I recently came across an r/terraform post about a GitHub project called terraform-registry-proxy.
This inspired me to create a similar project strictly using Nginx.
(Thanks u/jasonwbarnett!)
What is a Terraform Registry Cache?
By default, Terraform will pull down provider artifacts from https://releases.hashicorp.com. For the typical user this behavior is acceptable. For environments that are air gapped or require a local caching server, we can do better.
How does this work exactly?
Nginx will proxy requests for the following endpoints:
Response bodies are rewritten to update where provider artifacts are served from. Terraform will use the rewritten URL to fetch the artifact from the registry cache (Nginx).
Nginx will serve back a response from its local cache if possible and fallback to the official Hashicorp servers.
Requirements
- An Nginx server with SSL configured. The Terraform CLI must be able to trust the certificate.
- Two subdomains:
- terraform-registry.example.com
- terraform-releases.example.com
Nginx Configuration
This is an example nginx.conf
. Modify as you see fit.
Terraform Configuration
Inside your main.tf
, set the global source address against the provider:
Example Usage
Inside the directory with your main.tf
changes:
You’ll notice I ran the init command two times.
This is to show that the first time Nginx served the request produced a Cache:MISS . The second time Nginx was able to pull from the local cache resulting in a Cache:HIT .
Conclusion
This Nginx setup could easily be integrated against environments that don’t have a direct connection to the Internet or company policy requiring the use of proxy servers.
Sign up for Terrateam here!