Bastionhost configuration with NaviServer on GCP?

Question

How to add TLS/SSL letsencrypt or GCP provided certificate to VM instance in GCP with an internal ip address and static external address?

When I create one via a letsencrpt certificate install script, resultant connections break because the VM doesn't have an external facing ip number --only an internal number.

The traffic passes through a firewall (or load balancer) of sorts.

I'm used to bastionhost VM servers in the wild..

Details: NaviServer web server is running on a GCP Compute Engine with a FreeBSD 11.3 image.

(Linux Shield OSes aren't letting me compile Naviserver and use it on any port).

All works for port 80 and 8000 on an internal ip address, and a static ip address pointed externally and not connected to the VM.

I can't find any proxy/firewall settings to navigate via GCP menus.

How to resolve?

Is there some special term I should use to search for docs?

Any link with instructions to follow?

Is there a way to expose a VM instance directly to an external ip address?

Any other creative way I may get SSL/TLS to work with NaviServer?

thank you

Links to some things I've tried:

Enable SSL on Tomcat on Google Compute Engine

How to setup Letsencrypt for Google Cloud Compute Engine load balancer? <-- this is for Kubernetes clusters

I'm currently trying adding a load balancer: https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs

Answer 1

This appears to be the solution: Use a GCP HTTP/S load balancer: https://cloud.google.com/load-balancing/docs/https and specifically: https://cloud.google.com/load-balancing/docs/https/ext-https-lb-simple

Argh. Actually No.

GCP Team kindly suggested this url: https://cloud.google.com/compute/docs/instances/custom-hostname-vm#create-custom-hostname Set the hostname to the domain name. Treat this as if there's no proxy, just a firewall.