1

I am trying to connect a domain name I got from Google Domains to a Google Cloud Platform VM instance. My domain is .dev and when I tried nslookup and dig trace, they are already pointing to the right IP address. Accessing the website using this IP works fine. I just cannot access the same website via the domain name.

The following is the configuration I did:

In my VM instance (Compute Engine API):

  • Enabled http and https traffic
  • Has network tags http-server and https-server

In VPC newtorks API:

  • Made my external IP static
  • Firewall at tcp:443 allows traffic (default-allow-https rule)
  • When I tried running "netstat -tulpn | grep LISTEN", port 443 is not shown in the list. Webserver may not be listening to port 443

In Network Services API:

  • Added record sets for A and CNAME matching the DNS from Google Domains and external IP from VM instance

In Google Domains:

  • Modified the name servers to be the same as those from Network Services API Registrar Setup values (added under the custom name server tab)

Screenshots: Firewall screenshot Network Zone screenshot VM setup concerning firewall

Please understand that I do not have a networking background. Thank you so much for helping!

Marky
  • 41
  • 4
  • 1) Did you enable HTTPS on the webserver? 2) Did you install an SSL certificate? 3) Domains ending in .dev can only be accessed using HTTPS using a web browser. – John Hanley Mar 24 '22 at 04:21
  • Yes, the https is enabled. I was supposed to create an SSL certificate next, but I cannot register my domain name because it refuses to connect to the IP of my server. – Marky Mar 24 '22 at 06:59
  • Everything in your screenshots is fine. That leaves an internal firewall (UFW) or the webserver. Edit your question and include details on them. Also, verify that your web server is listening on port 443 for the network interface: **netstat -tulpn | grep LISTEN** – John Hanley Mar 24 '22 at 07:10
  • I have checked if the web server is listening on port 443 and edit the question above accordingly. It looks like it doesn't. I'm not sure where to find the internal firewall in GCP. A little help? All i know is the firewall rules from VPC network API. – Marky Mar 25 '22 at 12:21
  • No listener for port 443 means the webserver is not configured to listen for requests on port 443. – John Hanley Mar 25 '22 at 17:07
  • Thanks. I configured my server conf file and have it listen to 443 instead of 80. Also, I added an SSL cert to it. After these, everything worked well! Thanks a lot for your help @John Hanley! – Marky Mar 25 '22 at 23:13
  • You still want the webserver to listen on port 80 as well. Redirect port 80 connections to port 443 (HTTPS Redirect). – John Hanley Mar 25 '22 at 23:28
  • 1
    Oh yes, I forgot to mention. I am still listening to port 80, I put it in a separate server clause in the conf file. – Marky Mar 26 '22 at 01:07

1 Answers1

1

Answer based on the comments of @John Hanley:

  1. A website with .dev domain name extension requires port443 to be open. Check that the web server is listening to this port by running netstat -tulpn | grep LISTEN.

  2. Since (as stated in the question above) port443 does not appear in the list, configure your web server to listen to port 443. In my case, I am using nginx as my server so I edited the file in /etc/nginx/nginx.conf to make my server listen to port 443.

  3. At this point, trying to access the website will return an error that you don't have an SSL certificate. So create one. I used certbot for this to generate the ssl certificate and key.

  4. Go back to the nginx.conf file and switch ssl on, add the ssl cert and key. It should look something like this:

... server{ server_name example.com www.example.com; listen 443; ssl on; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/bdcs.dev/privkey.pem; location / { ... } ... } ...
  1. Restart the server (sudo systemctl restart nginx)
Marky
  • 41
  • 4