You've already forked terraform-fastly
65 lines
1.6 KiB
HCL
65 lines
1.6 KiB
HCL
resource "fastly_service_vcl" "service" {
|
|
name = "${var.domain}"
|
|
|
|
backend {
|
|
address = "${var.backend}"
|
|
name = "${var.backend}"
|
|
port = "${var.backend_port}"
|
|
use_ssl = "${var.backend_ssl}"
|
|
ssl_check_cert = "${var.backend_ssl_check}"
|
|
ssl_cert_hostname = "${var.backend_cert_hostname}"
|
|
ssl_sni_hostname = "${var.backend_cert_hostname}"
|
|
}
|
|
|
|
gzip {
|
|
name = "file extensions and content types"
|
|
extensions = "${var.gzip_extensions}"
|
|
content_types = "${var.gzip_content_types}"
|
|
}
|
|
|
|
http3 = "${var.http3}"
|
|
force_destroy = "${var.force_destroy}"
|
|
|
|
dynamic "acl" {
|
|
for_each = length(var.purge_allowed_ips) > 0 ? [1] : []
|
|
content {
|
|
name = "purge_ip_whitelist"
|
|
}
|
|
}
|
|
|
|
dynamic "snippet" {
|
|
for_each = length(var.purge_allowed_ips) > 0 ? [1] : []
|
|
content {
|
|
name = "purge_ip_whitelist"
|
|
type = "recv"
|
|
priority = 10
|
|
content = <<-EOT
|
|
if (req.request == "FASTLYPURGE") {
|
|
if (client.ip !~ purge_ip_whitelist) {
|
|
error 403 "Forbidden";
|
|
}
|
|
}
|
|
EOT
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "fastly_service_acl_entries" "purge_ip_whitelist" {
|
|
count = length(var.purge_allowed_ips) > 0 ? 1 : 0
|
|
service_id = fastly_service_vcl.service.id
|
|
acl_id = [for acl in fastly_service_vcl.service.acl : acl.acl_id if acl.name == "purge_ip_whitelist"][0]
|
|
|
|
dynamic "entry" {
|
|
for_each = var.purge_allowed_ips
|
|
content {
|
|
ip = entry.value
|
|
negated = false
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "fastly_domain_v1" "domain" {
|
|
fqdn = "${var.domain}"
|
|
service_id = fastly_service_vcl.service.id
|
|
}
|