How do I enable http traffic for GCE instance templates?

Question

When creating an instance template in Google Compute Engine, how do I enable http traffic for instances created from the template?

I was thinking that providing an http tag would work, but it doesn't seem to do so.

score 13 · Accepted Answer · answered Jul 22 '15 at 16:02

13

The default network in the project comes with default firewall rules "default-allow-http" and "default-allow-https" to allow traffic on port 80 and 443. These rules have a target tag setup as "http-server". When setting up the instance template you can check the box "Allow HTTP traffic" and "Allow HTTPS traffic" from your developer console, by doing that the default firewall rules will be applied to the new instances created through this instance template.

answered Jul 22 '15 at 16:02

Faizan

1,937
13
18

3

They key item I find useful in this answer is the target tag, as you can specify that when creating the instance template via the command line tool. – interestedparty333 Jul 23 '15 at 16:30
This is configuration for Google Cloud Network, so don't forget also to configure firewall inside your VM instance. – Andrey Dorohovich Jul 26 '18 at 09:33
2

You can also do this for an existing VM by clicking the EDIT button – jamsandwich Aug 30 '18 at 04:45

interestedparty333 · Answer 2 · 2015-07-20T14:50:34.697

2

The following should work in theory, but in practice, it didn't work.

One potential solution is to enable http traffic for all of your instances in that project. To do so, from within GCE command line tools, run:

gcloud compute firewall-rules create FIREWALL_RULE --allow tcp:80

It's not clear to me that setting the rule for a particular instance template is possible, but hopefully someone will correct me if it is.

edited Jul 20 '15 at 14:50

answered Jul 20 '15 at 06:04

interestedparty333

2,386
1
21
35

1

The default network in the project comes with default firewall rules "default-allow-http" and "default-allow-https" to allow traffic on port 80 and 443. These rules have a target tag setup as "http-server". When setting up the instance template you can check the box "Allow HTTP traffic" and "Allow HTTPS traffic" from your developer console, by doing that the default firewall rules will be applied to the new instances created through this instance template. – Faizan Jul 21 '15 at 14:47
If you are not using default network you can setup the firewall rules for port 80 and 443 with the target tags as "http-server" and check the box "Allow HTTP traffic" and "Allow HTTPS traffic" when creating the instance template. Which will allow http and https traffic to all the instance created with this instance template. I hope that helps. – Faizan Jul 21 '15 at 14:52
Faizan, make your first reply an answer, so I can accept it :) – interestedparty333 Jul 22 '15 at 15:18
Done, I'm glad that it was useful :) – Faizan Jul 22 '15 at 16:03
IIRC, the reason it wasn't working was ephermeral and had nothing to do with anything I could control -- GCE was just having networking issues at the time. (Though this answer is still correct) – interestedparty333 Nov 05 '18 at 18:20
I am getting following error : `Creating firewall...failed. ERROR: (gcloud.compute.firewall-rules.create) Could not fetch resource: - Invalid value for field 'resource.name': 'FIREWALL_RULE'. Must be a match of regex '(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?)'` – alper Apr 27 '21 at 11:15

score 1 · Answer 3 · answered Nov 14 '17 at 11:35

One potential solution is to enable http traffic for all of your instances >in that project. To do so, from within GCE command line tools, run:

gcloud compute firewall-rules create FIREWALL_RULE --allow tcp:80

I try your command but it doesn't work because the command want the name of the instance:

google130505_student@qwiklabs-gcp-286ef104ac93631b:~$ gcloud compute firewall-rules create FIREWALL_RULE --allow tcp:80
Creating firewall...failed.
ERROR: (gcloud.compute.firewall-rules.create) Could not fetch resource:
 - Invalid value for field 'resource.name': 'FIREWALL_RULE'. Must be a match of regex '(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?)'
google130505_student@qwiklabs-gcp-286ef104ac93631b:~$ gcloud compute firewall-rules create gclab2 --allow tcp:80
Creating firewall.../Created [https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-286ef104ac93631b/global/firewalls/gclab2].
Creating firewall...done.
NAME    NETWORK  DIRECTION  PRIORITY  ALLOW   DENY
gclab2  default  INGRESS    1000      tcp:80

so the correct command is:

gcloud compute firewall-rules create NAME_OF_YOUR_INSTANCE --allow tcp:80

Actually you can call the rule whatever you like, but it can only be lowercase letters, numbers and hyphens (see the regex in the error message you received) — jamsandwich, Aug 30 '18 at 04:47

score 1 · Answer 4 · answered Mar 04 '20 at 19:24

1

gcloud compute firewall-rules create FIREWALL_RULE --allow tcp:80,tcp:443

This command should do it

answered Mar 04 '20 at 19:24

Afelaia Timur

51
1
4

score 0 · Answer 5 · edited Oct 21 '19 at 23:38

0

If the query is allowing this vm as http or https server then I just used successfully:

cloud compute instances add-tags myvm1 --tags=http-server

edited Oct 21 '19 at 23:38

dbc

104,963
20
228
340

answered Oct 21 '19 at 23:27

docpuneet

1

How do I enable http traffic for GCE instance templates?

5 Answers5

Linked