urlmap.tf#L19) | The URL map configuration. | object({…})
| | {…}
|
| [use_classic_version](variables.tf#L228) | Use classic Global Load Balancer. | bool
| | true
|
## Outputs
@@ -834,5 +890,4 @@ module "glb-0" {
| [health_check_ids](outputs.tf#L48) | Autogenerated health check ids. | |
| [id](outputs.tf#L55) | Fully qualified forwarding rule id. | |
| [neg_ids](outputs.tf#L60) | Autogenerated network endpoint group ids. | |
-
diff --git a/modules/net-lb-app-ext/variables-urlmap.tf b/modules/net-lb-app-ext/variables-urlmap.tf
index e4b72dfec4..8cf7d7ec2e 100644
--- a/modules/net-lb-app-ext/variables-urlmap.tf
+++ b/modules/net-lb-app-ext/variables-urlmap.tf
@@ -83,7 +83,7 @@ variable "urlmap_config" {
path = optional(string)
prefix = optional(string)
response_code = optional(string)
- strip_query = optional(bool)
+ strip_query = optional(bool, false)
}))
header_action = optional(object({
request_add = optional(map(object({