google-cloud-platformhttpsreverse-dns

GCloud https to external ID and Cloud DNS not working


as will be obvious, I do not know much about networking and do appreciate all hints and explanations. I wrote a little website application in flask using gunicorn and nginx. It is containerised, and works locally. My goal is to deploy it on gcloud and have a proper domain name pointing at it.

I set up a small compute instance. I used the standard http and https firewalls on that instance. I have an external IP EXT_IP reserved and set up. Additionally, I set up allow-firewalls for 443 ingress and egress on that instance. I run the docker container while mapping the ports 80 and 443 to the container port. I am not sure whether it is necessary to map the 443 to the container port. When I run http://[EXT_IP] the application works just as expected. When I however just click on the external IP or use an https request, I do get a "Secure Connection Failed" error.

When I run nmap EXT_IP I get the following output, which looks sensible.

Host is up (0.039s latency).
Not shown: 994 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   open   http
443/tcp  open   https
3389/tcp closed ms-wbt-server
8000/tcp closed http-alt
8001/tcp closed vcom-tunnel

Nmap done: 1 IP address (1 host up) scanned in 10.64 seconds

Additionally I tried to set up Cloud DNS. I purchased a domain on Google domains and set up an A record for the domain to the reserved external IP and a CNAME alias for the www.domain to the domain. When I attempt to go to the site using the domain, I get a not found error. When I use host domain_name I get

Host [Domain Name] not found: 3(NXDOMAIN)

I suspect that two things are going wrong. The https and the DNS mapping seem to be separate issues, but I am not sure.

Could anyone help me how to resolve either or both of those? Thank you very much in advance.


Solution

  • You have two separate issues:

    To solve issue with DNS you should follow one from two ways :

    1. use Google Domains only:
      • configure necessary DNS records at Google Domains side by following documentation Resource records;
      • remove your zone from Google Cloud DNS.
    2. switch to Google Cloud DNS:
      • create managed zone for your domain;
      • set custom DNS servers (same as NS records you can see at the previous step in created managed zone) for your domain.

    After that you should wait for 24-48 hours for DNS propagation. You can check status of DNS online with services like dnsmap.io or mxtoolbox.com. If everything was configured correctly, you'll be able to see your application via http://domain.name and/or http://www.domain.name.

    To solve issue with SSL you should follow instructions from these articles How To Secure a Containerized Node.js Application with Nginx, Let's Encrypt, and Docker Compose and Nginx and Let’s Encrypt with Docker in Less Than 5 Minutes to solve issue with SSL.