HEX

File: //snap/google-cloud-cli/current/help/man/man1/gcloud_compute_target-https-proxies_create.1

.TH "GCLOUD_COMPUTE_TARGET\-HTTPS\-PROXIES_CREATE" 1

.SH "NAME"
.HP
gcloud compute target\-https\-proxies create \- create a target HTTPS proxy

.SH "SYNOPSIS"
.HP
\f5gcloud compute target\-https\-proxies create\fR \fINAME\fR \fB\-\-url\-map\fR=\fIURL_MAP\fR [\fB\-\-certificate\-map\fR=\fICERTIFICATE_MAP\fR] [\fB\-\-description\fR=\fIDESCRIPTION\fR] [\fB\-\-http\-keep\-alive\-timeout\-sec\fR=\fIHTTP_KEEP_ALIVE_TIMEOUT_SEC\fR] [\fB\-\-quic\-override\fR=\fIQUIC_OVERRIDE\fR;\ default="NONE"] [\fB\-\-server\-tls\-policy\fR=\fISERVER_TLS_POLICY\fR] [\fB\-\-ssl\-policy\fR=\fISSL_POLICY\fR] [\fB\-\-tls\-early\-data\fR=\fITLS_EARLY_DATA\fR] [\fB\-\-certificate\-manager\-certificates\fR=[\fICERTIFICATE_MANAGER_CERTIFICATES\fR,...]\ |\ \fB\-\-ssl\-certificates\fR=\fISSL_CERTIFICATE\fR,[...]] [\fB\-\-global\fR\ |\ \fB\-\-region\fR=\fIREGION\fR] [\fB\-\-global\-ssl\-certificates\fR\ |\ \fB\-\-ssl\-certificates\-region\fR=\fISSL_CERTIFICATES_REGION\fR] [\fB\-\-global\-ssl\-policy\fR\ |\ \fB\-\-ssl\-policy\-region\fR=\fISSL_POLICY_REGION\fR] [\fB\-\-global\-url\-map\fR\ |\ \fB\-\-url\-map\-region\fR=\fIURL_MAP_REGION\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]

.SH "DESCRIPTION"

\fBgcloud compute target\-https\-proxies create\fR is used to create target
HTTPS proxies. A target HTTPS proxy is referenced by one or more forwarding
rules which specify the network traffic that the proxy is responsible for
routing. The target HTTPS proxy points to a URL map that defines the rules for
routing the requests. The URL map's job is to map URLs to backend services which
handle the actual requests. The target HTTPS proxy also points to at most 15 SSL
certificates used for server\-side authentication. The target HTTPS proxy can be
associated with at most one SSL policy.

.SH "EXAMPLES"

If there is an already\-created URL map with the name URL_MAP and a SSL
certificate named SSL_CERTIFICATE, create a global target HTTPS proxy pointing
to this map by running:

.RS 2m
$ gcloud compute target\-https\-proxies create PROXY_NAME \e
\-\-url\-map=URL_MAP \-\-ssl\-certificates=SSL_CERTIFICATE
.RE

Create a regional target HTTPS proxy by running:

.RS 2m
$ gcloud compute target\-https\-proxies create PROXY_NAME \e
\-\-url\-map=URL_MAP \-\-ssl\-certificates=SSL_CERTIFICATE \e
\-\-region=REGION_NAME
.RE

.SH "POSITIONAL ARGUMENTS"

.RS 2m
.TP 2m
\fINAME\fR

Name of the target HTTPS proxy to create.

.RE
.sp

.SH "REQUIRED FLAGS"

.RS 2m
.TP 2m
\fB\-\-url\-map\fR=\fIURL_MAP\fR

A reference to a URL map resource. A URL map defines the mapping of URLs to
backend services. Before you can refer to a URL map, you must create the URL
map. To delete a URL map that a target proxy is referring to, you must first
delete the target HTTPS proxy.

.RE
.sp

.SH "OPTIONAL FLAGS"

.RS 2m
.TP 2m

Certificate map resource \- The certificate map to attach. This represents a
Cloud resource. (NOTE) Some attributes are not given arguments in this group but
can be set in other ways.

To set the \f5project\fR attribute:
.RS 2m
.IP "\(em" 2m
provide the argument \f5\-\-certificate\-map\fR on the command line with a fully
specified name;
.IP "\(em" 2m
provide the argument \f5\-\-project\fR on the command line;
.IP "\(em" 2m
set the property \f5core/project\fR.
.RE
.sp

To set the \f5location\fR attribute:
.RS 2m
.IP "\(em" 2m
provide the argument \f5\-\-certificate\-map\fR on the command line with a fully
specified name;
.IP "\(em" 2m
default value of location is [global].
.RE
.sp

.RS 2m
.TP 2m
\fB\-\-certificate\-map\fR=\fICERTIFICATE_MAP\fR

ID of the certificate map or fully qualified identifier for the certificate map.

To set the \f5map\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5\-\-certificate\-map\fR on the command line.
.RE
.sp

.RE
.sp
.TP 2m
\fB\-\-description\fR=\fIDESCRIPTION\fR

An optional, textual description for the target HTTPS proxy.

.TP 2m
\fB\-\-http\-keep\-alive\-timeout\-sec\fR=\fIHTTP_KEEP_ALIVE_TIMEOUT_SEC\fR

Represents the maximum amount of time that a TCP connection can be idle between
the (downstream) client and the target HTTP proxy. If an HTTP keepalive timeout
is not specified, the default value is 610 seconds. For global external
Application Load Balancers, the minimum allowed value is 5 seconds and the
maximum allowed value is 1200 seconds.

.TP 2m
\fB\-\-quic\-override\fR=\fIQUIC_OVERRIDE\fR; default="NONE"

Controls whether load balancer may negotiate QUIC with clients. QUIC is a new
transport which reduces latency compared to that of TCP. See
https://www.chromium.org/quic for more details. \fIQUIC_OVERRIDE\fR must be one
of:

.RS 2m
.TP 2m
\fBDISABLE\fR
Disallows load balancer to negotiate QUIC with clients.
.TP 2m
\fBENABLE\fR
Allows load balancer to negotiate QUIC with clients.
.TP 2m
\fBNONE\fR
Allows Google to control when QUIC is rolled out.
.RE
.sp

.TP 2m

Server tls policy resource \- The server TLS policy to attach. This represents a
Cloud resource. (NOTE) Some attributes are not given arguments in this group but
can be set in other ways.

To set the \f5project\fR attribute:
.RS 2m
.IP "\(em" 2m
provide the argument \f5\-\-server\-tls\-policy\fR on the command line with a
fully specified name;
.IP "\(em" 2m
provide the argument \f5\-\-project\fR on the command line;
.IP "\(em" 2m
set the property \f5core/project\fR.
.RE
.sp

To set the \f5location\fR attribute:
.RS 2m
.IP "\(em" 2m
provide the argument \f5\-\-server\-tls\-policy\fR on the command line with a
fully specified name;
.IP "\(em" 2m
provide the argument \f5\-\-region\fR on the command line;
.IP "\(em" 2m
default value of location is [global].
.RE
.sp

.RS 2m
.TP 2m
\fB\-\-server\-tls\-policy\fR=\fISERVER_TLS_POLICY\fR

ID of the server_tls_policy or fully qualified identifier for the
server_tls_policy.

To set the \f5server_tls_policy\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5\-\-server\-tls\-policy\fR on the command line.
.RE
.sp

.RE
.sp
.TP 2m
\fB\-\-ssl\-policy\fR=\fISSL_POLICY\fR

A reference to an SSL policy resource that defines the server\-side support for
SSL features and affects the connections between clients and load balancers that
are using the HTTPS proxy. The SSL policy must exist and cannot be deleted while
referenced by a target HTTPS proxy.

.TP 2m
\fB\-\-tls\-early\-data\fR=\fITLS_EARLY_DATA\fR

TLS 1.3 Early Data ("0\-RTT" or "zero round trip") allows clients to include
HTTP request data alongside a TLS handshake. This can improve application
performance, especially on networks where connection interruptions may be
common, such as on mobile. This applies to both HTTP over TCP (ie: HTTP/1.1 and
HTTP/2) and HTTP/3 over QUIC. \fITLS_EARLY_DATA\fR must be one of:

.RS 2m
.TP 2m
\fBDISABLED\fR
TLS 1.3 Early Data is not advertised, and any (invalid) attempts to send Early
Data will be rejected.
.TP 2m
\fBPERMISSIVE\fR
Enables TLS 1.3 Early Data for requests with safe HTTP methods (GET, HEAD,
OPTIONS, TRACE). This mode does not enforce any other limitations for requests
with Early Data. The application owner should validate that Early Data is
acceptable for a given request path.
.TP 2m
\fBSTRICT\fR
Enables TLS 1.3 Early Data for requests with safe HTTP methods, and HTTP
requests that do not have query parameters. Requests that send Early Data
containing non\-idempotent HTTP methods or with query parameters will be
rejected with a HTTP 425.
.RE
.sp

.TP 2m

At most one of these can be specified:

.RS 2m
.TP 2m

Certificate resource \- certificate\-manager\-certificates to attach. This
represents a Cloud resource. (NOTE) Some attributes are not given arguments in
this group but can be set in other ways.

To set the \f5project\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5\-\-certificate\-manager\-certificates\fR on the command
line with a fully specified name;
.IP "\(bu" 2m
provide the argument \f5\-\-project\fR on the command line;
.IP "\(bu" 2m
set the property \f5core/project\fR.
.RE
.sp

To set the \f5location\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5\-\-certificate\-manager\-certificates\fR on the command
line with a fully specified name;
.IP "\(bu" 2m
default value of location is [global].
.RE
.sp

.RS 2m
.TP 2m
\fB\-\-certificate\-manager\-certificates\fR=[\fICERTIFICATE_MANAGER_CERTIFICATES\fR,...]

IDs of the certificates or fully qualified identifiers for the certificates.

To set the \f5certificate\fR attribute:
.RS 2m
.IP "\(em" 2m
provide the argument \f5\-\-certificate\-manager\-certificates\fR on the command
line.
.RE
.sp

.RE
.sp
.TP 2m
\fB\-\-ssl\-certificates\fR=\fISSL_CERTIFICATE\fR,[...]

References to at most 15 SSL certificate resources that are used for
server\-side authentication. The first SSL certificate in this list is
considered the primary SSL certificate associated with the load balancer. The
SSL certificates must exist and cannot be deleted while referenced by a target
HTTPS proxy.

.RE
.sp
.TP 2m

At most one of these can be specified:

.RS 2m
.TP 2m
\fB\-\-global\fR

If set, the target HTTPS proxy is global.

.TP 2m
\fB\-\-region\fR=\fIREGION\fR

Region of the target HTTPS proxy to create. If not specified, you might be
prompted to select a region (interactive mode only).

To avoid prompting when this flag is omitted, you can set the
\f5\fIcompute/region\fR\fR property:

.RS 2m
$ gcloud config set compute/region REGION
.RE

A list of regions can be fetched by running:

.RS 2m
$ gcloud compute regions list
.RE

To unset the property, run:

.RS 2m
$ gcloud config unset compute/region
.RE

Alternatively, the region can be stored in the environment variable
\f5\fICLOUDSDK_COMPUTE_REGION\fR\fR.

.RE
.sp
.TP 2m

At most one of these can be specified:

.RS 2m
.TP 2m
\fB\-\-global\-ssl\-certificates\fR

If set, the ssl certificates are global.

.TP 2m
\fB\-\-ssl\-certificates\-region\fR=\fISSL_CERTIFICATES_REGION\fR

Region of the ssl certificates to operate on. If not specified, you might be
prompted to select a region (interactive mode only).

To avoid prompting when this flag is omitted, you can set the
\f5\fIcompute/region\fR\fR property:

.RS 2m
$ gcloud config set compute/region REGION
.RE

A list of regions can be fetched by running:

.RS 2m
$ gcloud compute regions list
.RE

To unset the property, run:

.RS 2m
$ gcloud config unset compute/region
.RE

Alternatively, the region can be stored in the environment variable
\f5\fICLOUDSDK_COMPUTE_REGION\fR\fR.

.RE
.sp
.TP 2m

At most one of these can be specified:

.RS 2m
.TP 2m
\fB\-\-global\-ssl\-policy\fR

If set, the SSL policy is global.

.TP 2m
\fB\-\-ssl\-policy\-region\fR=\fISSL_POLICY_REGION\fR

Region of the SSL policy to operate on. Overrides the default
\fBcompute/region\fR property value for this command invocation.

.RE
.sp
.TP 2m

At most one of these can be specified:

.RS 2m
.TP 2m
\fB\-\-global\-url\-map\fR

If set, the URL map is global.

.TP 2m
\fB\-\-url\-map\-region\fR=\fIURL_MAP_REGION\fR

Region of the URL map to operate on. Overrides the default \fBcompute/region\fR
property value for this command invocation.

.RE
.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.

.SH "NOTES"

These variants are also available:

.RS 2m
$ gcloud alpha compute target\-https\-proxies create
.RE

.RS 2m
$ gcloud beta compute target\-https\-proxies create
.RE