opnsense_nginx_upstream (Resource)

Manage an OPNsense Nginx upstream.

Example Usage

resource "opnsense_nginx_upstream_server" "app" {
  description = "tf-upstream-server"
  server      = "10.0.0.10"
  port        = "8080"
}

resource "opnsense_nginx_upstream" "example" {
  description              = "tf-upstream"
  load_balancing_algorithm = ""
  proxy_protocol           = false
  tls_enable               = false
  server_entries           = [opnsense_nginx_upstream_server.app.id]
}

Schema

Required

• description (String) Human readable description for the upstream.

Optional

• host_port (String) Optional host:port override for upstream requests.
• keepalive (String) Number of idle keepalive connections to upstream servers.
• keepalive_requests (String) Maximum number of requests served through one keepalive connection.
• keepalive_timeout (String) Keepalive timeout in seconds.
• load_balancing_algorithm (String) Load balancing algorithm (`` or ip_hash).
• proxy_protocol (Boolean) Enable proxy protocol when connecting to upstream servers.
• server_entries (Set of String) UUIDs of upstream servers that belong to this upstream.
• store (Boolean) Persist upstream state in the cache store.
• tls_client_certificate (String) Client certificate UUID used for upstream TLS connections.
• tls_enable (Boolean) Enable TLS when connecting to upstream servers.
• tls_name_override (String) Override the SNI/hostname used for upstream TLS handshakes.
• tls_protocol_versions (Set of String) TLS protocol versions allowed for upstream connections.
• tls_session_reuse (Boolean) Enable TLS session reuse for upstream connections.
• tls_trusted_certificate (String) Trusted certificate store UUID used to verify upstream TLS connections.
• tls_verify (Boolean) Verify upstream TLS certificates.
• tls_verify_depth (String) Maximum verification depth for upstream TLS certificates.
• x_forwarded_host_verbatim (Boolean) Forward original host header verbatim.

Read-Only

• id (String) The ID of this resource.