Search code examples
google-cloud-platformgoogle-compute-engine

Accessing a Google Cloud VM instance over HTTPS

I am new to the Google Cloud Platform and I'm trying to set up HTTPS for a VM in order to create a subscriber for Google Drive using the googleapis's changes.watch method, which requires a callback address served over HTTPS. However, before setting up a watcher, I wanted to first try with a simple endpoint. I've created a VM on GCP under an instance group and set up an Express.js application with a test GET endpoint that I can access through HTTP but it doesn't work with HTTPS. What steps do I need to take to correctly set up HTTPS access to my VM?

I saw there is a Google Cloud documentation with a guide on setting up a classic load balancer for a managed instance group link here. Is this what I'm looking for? When I tried to create a SSL certificate it requires domain, and I couldn't enter static IP (which I read is not the best practice).

Solution

  • As Puteri suggested, you need to have a domain name for procuring a SSL certificate. The certified CA authorities require your FQDN using which it is easy to identify a specific server, a few vendors offer SSL certificates based on your public IP address. To get SSL certificates based on IP addresses you need to have those IP addresses registered under your organization but not under your hosting provider or cloud provider. [1][2][3]

    The simple and most optimal solution in your case is to procure a domain and configure your application to be accessible using this domain. Since you want it to be simple there is no need to use an instance group or load balancer instead you can follow the below steps[4]

    • First purchase a domain name from any vendor.

    • Configure the nameservers in order to point towards GCP

    • In your VM you can install nginx or some other web server for running the application.

    • Allow the required firewall rules so that your application is exposed to the outside world.

    • Create the necessary DNS records for your application using Cloud DNS

    • Now using Let’s Encrypt or some other SSL provider for getting SSL certificates for your application.

    For detailed information on how to get SSL certificates for IP addresses and how to configure SSL for an application deployed on a VM in GCP, you can go through the references provided below.

    References:

    1. https://www.https.in/blog/ssl-certificate-for-ip-address/

    2. https://www.ssldragon.com/blog/ssl-without-domain-name/

    3. https://www.godaddy.com/resources/asia/skills/whats-a-fully-qualified-domain-name-fqdn-and-whats-it-good-for

    4. https://maxxsh.medium.com/setup-free-ssl-certificate-for-website-on-google-cloud-platform-90a249a6bce3