- NAME
-
- gcloud alpha compute target-https-proxies update - update a target HTTPS proxy
- SYNOPSIS
-
-
gcloud alpha compute target-https-proxies update
NAME
[--quic-override
=QUIC_OVERRIDE
] [--tls-early-data
=TLS_EARLY_DATA
] [--url-map
=URL_MAP
] [--certificate-manager-certificates
=[CERTIFICATE_MANAGER_CERTIFICATES
,…] |--clear-ssl-certificates
|--ssl-certificates
=SSL_CERTIFICATE
,[…]--global-ssl-certificates
|--ssl-certificates-region
=SSL_CERTIFICATES_REGION
|--certificate-map
=CERTIFICATE_MAP
|--clear-certificate-map
] [--clear-http-keep-alive-timeout-sec
|--http-keep-alive-timeout-sec
=HTTP_KEEP_ALIVE_TIMEOUT_SEC
] [--clear-server-tls-policy
|--server-tls-policy
=SERVER_TLS_POLICY
] [--clear-ssl-policy
|--ssl-policy
=SSL_POLICY
--global-ssl-policy
|--ssl-policy-region
=SSL_POLICY_REGION
] [--global
|--region
=REGION
] [--global-url-map
|--url-map-region
=URL_MAP_REGION
] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
-
(ALPHA)
gcloud alpha compute target-https-proxies update
is used to change the SSL certificate and/or URL map of existing target HTTPS proxies. A target HTTPS proxy is referenced by one or more forwarding rules which specify the network traffic that the proxy is responsible for routing. The target HTTPS proxy in turn points to a URL map that defines the rules for routing the requests. The URL map's job is to map URLs to backend services which handle the actual requests. The target HTTPS proxy also points to at most 15 SSL certificates used for server-side authentication. The target HTTPS proxy can be associated with at most one SSL policy. - EXAMPLES
-
Update the URL map of a global target HTTPS proxy by running:
gcloud alpha compute target-https-proxies update PROXY_NAME --url-map=URL_MAP
Update the SSL certificate of a global target HTTPS proxy by running:
gcloud alpha compute target-https-proxies update PROXY_NAME --ssl-certificates=SSL_CERTIFIFCATE
Update the URL map of a global target HTTPS proxy by running:
gcloud alpha compute target-https-proxies update PROXY_NAME --url-map=URL_MAP --region=REGION_NAME
Update the SSL certificate of a global target HTTPS proxy by running:
gcloud alpha compute target-https-proxies update PROXY_NAME --ssl-certificates=SSL_CERTIFIFCATE --region=REGION_NAME
- POSITIONAL ARGUMENTS
-
NAME
- Name of the target HTTPS proxy to update.
- FLAGS
-
--quic-override
=QUIC_OVERRIDE
-
Controls whether load balancer may negotiate QUIC with clients. QUIC is a new
transport which reduces latency compared to that of TCP. See https://www.chromium.org/quic for more
details.
QUIC_OVERRIDE
must be one of:DISABLE
- Disallows load balancer to negotiate QUIC with clients.
ENABLE
- Allows load balancer to negotiate QUIC with clients.
NONE
- Allows Google to control when QUIC is rolled out.
--tls-early-data
=TLS_EARLY_DATA
-
TLS 1.3 Early Data ("0-RTT" or "zero round trip") allows clients to include HTTP
request data alongside a TLS handshake. This can improve application
performance, especially on networks where connection interruptions may be
common, such as on mobile. This applies to both HTTP over TCP (ie: HTTP/1.1 and
HTTP/2) and HTTP/3 over QUIC.
TLS_EARLY_DATA
must be one of:DISABLED
- TLS 1.3 Early Data is not advertised, and any (invalid) attempts to send Early Data will be rejected.
PERMISSIVE
- Enables TLS 1.3 Early Data for requests with safe HTTP methods (GET, HEAD, OPTIONS, TRACE). This mode does not enforce any other limitations for requests with Early Data. The application owner should validate that Early Data is acceptable for a given request path.
STRICT
- Enables TLS 1.3 Early Data for requests with safe HTTP methods, and HTTP requests that do not have query parameters. Requests that send Early Data containing non-idempotent HTTP methods or with query parameters will be rejected with a HTTP 425.
--url-map
=URL_MAP
- A reference to a URL map resource. A URL map defines the mapping of URLs to backend services. Before you can refer to a URL map, you must create the URL map. To delete a URL map that a target proxy is referring to, you must first delete the target HTTPS proxy.
-
At most one of these can be specified:
-
At most one of these can be specified:
-
Certificate resource - certificate-manager-certificates to attach. This
represents a Cloud resource. (NOTE) Some attributes are not given arguments in
this group but can be set in other ways.
To set the
project
attribute:-
provide the argument
--certificate-manager-certificates
on the command line with a fully specified name; -
provide the argument
--project
on the command line; -
set the property
core/project
.
To set the
location
attribute:-
provide the argument
--certificate-manager-certificates
on the command line with a fully specified name; - default value of location is [global].
--certificate-manager-certificates
=[CERTIFICATE_MANAGER_CERTIFICATES
,…]-
IDs of the certificates or fully qualified identifiers for the certificates.
To set the
certificate
attribute:-
provide the argument
--certificate-manager-certificates
on the command line.
-
provide the argument
-
provide the argument
--clear-ssl-certificates
- Remove any attached SSL certificates from the HTTPS proxy.
--ssl-certificates
=SSL_CERTIFICATE
,[…]- References to at most 15 SSL certificate resources that are used for server-side authentication. The first SSL certificate in this list is considered the primary SSL certificate associated with the load balancer. The SSL certificates must exist and cannot be deleted while referenced by a target HTTPS proxy.
-
Certificate resource - certificate-manager-certificates to attach. This
represents a Cloud resource. (NOTE) Some attributes are not given arguments in
this group but can be set in other ways.
-
At most one of these can be specified:
--global-ssl-certificates
- If set, the ssl certificates are global.
--ssl-certificates-region
=SSL_CERTIFICATES_REGION
-
Region of the ssl certificates to operate on. If not specified, you might be
prompted to select a region (interactive mode only).
To avoid prompting when this flag is omitted, you can set the
property:compute/region
gcloud config set compute/region REGION
A list of regions can be fetched by running:
gcloud compute regions list
To unset the property, run:
gcloud config unset compute/region
Alternatively, the region can be stored in the environment variable
.CLOUDSDK_COMPUTE_REGION
-
At most one of these can be specified:
-
Certificate map resource - The certificate map to attach. This represents a
Cloud resource. (NOTE) Some attributes are not given arguments in this group but
can be set in other ways.
To set the
project
attribute:-
provide the argument
--certificate-map
on the command line with a fully specified name; -
provide the argument
--project
on the command line; -
set the property
core/project
.
To set the
location
attribute:-
provide the argument
--certificate-map
on the command line with a fully specified name; - default value of location is [global].
--certificate-map
=CERTIFICATE_MAP
-
ID of the certificate map or fully qualified identifier for the certificate map.
To set the
map
attribute:-
provide the argument
--certificate-map
on the command line.
-
provide the argument
-
provide the argument
--clear-certificate-map
- Removes any attached certificate map from the HTTPS proxy.
-
Certificate map resource - The certificate map to attach. This represents a
Cloud resource. (NOTE) Some attributes are not given arguments in this group but
can be set in other ways.
-
At most one of these can be specified:
-
At most one of these can be specified:
--clear-http-keep-alive-timeout-sec
- Clears the previously configured HTTP keepalive timeout.
--http-keep-alive-timeout-sec
=HTTP_KEEP_ALIVE_TIMEOUT_SEC
- Represents the maximum amount of time that a TCP connection can be idle between the (downstream) client and the target HTTP proxy. If an HTTP keepalive timeout is not specified, the default value is 610 seconds. For global external Application Load Balancers, the minimum allowed value is 5 seconds and the maximum allowed value is 1200 seconds.
-
At most one of these can be specified:
--clear-server-tls-policy
- Removes any attached Server TLS policy.
-
Server tls policy resource - The server TLS policy to attach. This represents a
Cloud resource. (NOTE) Some attributes are not given arguments in this group but
can be set in other ways.
To set the
project
attribute:-
provide the argument
--server-tls-policy
on the command line with a fully specified name; -
provide the argument
--project
on the command line; -
set the property
core/project
.
To set the
location
attribute:-
provide the argument
--server-tls-policy
on the command line with a fully specified name; -
provide the argument
--region
on the command line; - default value of location is [global].
--server-tls-policy
=SERVER_TLS_POLICY
-
ID of the server_tls_policy or fully qualified identifier for the
server_tls_policy.
To set the
server_tls_policy
attribute:-
provide the argument
--server-tls-policy
on the command line.
-
provide the argument
-
provide the argument
-
At most one of these can be specified:
--clear-ssl-policy
- Removes any attached SSL policy from the HTTPS proxy.
--ssl-policy
=SSL_POLICY
- A reference to an SSL policy resource that defines the server-side support for SSL features and affects the connections between clients and load balancers that are using the HTTPS proxy. The SSL policy must exist and cannot be deleted while referenced by a target HTTPS proxy.
-
At most one of these can be specified:
--global-ssl-policy
- If set, the SSL policy is global.
--ssl-policy-region
=SSL_POLICY_REGION
-
Region of the SSL policy to operate on. Overrides the default
compute/region
property value for this command invocation.
-
At most one of these can be specified:
--global
- If set, the target HTTPS proxy is global.
--region
=REGION
-
Region of the target HTTPS proxy to update. If not specified, you might be
prompted to select a region (interactive mode only).
To avoid prompting when this flag is omitted, you can set the
property:compute/region
gcloud config set compute/region REGION
A list of regions can be fetched by running:
gcloud compute regions list
To unset the property, run:
gcloud config unset compute/region
Alternatively, the region can be stored in the environment variable
.CLOUDSDK_COMPUTE_REGION
-
At most one of these can be specified:
--global-url-map
- If set, the URL map is global.
--url-map-region
=URL_MAP_REGION
-
Region of the URL map to operate on. Overrides the default
compute/region
property value for this command invocation.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - NOTES
-
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation-only early access
allowlist. These variants are also available:
gcloud compute target-https-proxies update
gcloud beta compute target-https-proxies update
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-05-21 UTC.