Reputation: 1693
setup instance group GCE with HTTPS load balancer that allows custom port
I'm struggling with this setup for 3 days now, most certainly I'm doing something wrong, but from all the docs that I read I have no clue what to is the correct way.
My goal is quite simple. I have a docker image in which I have a rest api that is served on 9090 port. I would like to have access to it over https, the port doesn't matter, best would be to use 443 (default https port) but this is not mandatory.
What I did so far: Setup an instance-group with instance-template that uses docker image published on Google Container Registry. This instance-group is behind an HTTPS Load Balancer. I have tried a number of different configuration options of the LB to enable access to my instance. With instanced created from templates I no longer can setup custom firewall configurations associated with instances, in such way I was able to make a connection to a single VM over HTTP.
Guys, can you help in any way ?
--30.09.2019--------- Configuration Update:
I have engine group setup with named ports:
http: 9090
https: 9090
the template is set with both http & https network allowed, but I don't have the possibility to add any rule that would enable 9090 over http or https, or that does not matter?
No the Load Balancer: Frontend: I have two endpoints: 80 for http and 443 for https. The backend uses the named port http(which should point to 9090).
--- Update 1/10/2019
Firewall rull:
Health check
Upvotes: 0
Views: 961
Answers (2)
Reputation: 1693
Ok, finally made it work! The problem was the firewall rule note being enforced on any of the managed instances. Even if you specify the network and target points this will not enforce the rule to run on the VM instance. You still need to add the network TAG to the instance. Now, with manually managed instances you can do it from the VM settings, if you have a template for the VMs you need to go to Advanced settings > Network > Network Tags when creating your template instance! This is the only way to make the rule applicable on your VM as far as I have read.
For anyone that may have similar issues in the future.
Bellow, you will find the screen.
The Http Load balancer is working, probably because of provisioning reasons the https is not, so I will give it 60 minutes still.
Upvotes: 1
Reputation: 2298
You should use Named port to achieve this.
In the instance group, set port name and port in Port Mapping option.
Then in the load balancer configuration, select a backend then select a named port when prompted. Thats all you need to do.
Upvotes: 0
Related Questions
- Apply SSL into Google Compute Engine Instance
- GCE Managed Instance Group - static IP address for outbound server requests
- How do I allow HTTP/HTTPS for GCE instances that are created using a template?
- Is this possible to create GCP load balancer use same instance in two different ports using unmanaged instance groups
- Setting up an SSL cert with Google Cloud Load Balancer
- Google Cloud Internal Https Load Balancer
- Google Cloud Engine: How to route traffic on port 80 when using HTTPS load balancer
- Google load balancer force https
- GCE Load Balancer HTTPS and HTTP IP
- Google Cloud SSL/HTTPS Load Balancer