Reputation: 13507
Expose ports on google cloud vm
I have two projects on google cloud. First one has been set up 15 hours ago and working fine, port 8080 is expose properly and i can access it.
Right now i'm trying to do absolutely the same with another project. I've created the same instance of vm in there with the same configs, entered the same commands using ssh connection. But i can't connect app to this server.
I've tried to create another instance of the vm on first project and it works, but whatever i create on the second project - i can't get access to it.
I assume, something wrong with the project configs, and therefore no details about VM's contents are provided.
Upvotes: 1
Views: 4161
Answers (1)
Reputation: 49473
TL;DR - Double check and compare your firewall rules in both the projects. You're most likely missing firewall rules to allow incoming traffic to port 8080 on your instances in the project where it is not working, whereas the other project has these rules configured.
Default Firewall rules
Google Compute Engine firewall by default blocks all ingress traffic (i.e. incoming network traffic) to your Virtual Machines. If your VM is created on the default network (which is usually the case), few ports like 22 (ssh), 3389 (RDP) are allowed.
The default firewall rules are described here.
Opening ports for ingress
The ingress firewall rules are described in detail here.
The recommended approach is to create a firewall rule which allows incoming traffic to your VMs (containing a specific tag you choose) on port 8080 . You can then associate this tag only to the VMs where you will want to allow ingress 8080.
The steps to do this using gcloud:
# Create a new firewall rule that allows INGRESS tcp:8080 with VMs containing tag 'allow-tcp-8080'
gcloud compute firewall-rules create rule-allow-tcp-8080 --source-ranges 0.0.0.0/0 --target-tags allow-tcp-8080 --allow tcp:8080
# Add the 'allow-tcp-8080' tag to a VM named VM_NAME
gcloud compute instances add-tags VM_NAME --tags allow-tcp-8080
# If you want to list all the GCE firewall rules
gcloud compute firewall-rules list
Here is another stack overflow answer which walks you through how to allow ingress traffic on specific ports to your VM using Cloud Console Web UI (in addition to gcloud).
Operating System level firewall rules
Since you have not mentioned if you're using any of the public Google Compute Engine images or Container-Optimized OS images or a custom image of your choice, I also wanted to mention that even if you configure GCE firewall rules to allow incoming traffic to reach your VM, your OS level firewall could still very well reject the traffic.
Google's Container-Optimized OS images have this feature turned on where it blocks all ingress ports except for port 22 (SSH).
Upvotes: 6
Related Questions
- How to open a specific port such as 9090 in Google Compute Engine
- Google cloud VM ports won't open
- Exposing two ports in Google Container Engine
- How To open ports on Ubuntu in Google cloud platform
- How to open a port on google compute engine
- Mapping ports in Compute Engine with Docker
- Can't access the Google Compute VM by any port except 22
- How do I open a port on gcloud instance?
- Google Cloud - Deploy as Container from GCR - Ports not exposed in docker container
- How to open a port or all ports for Google Cloud Compute Engine