Cannot access Google Cloud Compute Instance External IP

Question

I have set up an Google Cloud Compute Instance:

• Machine type
  • n1-standard-1 (1 vCPU, 3.75 GB memory)
• CPU platform
  • Intel Haswell
• Zone
  • us-east1-c

I can ssh in using the external address.

I have installed the vncserver and can access it on port 5901 from localhost as well as the internal IP.

I am trying to access it from the static, external IP address but it is not working.

I have configured the firewall to open to port to 0.0.0.0/0, but it is not reachable.

Can anyone help?

------after further investigation from the tips from the two answers (thanks, both!), I have a partial answer:

The Google Cloud Compute instance was set, by default, to not allow HTTP traffic. I reset the configuration to allow HTTP traffic. I then tried the troubleshooting tip to run a small HTTP service in python. I was able to get a ressponse from the service over the internet.

The summary of the current situation is as follows:

• The external IP address can be reached
• It is enabled and working for SSH
• It is enabled and working for HTTP
• It does not seem to allow traffic from vncserver

Any idea how to configure the compute instance to allow for vncserver traffic?

Answer 1

Create a new firewall rule to allow other port where you app is running. For me this thing works:

1. Go to the GCP Console.Go to firewall policies

2. Click Create firewall rule.

3. Enter a Name for the firewall rule. This name must be unique for the project.

4. Under “Targets”, select “All instances in the network”.

5. Under “Source IP ranges”, enter 0.0.0.0/0 to allow traffic from any IP address.

6. Under “Protocols and ports”, enter tcp:8080 to allow traffic on port 8080 (assuming your app listens on port 8080). Click “Create”.

now you can access your app with its IP. ex: IP:port

Answer 2

If anyone already initiated 'https' just disable it and check again.

Answer 3

For me the problem was that I set up the traffic for the firewall rule to be 'Egress' instead of 'Ingress'.

Answer 4

Usually there are two main things to check.

1. Port

By default, only port 80, 443 and ICMP are exposed. If your server is running on a different port, create a record for the same.

2. Firewall

Make sure you are allowing http and https traffic based on your need. oua re

Answer 5

TLDR: make sure you are requesting http not https

In my case i was following the link from my CE instance's External Ip property which takes you directly to the https version and i didn't set up https, so that was causing the 'site not found' error.

Answer 6

In addition to having the firewall rules to allow HTTP traffic in both Google Cloud Platform and within the OS of the instance, make sure you install a web server such as Apache or Nginx.

After installing the web server, you connect to the instance using SSH and verify you do not get a failed connection with the following command:

$ sudo wget http://localhost

If the connection is positive, it means that you can access your external URL:

http://<IP-EXTERNAL-VM>

Answer 7

enable http/https traffic form the firewall as per the need. it will work!!

Answer 8

Create an entry in your local ssh config file as below with mentioned local forward port. In my case its an example of yarn's IP, which I want to access in browser.

Host hadoop
     HostName <External-IP>
     User <Local-machine-username>
     IdentityFile ~/.ssh/<private-key-for-above-user>
     LocalForward 8089 <Internal-IP>:8088

Answer 9

The Google Cloud Compute instance was set, by default, to not allow HTTP traffic. I reset the configuration to allow HTTP traffic. I then tried the troubleshooting tip to run a small HTTP service in python. I was able to get a response from the service over the internet.

As such, the original question is answered, I can access Google Cloud Compute Instance External IP. My wider issue is still not solved, but I will post a new, more specific question about this issue

Answer 10

If you already verified that Google Firewall or your VM are not blocking packets, you must make sure that VNC service is configured to listen on the external IP address.

You can always use a utility like nmap outside Google project to reveal information on the port status.