1
0
Fork 0
mirror of https://github.com/imjasonh/gcloud-help synced 2026-07-08 18:45:13 +00:00
gcloud-help/gcloud/compute/target-https-proxies/update

300 lines
12 KiB
Text
Raw Normal View History

2022-03-01 04:29:52 +00:00
NAME
gcloud compute target-https-proxies update - update a target HTTPS proxy
SYNOPSIS
gcloud compute target-https-proxies update NAME
2024-06-12 09:25:04 +00:00
[--quic-override=QUIC_OVERRIDE] [--tls-early-data=TLS_EARLY_DATA]
[--url-map=URL_MAP]
2023-04-26 10:24:37 +00:00
[--certificate-manager-certificates=[CERTIFICATE_MANAGER_CERTIFICATES,
...] | --clear-ssl-certificates
2022-06-29 09:00:05 +00:00
| --ssl-certificates=SSL_CERTIFICATE,[...] --global-ssl-certificates
2023-04-26 10:24:37 +00:00
| --ssl-certificates-region=SSL_CERTIFICATES_REGION
| --certificate-map=CERTIFICATE_MAP | --clear-certificate-map]
2023-07-20 11:47:25 +00:00
[--clear-http-keep-alive-timeout-sec
| --http-keep-alive-timeout-sec=HTTP_KEEP_ALIVE_TIMEOUT_SEC]
2024-07-31 09:35:16 +00:00
[--clear-server-tls-policy | --server-tls-policy=SERVER_TLS_POLICY]
2022-09-28 10:27:48 +00:00
[--clear-ssl-policy | --ssl-policy=SSL_POLICY --global-ssl-policy
| --ssl-policy-region=SSL_POLICY_REGION] [--global | --region=REGION]
2022-03-01 04:29:52 +00:00
[--global-url-map | --url-map-region=URL_MAP_REGION]
[GCLOUD_WIDE_FLAG ...]
DESCRIPTION
gcloud compute target-https-proxies update is used to change the SSL
certificate and/or URL map of existing target HTTPS proxies. A target HTTPS
proxy is referenced by one or more forwarding rules which specify the
network traffic that the proxy is responsible for routing. The target HTTPS
proxy in turn points to a URL map that defines the rules for routing the
requests. The URL map's job is to map URLs to backend services which handle
the actual requests. The target HTTPS proxy also points to at most 15 SSL
certificates used for server-side authentication. The target HTTPS proxy
can be associated with at most one SSL policy.
EXAMPLES
Update the URL map of a global target HTTPS proxy by running:
$ gcloud compute target-https-proxies update PROXY_NAME \
--url-map=URL_MAP
Update the SSL certificate of a global target HTTPS proxy by running:
$ gcloud compute target-https-proxies update PROXY_NAME \
--ssl-certificates=SSL_CERTIFIFCATE
Update the URL map of a global target HTTPS proxy by running:
$ gcloud compute target-https-proxies update PROXY_NAME \
--url-map=URL_MAP --region=REGION_NAME
Update the SSL certificate of a global target HTTPS proxy by running:
$ gcloud compute target-https-proxies update PROXY_NAME \
--ssl-certificates=SSL_CERTIFIFCATE --region=REGION_NAME
POSITIONAL ARGUMENTS
NAME
Name of the target HTTPS proxy to update.
FLAGS
--quic-override=QUIC_OVERRIDE
Controls whether load balancer may negotiate QUIC with clients. QUIC is
a new transport which reduces latency compared to that of TCP. See
https://www.chromium.org/quic for more details. QUIC_OVERRIDE must be
one of:
DISABLE
Disallows load balancer to negotiate QUIC with clients.
ENABLE
Allows load balancer to negotiate QUIC with clients.
NONE
Allows Google to control when QUIC is rolled out.
2024-06-12 09:25:04 +00:00
--tls-early-data=TLS_EARLY_DATA
TLS 1.3 Early Data ("0-RTT" or "zero round trip") allows clients to
include HTTP request data alongside a TLS handshake. This can improve
application performance, especially on networks where connection
interruptions may be common, such as on mobile. This applies to both
HTTP over TCP (ie: HTTP/1.1 and HTTP/2) and HTTP/3 over QUIC.
TLS_EARLY_DATA must be one of:
DISABLED
TLS 1.3 Early Data is not advertised, and any (invalid) attempts to
send Early Data will be rejected.
PERMISSIVE
Enables TLS 1.3 Early Data for requests with safe HTTP methods
(GET, HEAD, OPTIONS, TRACE). This mode does not enforce any other
limitations for requests with Early Data. The application owner
should validate that Early Data is acceptable for a given request
path.
STRICT
Enables TLS 1.3 Early Data for requests with safe HTTP methods, and
HTTP requests that do not have query parameters. Requests that send
Early Data containing non-idempotent HTTP methods or with query
parameters will be rejected with a HTTP 425.
2022-03-01 04:29:52 +00:00
--url-map=URL_MAP
A reference to a URL map resource. A URL map defines the mapping of
URLs to backend services. Before you can refer to a URL map, you must
create the URL map. To delete a URL map that a target proxy is
referring to, you must first delete the target HTTPS proxy.
2022-06-29 09:00:05 +00:00
At most one of these can be specified:
At most one of these can be specified:
2023-04-26 10:24:37 +00:00
Certificate resource - certificate-manager-certificates to attach.
This represents a Cloud resource. (NOTE) Some attributes are not given
2023-05-04 10:43:54 +00:00
arguments in this group but can be set in other ways.
To set the project attribute:
2023-04-26 10:24:37 +00:00
▫ provide the argument --certificate-manager-certificates on the
command line with a fully specified name;
2022-06-29 09:00:05 +00:00
▫ provide the argument --project on the command line;
2023-05-04 10:43:54 +00:00
▫ set the property core/project.
To set the location attribute:
2023-04-26 10:24:37 +00:00
▫ provide the argument --certificate-manager-certificates on the
command line with a fully specified name;
2022-06-29 09:00:05 +00:00
▫ default value of location is [global].
2023-04-26 10:24:37 +00:00
--certificate-manager-certificates=[CERTIFICATE_MANAGER_CERTIFICATES,...]
IDs of the certificates or fully qualified identifiers for the
2023-05-04 10:43:54 +00:00
certificates.
To set the certificate attribute:
2023-04-26 10:24:37 +00:00
◇ provide the argument --certificate-manager-certificates on
the command line.
2022-06-29 09:00:05 +00:00
2023-04-26 10:24:37 +00:00
--clear-ssl-certificates
Remove any attached SSL certificates from the HTTPS proxy.
2022-06-29 09:00:05 +00:00
2023-04-26 10:24:37 +00:00
--ssl-certificates=SSL_CERTIFICATE,[...]
References to at most 15 SSL certificate resources that are used
for server-side authentication. The first SSL certificate in this
list is considered the primary SSL certificate associated with the
load balancer. The SSL certificates must exist and cannot be
deleted while referenced by a target HTTPS proxy.
2022-06-29 09:00:05 +00:00
At most one of these can be specified:
--global-ssl-certificates
If set, the ssl certificates are global.
--ssl-certificates-region=SSL_CERTIFICATES_REGION
Region of the ssl certificates to operate on. If not specified, you
might be prompted to select a region (interactive mode only).
To avoid prompting when this flag is omitted, you can set the
compute/region property:
$ gcloud config set compute/region REGION
A list of regions can be fetched by running:
$ gcloud compute regions list
To unset the property, run:
$ gcloud config unset compute/region
Alternatively, the region can be stored in the environment variable
CLOUDSDK_COMPUTE_REGION.
2023-04-26 10:24:37 +00:00
At most one of these can be specified:
Certificate map resource - The certificate map to attach. This
represents a Cloud resource. (NOTE) Some attributes are not given
2023-05-04 10:43:54 +00:00
arguments in this group but can be set in other ways.
To set the project attribute:
2023-04-26 10:24:37 +00:00
▫ provide the argument --certificate-map on the command line with a
fully specified name;
▫ provide the argument --project on the command line;
2023-05-04 10:43:54 +00:00
▫ set the property core/project.
To set the location attribute:
2023-04-26 10:24:37 +00:00
▫ provide the argument --certificate-map on the command line with a
fully specified name;
▫ default value of location is [global].
--certificate-map=CERTIFICATE_MAP
ID of the certificate map or fully qualified identifier for the
2023-05-04 10:43:54 +00:00
certificate map.
To set the map attribute:
2023-04-26 10:24:37 +00:00
◇ provide the argument --certificate-map on the command line.
--clear-certificate-map
Removes any attached certificate map from the HTTPS proxy.
2023-07-20 11:47:25 +00:00
At most one of these can be specified:
--clear-http-keep-alive-timeout-sec
Clears the previously configured HTTP keepalive timeout.
--http-keep-alive-timeout-sec=HTTP_KEEP_ALIVE_TIMEOUT_SEC
Represents the maximum amount of time that a TCP connection can be
idle between the (downstream) client and the target HTTP proxy. If an
HTTP keepalive timeout is not specified, the default value is 610
2023-08-16 10:49:45 +00:00
seconds. For global external Application Load Balancers, the minimum
2023-07-20 11:47:25 +00:00
allowed value is 5 seconds and the maximum allowed value is 1200
seconds.
2024-07-31 09:35:16 +00:00
At most one of these can be specified:
--clear-server-tls-policy
Removes any attached Server TLS policy.
Server tls policy resource - The server TLS policy to attach. This
represents a Cloud resource. (NOTE) Some attributes are not given
arguments in this group but can be set in other ways.
To set the project attribute:
▸ provide the argument --server-tls-policy on the command line with a
fully specified name;
▸ provide the argument --project on the command line;
▸ set the property core/project.
To set the location attribute:
▸ provide the argument --server-tls-policy on the command line with a
fully specified name;
▸ provide the argument --region on the command line;
▸ default value of location is [global].
--server-tls-policy=SERVER_TLS_POLICY
ID of the server_tls_policy or fully qualified identifier for the
server_tls_policy.
To set the server_tls_policy attribute:
▫ provide the argument --server-tls-policy on the command line.
2022-03-01 04:29:52 +00:00
At most one of these can be specified:
--clear-ssl-policy
Removes any attached SSL policy from the HTTPS proxy.
--ssl-policy=SSL_POLICY
A reference to an SSL policy resource that defines the server-side
support for SSL features and affects the connections between clients
2023-08-16 10:49:45 +00:00
and load balancers that are using the HTTPS proxy. The SSL policy
must exist and cannot be deleted while referenced by a target HTTPS
proxy.
2022-03-01 04:29:52 +00:00
2022-09-28 10:27:48 +00:00
At most one of these can be specified:
--global-ssl-policy
If set, the SSL policy is global.
--ssl-policy-region=SSL_POLICY_REGION
Region of the SSL policy to operate on. Overrides the default
compute/region property value for this command invocation.
2022-03-01 04:29:52 +00:00
At most one of these can be specified:
--global
If set, the target HTTPS proxy is global.
--region=REGION
Region of the target HTTPS proxy to update. If not specified, you
might be prompted to select a region (interactive mode only).
To avoid prompting when this flag is omitted, you can set the
compute/region property:
$ gcloud config set compute/region REGION
A list of regions can be fetched by running:
$ gcloud compute regions list
To unset the property, run:
$ gcloud config unset compute/region
Alternatively, the region can be stored in the environment variable
CLOUDSDK_COMPUTE_REGION.
At most one of these can be specified:
--global-url-map
If set, the URL map is global.
--url-map-region=URL_MAP_REGION
Region of the URL map to operate on. Overrides the default
compute/region property value for this command invocation.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
NOTES
These variants are also available:
$ gcloud alpha compute target-https-proxies update
$ gcloud beta compute target-https-proxies update