Unable to access GCP Compute Engine VM via domain name

Patrick Gregorio asked:

I’m evaluating Google Cloud Platform to see if I can build a network of applications I need for a project I plan on starting really soon. So far I have the Compute Engine API enabled on my GCP project and a VM instance set up which has Apache installed and ready to serve web pages.

Right now I can only access it through the external IP address. I want to be able to access this VM through a domain name I purchased through Google Domains.

I followed this guide to set up domain names, static IPs, DNS configurations, zones, etc.

At the end of the guide, it gives me instructions on how to verify that my setup is working correctly and I’ve done all of the steps mentioned in the guide (assuming my domain is domain.com):

dig +trace domain.com

or

nslookup domain.com

Both of those show the external IP address but when I type the domain name on my browser, it doesn’t get resolved to that IP address and I don’t see the contents of my VM’s web server.

I also went to check for DNS trails and entered the domain name, and it does show the correct records.


I’m still looking around for guides and maybe I should have gone with this: https://cloud.google.com/compute/docs/instances/custom-hostname-vm – when I created my VM instance, I didn’t set up a hostname for it, could it be because of that?


GCP firewall settings:

enter image description here

My answer:


You bought a .dev domain so you need to have incoming traffic on https (TCP port 443). This domain (and several others) have HSTS enabled for the entire TLD and so require the use of https.

Your GCP firewall shows you have an allow rule for this traffic but only for VMs tagged https-server. Your VM did not have this tag, so giving it this tag will allow port 443 inbound.

At this point you need to set up your web server with a TLS certificate and to answer TLS requests on port 443.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.