mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-08 18:45:13 +00:00
301 lines
12 KiB
Text
301 lines
12 KiB
Text
NAME
|
|
gcloud beta compute target-https-proxies update - update a target HTTPS
|
|
proxy
|
|
|
|
SYNOPSIS
|
|
gcloud beta compute target-https-proxies update NAME
|
|
[--quic-override=QUIC_OVERRIDE] [--tls-early-data=TLS_EARLY_DATA]
|
|
[--url-map=URL_MAP]
|
|
[--certificate-manager-certificates=[CERTIFICATE_MANAGER_CERTIFICATES,
|
|
...] | --clear-ssl-certificates
|
|
| --ssl-certificates=SSL_CERTIFICATE,[...] --global-ssl-certificates
|
|
| --ssl-certificates-region=SSL_CERTIFICATES_REGION
|
|
| --certificate-map=CERTIFICATE_MAP | --clear-certificate-map]
|
|
[--clear-http-keep-alive-timeout-sec
|
|
| --http-keep-alive-timeout-sec=HTTP_KEEP_ALIVE_TIMEOUT_SEC]
|
|
[--clear-server-tls-policy | --server-tls-policy=SERVER_TLS_POLICY]
|
|
[--clear-ssl-policy | --ssl-policy=SSL_POLICY --global-ssl-policy
|
|
| --ssl-policy-region=SSL_POLICY_REGION] [--global | --region=REGION]
|
|
[--global-url-map | --url-map-region=URL_MAP_REGION]
|
|
[GCLOUD_WIDE_FLAG ...]
|
|
|
|
DESCRIPTION
|
|
(BETA) gcloud beta compute target-https-proxies update is used to change
|
|
the SSL certificate and/or URL map of existing target HTTPS proxies. A
|
|
target HTTPS proxy is referenced by one or more forwarding rules which
|
|
specify the network traffic that the proxy is responsible for routing. The
|
|
target HTTPS proxy in turn points to a URL map that defines the rules for
|
|
routing the requests. The URL map's job is to map URLs to backend services
|
|
which handle the actual requests. The target HTTPS proxy also points to at
|
|
most 15 SSL certificates used for server-side authentication. The target
|
|
HTTPS proxy can be associated with at most one SSL policy.
|
|
|
|
EXAMPLES
|
|
Update the URL map of a global target HTTPS proxy by running:
|
|
|
|
$ gcloud beta compute target-https-proxies update PROXY_NAME \
|
|
--url-map=URL_MAP
|
|
|
|
Update the SSL certificate of a global target HTTPS proxy by running:
|
|
|
|
$ gcloud beta compute target-https-proxies update PROXY_NAME \
|
|
--ssl-certificates=SSL_CERTIFIFCATE
|
|
|
|
Update the URL map of a global target HTTPS proxy by running:
|
|
|
|
$ gcloud beta compute target-https-proxies update PROXY_NAME \
|
|
--url-map=URL_MAP --region=REGION_NAME
|
|
|
|
Update the SSL certificate of a global target HTTPS proxy by running:
|
|
|
|
$ gcloud beta compute target-https-proxies update PROXY_NAME \
|
|
--ssl-certificates=SSL_CERTIFIFCATE --region=REGION_NAME
|
|
|
|
POSITIONAL ARGUMENTS
|
|
NAME
|
|
Name of the target HTTPS proxy to update.
|
|
|
|
FLAGS
|
|
--quic-override=QUIC_OVERRIDE
|
|
Controls whether load balancer may negotiate QUIC with clients. QUIC is
|
|
a new transport which reduces latency compared to that of TCP. See
|
|
https://www.chromium.org/quic for more details. QUIC_OVERRIDE must be
|
|
one of:
|
|
|
|
DISABLE
|
|
Disallows load balancer to negotiate QUIC with clients.
|
|
ENABLE
|
|
Allows load balancer to negotiate QUIC with clients.
|
|
NONE
|
|
Allows Google to control when QUIC is rolled out.
|
|
|
|
--tls-early-data=TLS_EARLY_DATA
|
|
TLS 1.3 Early Data ("0-RTT" or "zero round trip") allows clients to
|
|
include HTTP request data alongside a TLS handshake. This can improve
|
|
application performance, especially on networks where connection
|
|
interruptions may be common, such as on mobile. This applies to both
|
|
HTTP over TCP (ie: HTTP/1.1 and HTTP/2) and HTTP/3 over QUIC.
|
|
TLS_EARLY_DATA must be one of:
|
|
|
|
DISABLED
|
|
TLS 1.3 Early Data is not advertised, and any (invalid) attempts to
|
|
send Early Data will be rejected.
|
|
PERMISSIVE
|
|
Enables TLS 1.3 Early Data for requests with safe HTTP methods
|
|
(GET, HEAD, OPTIONS, TRACE). This mode does not enforce any other
|
|
limitations for requests with Early Data. The application owner
|
|
should validate that Early Data is acceptable for a given request
|
|
path.
|
|
STRICT
|
|
Enables TLS 1.3 Early Data for requests with safe HTTP methods, and
|
|
HTTP requests that do not have query parameters. Requests that send
|
|
Early Data containing non-idempotent HTTP methods or with query
|
|
parameters will be rejected with a HTTP 425.
|
|
|
|
--url-map=URL_MAP
|
|
A reference to a URL map resource. A URL map defines the mapping of
|
|
URLs to backend services. Before you can refer to a URL map, you must
|
|
create the URL map. To delete a URL map that a target proxy is
|
|
referring to, you must first delete the target HTTPS proxy.
|
|
|
|
At most one of these can be specified:
|
|
|
|
At most one of these can be specified:
|
|
|
|
Certificate resource - certificate-manager-certificates to attach.
|
|
This represents a Cloud resource. (NOTE) Some attributes are not given
|
|
arguments in this group but can be set in other ways.
|
|
|
|
To set the project attribute:
|
|
▫ provide the argument --certificate-manager-certificates on the
|
|
command line with a fully specified name;
|
|
▫ provide the argument --project on the command line;
|
|
▫ set the property core/project.
|
|
|
|
To set the location attribute:
|
|
▫ provide the argument --certificate-manager-certificates on the
|
|
command line with a fully specified name;
|
|
▫ default value of location is [global].
|
|
|
|
--certificate-manager-certificates=[CERTIFICATE_MANAGER_CERTIFICATES,...]
|
|
IDs of the certificates or fully qualified identifiers for the
|
|
certificates.
|
|
|
|
To set the certificate attribute:
|
|
◇ provide the argument --certificate-manager-certificates on
|
|
the command line.
|
|
|
|
--clear-ssl-certificates
|
|
Remove any attached SSL certificates from the HTTPS proxy.
|
|
|
|
--ssl-certificates=SSL_CERTIFICATE,[...]
|
|
References to at most 15 SSL certificate resources that are used
|
|
for server-side authentication. The first SSL certificate in this
|
|
list is considered the primary SSL certificate associated with the
|
|
load balancer. The SSL certificates must exist and cannot be
|
|
deleted while referenced by a target HTTPS proxy.
|
|
|
|
At most one of these can be specified:
|
|
|
|
--global-ssl-certificates
|
|
If set, the ssl certificates are global.
|
|
|
|
--ssl-certificates-region=SSL_CERTIFICATES_REGION
|
|
Region of the ssl certificates to operate on. If not specified, you
|
|
might be prompted to select a region (interactive mode only).
|
|
|
|
To avoid prompting when this flag is omitted, you can set the
|
|
compute/region property:
|
|
|
|
$ gcloud config set compute/region REGION
|
|
|
|
A list of regions can be fetched by running:
|
|
|
|
$ gcloud compute regions list
|
|
|
|
To unset the property, run:
|
|
|
|
$ gcloud config unset compute/region
|
|
|
|
Alternatively, the region can be stored in the environment variable
|
|
CLOUDSDK_COMPUTE_REGION.
|
|
|
|
At most one of these can be specified:
|
|
|
|
Certificate map resource - The certificate map to attach. This
|
|
represents a Cloud resource. (NOTE) Some attributes are not given
|
|
arguments in this group but can be set in other ways.
|
|
|
|
To set the project attribute:
|
|
▫ provide the argument --certificate-map on the command line with a
|
|
fully specified name;
|
|
▫ provide the argument --project on the command line;
|
|
▫ set the property core/project.
|
|
|
|
To set the location attribute:
|
|
▫ provide the argument --certificate-map on the command line with a
|
|
fully specified name;
|
|
▫ default value of location is [global].
|
|
|
|
--certificate-map=CERTIFICATE_MAP
|
|
ID of the certificate map or fully qualified identifier for the
|
|
certificate map.
|
|
|
|
To set the map attribute:
|
|
◇ provide the argument --certificate-map on the command line.
|
|
|
|
--clear-certificate-map
|
|
Removes any attached certificate map from the HTTPS proxy.
|
|
|
|
At most one of these can be specified:
|
|
|
|
--clear-http-keep-alive-timeout-sec
|
|
Clears the previously configured HTTP keepalive timeout.
|
|
|
|
--http-keep-alive-timeout-sec=HTTP_KEEP_ALIVE_TIMEOUT_SEC
|
|
Represents the maximum amount of time that a TCP connection can be
|
|
idle between the (downstream) client and the target HTTP proxy. If an
|
|
HTTP keepalive timeout is not specified, the default value is 610
|
|
seconds. For global external Application Load Balancers, the minimum
|
|
allowed value is 5 seconds and the maximum allowed value is 1200
|
|
seconds.
|
|
|
|
At most one of these can be specified:
|
|
|
|
--clear-server-tls-policy
|
|
Removes any attached Server TLS policy.
|
|
|
|
Server tls policy resource - The server TLS policy to attach. This
|
|
represents a Cloud resource. (NOTE) Some attributes are not given
|
|
arguments in this group but can be set in other ways.
|
|
|
|
To set the project attribute:
|
|
▸ provide the argument --server-tls-policy on the command line with a
|
|
fully specified name;
|
|
▸ provide the argument --project on the command line;
|
|
▸ set the property core/project.
|
|
|
|
To set the location attribute:
|
|
▸ provide the argument --server-tls-policy on the command line with a
|
|
fully specified name;
|
|
▸ provide the argument --region on the command line;
|
|
▸ default value of location is [global].
|
|
|
|
--server-tls-policy=SERVER_TLS_POLICY
|
|
ID of the server_tls_policy or fully qualified identifier for the
|
|
server_tls_policy.
|
|
|
|
To set the server_tls_policy attribute:
|
|
▫ provide the argument --server-tls-policy on the command line.
|
|
|
|
At most one of these can be specified:
|
|
|
|
--clear-ssl-policy
|
|
Removes any attached SSL policy from the HTTPS proxy.
|
|
|
|
--ssl-policy=SSL_POLICY
|
|
A reference to an SSL policy resource that defines the server-side
|
|
support for SSL features and affects the connections between clients
|
|
and load balancers that are using the HTTPS proxy. The SSL policy
|
|
must exist and cannot be deleted while referenced by a target HTTPS
|
|
proxy.
|
|
|
|
At most one of these can be specified:
|
|
|
|
--global-ssl-policy
|
|
If set, the SSL policy is global.
|
|
|
|
--ssl-policy-region=SSL_POLICY_REGION
|
|
Region of the SSL policy to operate on. Overrides the default
|
|
compute/region property value for this command invocation.
|
|
|
|
At most one of these can be specified:
|
|
|
|
--global
|
|
If set, the target HTTPS proxy is global.
|
|
|
|
--region=REGION
|
|
Region of the target HTTPS proxy to update. If not specified, you
|
|
might be prompted to select a region (interactive mode only).
|
|
|
|
To avoid prompting when this flag is omitted, you can set the
|
|
compute/region property:
|
|
|
|
$ gcloud config set compute/region REGION
|
|
|
|
A list of regions can be fetched by running:
|
|
|
|
$ gcloud compute regions list
|
|
|
|
To unset the property, run:
|
|
|
|
$ gcloud config unset compute/region
|
|
|
|
Alternatively, the region can be stored in the environment variable
|
|
CLOUDSDK_COMPUTE_REGION.
|
|
|
|
At most one of these can be specified:
|
|
|
|
--global-url-map
|
|
If set, the URL map is global.
|
|
|
|
--url-map-region=URL_MAP_REGION
|
|
Region of the URL map to operate on. Overrides the default
|
|
compute/region property value for this command invocation.
|
|
|
|
GCLOUD WIDE FLAGS
|
|
These flags are available to all commands: --access-token-file, --account,
|
|
--billing-project, --configuration, --flags-file, --flatten, --format,
|
|
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
|
--trace-token, --user-output-enabled, --verbosity.
|
|
|
|
Run $ gcloud help for details.
|
|
|
|
NOTES
|
|
This command is currently in beta and might change without notice. These
|
|
variants are also available:
|
|
|
|
$ gcloud compute target-https-proxies update
|
|
|
|
$ gcloud alpha compute target-https-proxies update
|
|
|