Join Log in
Score:1
dokgu avatar Server

Unable to access GCP Compute Engine VM via domain name

gb flag
dokgu

I'm evaluating Google Cloud Platform to see if I can build a network of applications I need for a project I plan on starting really soon. So far I have the Compute Engine API enabled on my GCP project and a VM instance set up which has Apache installed and ready to serve web pages.

Right now I can only access it through the external IP address. I want to be able to access this VM through a domain name I purchased through Google Domains.

I followed this guide to set up domain names, static IPs, DNS configurations, zones, etc.

At the end of the guide, it gives me instructions on how to verify that my setup is working correctly and I've done all of the steps mentioned in the guide (assuming my domain is domain.com):

dig +trace domain.com

or

nslookup domain.com

Both of those show the external IP address but when I type the domain name on my browser, it doesn't get resolved to that IP address and I don't see the contents of my VM's web server.

I also went to check for DNS trails and entered the domain name, and it does show the correct records.

I'm still looking around for guides and maybe I should have gone with this: https://cloud.google.com/compute/docs/instances/custom-hostname-vm - when I created my VM instance, I didn't set up a hostname for it, could it be because of that?

GCP firewall settings:

enter image description here

668
1 + 17
Michael Hampton avatar
cz flag
Michael Hampton
What is the domain name?
1
Reply
dokgu avatar
gb flag
dokgu
@MichaelHampton fruitloops.dev
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
It times out for me. Check your firewall.
0
Reply
dokgu avatar
gb flag
dokgu
@MichaelHampton When I installed Apache on the VM, the guide I was using had me do both `sudo firewall-cmd --permanent --add-service=http` and `sudo firewall-cmd --permanent --add-service=https`. Was I supposed to do more than that?
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
Your GCP firewall, not the VM's internal firewall.
0
Reply
dokgu avatar
gb flag
dokgu
@MichaelHampton I've edited the question to include a screenshot of the GCP firewall settings. I don't really know how firewalls work - I'm not much of a network guy.
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
OK, that seems reasonable, but does your VM have those tags? If not, then the firewall rules won't apply to it.
0
Reply
dokgu avatar
gb flag
dokgu
@MichaelHampton the only network tag I see on the VM is `http-server`. What else do I need to add? I think this tag was added because I enabled HTTP access but not HTTPS.
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
Since you need port 443, you also have to have the tag https-server.
0
Reply
dokgu avatar
gb flag
dokgu
@MichaelHampton I've added that tag but I still can't view the page using the domain name. I believe these were the original tags I had on the VM when I created it but since I was having issues I removed HTTPS because it wasn't on the guide I was following. Putting it back didn't fix the issue though.
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
Well, now your firewall port is open and it seems to be working fine. I now get a Connection refused. That means now you need to start your web server.
0
Reply
dokgu avatar
gb flag
dokgu
@MichaelHampton apache is running and I can view the page using the external static IP address I set up for it: 35.235.65.238
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
It's not answering on port 443, though. That's where your problem is.
0
Reply
dokgu avatar
gb flag
dokgu
@MichaelHampton when I installed Apache it was recommended to create virtual hosts, but since it wasn't required I just skipped it. I'll see if I can set those up and get back to you.
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
I think you missed something very important: You bought a .dev domain. This domain (and several others) have HSTS enabled for the entire TLD and so require the use of https.
3
Reply
dokgu avatar
gb flag
dokgu
@MichaelHampton I saw that when I purchased the domain and I do intend to put everything under HTTPS, I'm just evaluating GCP right now so I know that what I plan to do is possible.
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
OK, well since your problem is fixed now I've summarized it into an answer.
0
Reply
Score:8
Michael Hampton avatar Server
cz flag
Michael Hampton

You bought a .dev domain so you need to have incoming traffic on https (TCP port 443). This domain (and several others) have HSTS enabled for the entire TLD and so require the use of https.

Your GCP firewall shows you have an allow rule for this traffic but only for VMs tagged https-server. Your VM did not have this tag, so giving it this tag will allow port 443 inbound.

At this point you need to set up your web server with a TLS certificate and to answer TLS requests on port 443.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.