SSL set-up through Load Balancing in GCP

GCP_Cloud

For this method, first, we have to create an Instance Group because the load-balancer cannot directly map to VM instance, but can take to VM Instance Groups.

For Creating VM Instance Group : go to Compute Engine –> Instance Groups
  1. Create an instance Group
  2. Select an Instance type option from the left side. In normal case we select, Unmanaged Instance Group.
  3. Give a name for instance group
  4. Add description (optional)
  5. Select Location region. (Selected the region which is already chosen for VM instance)
  6. Add VM instances (Choose from dropdown)
  7. Create (Done)
For SSL Setup through Load-Balancing : go to Network Services –> Load Balancing
  1. Create Load Balancer.
  2. Select Load balancer for Configuration.
    • Normally we choose HTTP(s) Load Balancing –> Start Configuration
  3. Internet facing or internal only
    • From Internet to my VMs –> Continue
  4. Add Name for new load balancer
  5. Backend Configuration:
    • Create a Backend Service
    • Add a name for Backend Service
    • Description (Optional)
    • Backend Type : Instance Group
    • Protocol : HTTP
    • Named Port : http
    • New Backend :
      • Select Instance Group
      • Add Port Number (3000)
      • Balancing Mode : Utilization
      • Done
    • Cloud CDN
      • Allow Cloud CDN
      • Cache static Content
      • Health Check :
        • Add name for Health Check
        • Add Description Optional
        • Protocol : HTTP
        • Port : 80
        • Proxy Protocol : None (Normally)
        • Health Criteria :
          • Check Interval : 30 sec
        • Save
      • Create
    • Choose created Backend Service –> OK
  6. Host and Path Rules:
    • Mode : Simple host and path rule
    • Hosts : Default
    • Paths : Default
    • Backend : (Created in Backend Service)
  7. Frontend Configuration:
    • Add Frontend IP and Port name
    • Protocol : HTTPS
    • Network Service Tier : Premium
    • IP version : IPV4
    • IP Address : Create IP Address –> Add IP Address name –> Reserve (for static IP)
    • Certificate : Select a Certificate –> Create a Certificate
      • Add new certificate name
      • Create mode
        1. Upload my certificate (Manually uploading our own purcashed certificate)
        2. Create google managed certificate (SSL from Google)
      • If option 1, Add corresponding certificate. If its option 2, Add Domain Name –> Create
    • Done
  8. Go to Cloud DNS –> Modify IP address which is created in Load Balancer (without Port number).

Ensure your Website works properly.

Leave a comment

Your email address will not be published. Required fields are marked *