Google domain name pointing at external IP of GCP compute engine with nginx installed and app in /var/www/html. Have google site verification of property code. I need HTTPS setup. Do I need Lets Encrypt? Why is it so difficult to establish HTTPS?
None of the dozens of sites nothing here in tag search or on GCP. Nginx has how to setup in /etc/nginx/nginx.conf but my site is visible http using my external IP but not the HTTPS domain name.
Related
I am planning to host 2 webapps using Firebase Hosting: example.com and dev.example.com. For corresponding APIs, I have 2 projects on GCP (using managed instance groups and a load balancer) with custom domains: api.example.com and dev-api.example.com.
Is it possible to have a setup where subdomains of the custom domain example.com can be split/used across Firebase and GCP load balancer? I thought this is a popular setup but can't find any documentation/howto around this. I am using Google Domains as the domain provider for example.com and using Google Managed SSL certificates as well. All the projects belong to one account.
Assuming that you are using a Classic HTTPS Load Balancer with your GCP project, you may get your Firebase Hosting linked to your LB as an additional backend through Internet Network Endpoint Group so all of them can be reached through the same Load Balancer IP.
To do this,
Edit the current Load Balancer and go to Backend configuration
Create a Backend Service, under Backend type, select Internet Network Endpoint Group
Under Backends > New Backend, Create Internet Network Endpoint Group. This will take you to Network endpoint groups under Compute Engine
Under New network endpoint > Add through, you may select IP and port or Fully qualified domin name and port. Just supply the correct FQDN or IP of your Firebase hosting and the Port where the Firebase hostings are listening to, then Create.
Finish creating the backend service using the the Internet network endpoint group that you created as Backend Type
Under Host and Path rules. click +Add Host and Path Rule, please fill out the Host field with the domain of your Firebase hosting. For Path, just put /*. Then select the Internet network endpoint group that you created as Backend.
I am also under the assumption that your Google Managed Certificate is also deployed within the Load Balancer. If this is the case, then you may provision another Google Managed SSL certificate and include all 4 domains
example.com
dev.example.com
api.example.com
dev-api.example.com
Once done, you may create A records with the Load Balancer's IP address for each domain. This is to ensure that the requests will be forwarded to the correct backend, as oppose to just creating CNAME's which will always forward the request to the root domain (example.com) and not to their intended backends. The LB should be able to forward requests based on the domain being accessed.
My setup:
Bitnami Wordpress
GCP VM
GCP HTTPs Load Balancer
Load Balancer has http to https redirection, www to non-www redirection
Cloud CDN
Main Problem:
The VM's external IP (22.22.22.22) is indexed by Google Search. I'm unable to remove it from Google Search because it is not recognized as a property that belongs to me and the indexed page (http://22.22.22.22/home) is live. http://22.22.22.22/home is resolved to example.com which is a live page.
what I have checked
The domain name and Load Balancer's IP is properly resolved
No new mod_rewrite rules other than those from the default installation
The site does not have any reference to VM's external IP, including database
No cache plugins installed
Wordpress's site address and home address is pointing to http://example.com
what I have done to rectify
I've added 301 redirects which I'm not sure if that helps. It will take some time to check if that works.
My questions
Is there a way to prevent Google from indexing IPs(Any IPs in general)?
How to prevent VM's ext. IP from being indexed by Google especially when load balancer is in use?
There is a simple solution but it takes time. Configure the Apache web server to redirect IP-based queries to your domain or return an error. Google Search will eventually notice the redirect and remove the IP address from search queries.
For redirects, use a permanent redirect (301).
301 Moved Permanently
How To Create Temporary and Permanent Redirects with Apache and Nginx
There are WordPress plugins to do the same, but I prefer to configure Apache directly and not add another plugin to a site.
Is there a way to prevent Google from indexing IPs(Any IPs in
general)?
No, Google can index any site, IP or Hostname based, that is public unless restricted via robots.txt.
Introduction to robots.txt
How to prevent VM's ext. IP from being indexed by Google especially
when load balancer is in use?
You can create a VPC Firewall rule that only allows traffic from the load balancer and blocks Internet ingress traffic.
Load Balancer Firewall Rules
Additional information:
Remove a page hosted on your site from Google
I have a website and users create their own app. But i can't embed these apps on my website via iframe, because my website has SSL certificate and got this error:
Mixed Content: The page at 'https://domain' was loaded over HTTPS, but requested an insecure resource 'http://IP_ADDR'. This request has been blocked; the content must be served over HTTPS.
My workflow is like that:
Click create button
Deploy EC2 instance from AWS
Get IP EC2 address from AWS
Embed this app via iframe
I want to embed these IPs to my website, IP addresses are dynamic. Anyone can create machine anytime.
What is best practice solution for this issue?
Best practice (and also the only I can think of) solution IMHO would be to use proper HTTPS for the iframe content also. You'd need a possibility to automatically create DNS records though (you can do so with AWS Route 53). Regarding SSL you could use a wildcard certificate (e.g. Let's Encrypt). Nginx could be configured to proxy_pass by DNS name as opposed to IP. Then your workflow would become this:
Click create button
Deploy EC2 instance from AWS
Get IP EC2 address from AWS
Create DNS record
Embed this app via iframe
I'm migrating a bitnami wordpress site from AWS lightsail to GCP.
The AWS's setup includes a purchased wildcard SSL. When I set up the loadbalancer in GCP, I opt for Google's SSL instead.
I got this error Error code: SSL_ERROR_NO_CYPHER_OVERLAP when I access from the loadbalancer's IP. The VM is working fine and I am able to access it with it's own external IP.
The domain is still pointing to AWS's server. I wonder if the error is because I have not pointed the domain to the load balancer's IP?
I'm hoping to gain some clarity first before I update the domain's IP. I want to avoid situation where it does not work after I make the switch.
Thanks
I am having a domain from firebase hosting that looks like this below
discourse-314707.web.app
I am also having an EC2 instance with the following ip address below
54.163.205.15
how can i make "discourse-314707.web.app" in firebase hosting to point to "54.163.205.15" in my EC# instance for example if i have installed an apache it displays the apache page
The discourse-314707.web.app is a subdomain on Firebase's web.app domain that it automatically sets up for any Firebase project.
Since the DNS for all web.app subdomains is managed by Firebase itself, there is no way for you to configure this to point to your own IP address.
The closest you can get it setting up your Firebase web site as a proxy for the one on EC2 with a micro-service. But you'll need to be on the paid plan for that, and it'll quite some hassle for the auto-generated subdomain.
If you register your own domain for the web app, you control the DNS settings for that domain and can point to whatever hosting service you want.