handle additional hosts (#8)

loadbalancer_private.tf

@@ -92,6 +92,17 @@ resource "azurerm_application_gateway" "private" {
  protocol = "Http"
  }
  }
+ dynamic "http_listener" {
+ for_each = var.additional_dns_records_private
+
+ content {
+ name = "${var.private_app_gateway_http_listener_name_prefix}-add${http_listener.key}"
+ host_name = http_listener.value
+ frontend_ip_configuration_name = var.private_app_gateway_frontend_ip_config_name
+ frontend_port_name = var.private_app_gateway_frontend_port_name_http
+ protocol = "Http"
+ }
+ }
 
  # HTTPS listeners
  dynamic "http_listener" {
@@ -106,6 +117,18 @@ resource "azurerm_application_gateway" "private" {
  ssl_certificate_name = var.private_app_gateway_ssl_certificate_name
  }
  }
+ dynamic "http_listener" {
+ for_each = var.ssl_enabled ? var.additional_dns_records_private : []
+
+ content {
+ name = "${var.private_app_gateway_https_listener_name_prefix}-add${http_listener.key}"
+ host_name = http_listener.value
+ frontend_ip_configuration_name = var.private_app_gateway_frontend_ip_config_name
+ frontend_port_name = var.private_app_gateway_frontend_port_name_https
+ protocol = "Https"
+ ssl_certificate_name = var.private_app_gateway_ssl_certificate_name
+ }
+ }
 
  # Routing rules for HTTP listeners.
  dynamic "request_routing_rule" {
@@ -119,6 +142,17 @@ resource "azurerm_application_gateway" "private" {
  backend_http_settings_name = var.private_app_gateway_http_setting_name
  }
  }
+ dynamic "request_routing_rule" {
+ for_each = var.additional_dns_records_private
+
+ content {
+ name = "${var.private_app_gateway_request_routing_rule_http_name_prefix}-add${request_routing_rule.key}"
+ rule_type = "Basic"
+ http_listener_name = "${var.private_app_gateway_http_listener_name_prefix}-add${request_routing_rule.key}"
+ backend_address_pool_name = var.private_app_gateway_backend_address_pool_name
+ backend_http_settings_name = var.private_app_gateway_http_setting_name
+ }
+ }
 
  # Routing rules for HTTPS listeners.
  dynamic "request_routing_rule" {
@@ -132,6 +166,17 @@ resource "azurerm_application_gateway" "private" {
  backend_http_settings_name = var.private_app_gateway_http_setting_name
  }
  }
+ dynamic "request_routing_rule" {
+ for_each = var.ssl_enabled ? var.additional_dns_records_private : []
+
+ content {
+ name = "${var.private_app_gateway_request_routing_rule_https_name_prefix}-add${request_routing_rule.key}"
+ rule_type = "Basic"
+ http_listener_name = "${var.private_app_gateway_https_listener_name_prefix}-add${request_routing_rule.key}"
+ backend_address_pool_name = var.private_app_gateway_backend_address_pool_name
+ backend_http_settings_name = var.private_app_gateway_http_setting_name
+ }
+ }
 
  # Private App Gateway SSL certificate management.
  dynamic "ssl_certificate" {
@@ -154,6 +199,7 @@ resource "azurerm_application_gateway" "private" {
  # SSL termination is done at app gateway level.
  backend_http_settings {
  name = var.private_app_gateway_http_setting_name
+ host_name = var.private_app_gateway_backend_host_name
  cookie_based_affinity = "Disabled"
  port = 80
  protocol = "Http"

loadbalancer_public.tf

@@ -92,6 +92,17 @@ resource "azurerm_application_gateway" "public" {
  protocol = "Http"
  }
  }
+ dynamic "http_listener" {
+ for_each = var.additional_dns_records_public
+
+ content {
+ name = "${var.public_app_gateway_http_listener_name_prefix}-add${http_listener.key}"
+ host_name = http_listener.value
+ frontend_ip_configuration_name = var.public_app_gateway_frontend_ip_config_name
+ frontend_port_name = var.public_app_gateway_frontend_port_name_http
+ protocol = "Http"
+ }
+ }
 
  # HTTPS listeners
  dynamic "http_listener" {
@@ -106,6 +117,18 @@ resource "azurerm_application_gateway" "public" {
  ssl_certificate_name = var.public_app_gateway_ssl_certificate_name
  }
  }
+ dynamic "http_listener" {
+ for_each = var.ssl_enabled ? var.additional_dns_records_public : []
+
+ content {
+ name = "${var.public_app_gateway_https_listener_name_prefix}-add${http_listener.key}"
+ host_name = http_listener.value
+ frontend_ip_configuration_name = var.public_app_gateway_frontend_ip_config_name
+ frontend_port_name = var.public_app_gateway_frontend_port_name_https
+ protocol = "Https"
+ ssl_certificate_name = var.public_app_gateway_ssl_certificate_name
+ }
+ }
 
  # Routing rules for HTTP listeners.
  dynamic "request_routing_rule" {
@@ -119,6 +142,17 @@ resource "azurerm_application_gateway" "public" {
  backend_http_settings_name = var.public_app_gateway_http_setting_name
  }
  }
+ dynamic "request_routing_rule" {
+ for_each = var.additional_dns_records_public
+
+ content {
+ name = "${var.public_app_gateway_request_routing_rule_http_name_prefix}-add${request_routing_rule.key}"
+ rule_type = "Basic"
+ http_listener_name = "${var.public_app_gateway_http_listener_name_prefix}-add${request_routing_rule.key}"
+ backend_address_pool_name = var.public_app_gateway_backend_address_pool_name
+ backend_http_settings_name = var.public_app_gateway_http_setting_name
+ }
+ }
 
  # Routing rules for HTTPS listeners.
  dynamic "request_routing_rule" {
@@ -132,6 +166,17 @@ resource "azurerm_application_gateway" "public" {
  backend_http_settings_name = var.public_app_gateway_http_setting_name
  }
  }
+ dynamic "request_routing_rule" {
+ for_each = var.ssl_enabled ? var.additional_dns_records_public : []
+
+ content {
+ name = "${var.public_app_gateway_request_routing_rule_https_name_prefix}-add${request_routing_rule.key}"
+ rule_type = "Basic"
+ http_listener_name = "${var.public_app_gateway_https_listener_name_prefix}-add${request_routing_rule.key}"
+ backend_address_pool_name = var.public_app_gateway_backend_address_pool_name
+ backend_http_settings_name = var.public_app_gateway_http_setting_name
+ }
+ }
 
  # Public App Gateway SSL certificate management.
  dynamic "ssl_certificate" {
@@ -154,6 +199,7 @@ resource "azurerm_application_gateway" "public" {
  # SSL termination is done at app gateway level.
  backend_http_settings {
  name = var.public_app_gateway_http_setting_name
+ host_name = var.public_app_gateway_backend_host_name
  cookie_based_affinity = "Disabled"
  port = 80
  protocol = "Http"

variables.tf

@@ -145,6 +145,12 @@ variable "public_app_gateway_request_routing_rule_https_name_prefix" {
  default = "quortex-public-rqrt-https"
 }
 
+variable "public_app_gateway_backend_host_name" {
+ type = string
+ description = "Host header to be sent to the public application gateway backend servers."
+ default = null
+}
+
 variable "public_app_gateway_backend_address_pool_name" {
  type = string
  description = "The name of the public application gateway backend address pool."
@@ -259,6 +265,12 @@ variable "private_app_gateway_request_routing_rule_https_name_prefix" {
  default = "quortex-private-rqrt-https"
 }
 
+variable "private_app_gateway_backend_host_name" {
+ type = string
+ description = "Host header to be sent to the private application gateway backend servers."
+ default = null
+}
+
 variable "private_app_gateway_backend_address_pool_name" {
  type = string
  description = "The name of the private application gateway backend address pool."
@@ -312,12 +324,24 @@ variable "dns_records_private" {
  default = {}
 }
 
+variable "additional_dns_records_private" {
+ type = list(string)
+ description = "A list with additional dns records to add for private endpoints."
+ default = []
+}
+
 variable "dns_records_public" {
  type = map(string)
  description = "A map with dns records to add in dns_managed_zone for public endpoints set as value. Full domain names will be exported in a map for the given key."
  default = {}
 }
 
+variable "additional_dns_records_public" {
+ type = list(string)
+ description = "A list with additional dns records to add for public endpoints."
+ default = []
+}
+
 variable "ssl_enabled" {
  type = bool
  description = "Wether to request SSL certificates for application gateways configuration."