我通过禁用Cloudflare安全,HTTPS重写和ACME挑战as described in their community forum的浏览器完整性检查来使其工作。后者是因为否则Google会被Cloudflare阻止(这可以在您的安全事件中验证)。 如果有帮助,这是我使用的Terraform设置:
## Variables
variable "domain_suffix" {
type = string
description = "The domain suffix used by all subdomains."
default = "example.com"
}
variable "domain_prefix" {
type = string
description = "The subdomain prefix."
default = "sub"
}
variable "cloud_run_location" {
type = string
description = "The location of the Cloud Run services."
default = "us-central1"
}
locals {
full_domain = "${domain_prefix}.${domain_suffix}"
}
## Cloudflare resources
resource "cloudflare_record" "subdomain" {
zone_id = var.cloudflare_zone_id
name = var.domain_prefix
value = "ghs.googlehosted.com"
type = "CNAME"
proxied = true
}
# Disable security and browser integrity checks for the ACME challenge as GCP needs it for custom domain mapping
resource "cloudflare_page_rule" "acme_challenge_bypass" {
zone_id = var.cloudflare_zone_id
target = "${local.full_domain}/.well-known/acme-challenge/*"
actions {
automatic_https_rewrites = "off"
browser_check = "off"
cache_level = "bypass"
security_level = "essentially_off"
}
}
## Cloud Run resources
resource "google_cloud_run_v2_service" "default" {
name = "cloudrun-service"
location = var.cloud_run_location
template {
containers {
image = "us-docker.pkg.dev/cloudrun/container/hello"
}
}
}
resource "google_cloud_run_domain_mapping" "default" {
location = var.cloud_run_location
name = local.full_domain
metadata {
namespace = var.project
}
spec {
route_name = google_cloud_run_v2_service.default.name
}
}
2条答案
按热度按时间mwg9r5ms1#
在这里找到了我的答案,现在我们的Cloudflare目前不受CloudRun支持:https://github.com/ahmetb/cloud-run-faq#how-can-i-configure-cdn-for-cloud-run-services
dced5bon2#
我通过禁用Cloudflare安全,HTTPS重写和ACME挑战as described in their community forum的浏览器完整性检查来使其工作。后者是因为否则Google会被Cloudflare阻止(这可以在您的安全事件中验证)。
如果有帮助,这是我使用的Terraform设置:
字符串
有了这个设置,我所有的域得到验证,并在20分钟内工作.