1

as will be obvious, I do not know much about networking and do appreciate all hints and explanations. I wrote a little website application in flask using gunicorn and nginx. It is containerised, and works locally. My goal is to deploy it on gcloud and have a proper domain name pointing at it.

I set up a small compute instance. I used the standard http and https firewalls on that instance. I have an external IP EXT_IP reserved and set up. Additionally, I set up allow-firewalls for 443 ingress and egress on that instance. I run the docker container while mapping the ports 80 and 443 to the container port. I am not sure whether it is necessary to map the 443 to the container port. When I run http://[EXT_IP] the application works just as expected. When I however just click on the external IP or use an https request, I do get a "Secure Connection Failed" error.

When I run nmap EXT_IP I get the following output, which looks sensible.

Host is up (0.039s latency).
Not shown: 994 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   open   http
443/tcp  open   https
3389/tcp closed ms-wbt-server
8000/tcp closed http-alt
8001/tcp closed vcom-tunnel

Nmap done: 1 IP address (1 host up) scanned in 10.64 seconds

Additionally I tried to set up Cloud DNS. I purchased a domain on Google domains and set up an A record for the domain to the reserved external IP and a CNAME alias for the www.domain to the domain. When I attempt to go to the site using the domain, I get a not found error. When I use host domain_name I get

Host [Domain Name] not found: 3(NXDOMAIN)

I suspect that two things are going wrong. The https and the DNS mapping seem to be separate issues, but I am not sure.

Could anyone help me how to resolve either or both of those? Thank you very much in advance.

AJK
  • 107
  • 2
  • 10
  • 1
    **1**. Have you installed SSL certificate and configured web server to use HTTPS protocol? If not there's no surprise that your service doesn't work via HTTPS **2**. Actually you can [configure DNS records](https://support.google.com/domains/answer/3290350?hl=en) at Google Domain instead of using Cloud DNS. **3**. (If you need it) Have a look at the documentation [Create a managed public zone](https://cloud.google.com/dns/docs/quickstart#create_a_managed_public_zone). Have you configured DNS servers for your domain same to NS records in your zone? Please share your domain name if possible. – Serhii Rohoza May 13 '20 at 14:28
  • **4**. Yes, HTTPS and DNS are separate issues. **5**. Meanwhile, you successfully configured GCP Firewall. – Serhii Rohoza May 13 '20 at 14:34
  • Thanks, I will have a look into it SSL certificates, as I have done nothing with them. The web server here is nginx, right? Do you have by any chance a good resource handy for a layman? The domain name is dataforconsultants.uk . Thanks again! – AJK May 13 '20 at 16:34
  • Let's finish with DNS first. Have you solved it? – Serhii Rohoza May 13 '20 at 17:22
  • Sorry, hadn't had time yet. Actually, how would I see that I am finished? – AJK May 13 '20 at 18:00
  • So I followed the link you gave for section 2. There it directs me to the Custom Resource Records creation. What do I put in for the ipv4 address (I am not sure what that is)? I put the external Ip in and it said within 48 hours it should work. is that the correct way to proceed? – AJK May 13 '20 at 18:15
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/213802/discussion-between-ajk-and-serhii-rohoza). – AJK May 13 '20 at 18:55
  • Yes, it's the correct way, and yes, you should use external IP. Have you [reserved external IP](https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address)? You can check DNS propagation with tools like https://dnsmap.io/ (it could be accessible in 24 hours or even earlier). After that, you'll be able to see your application via `http://domain.name` and/or `http://www.domain.name` if you configured DNS records correctly. – Serhii Rohoza May 13 '20 at 21:42
  • 1
    Meanwhile, have a look at the articles [How To Secure a Containerized Node.js Application with Nginx, Let's Encrypt, and Docker Compose](https://www.digitalocean.com/community/tutorials/how-to-secure-a-containerized-node-js-application-with-nginx-let-s-encrypt-and-docker-compose) and [Nginx and Let’s Encrypt with Docker in Less Than 5 Minutes](https://medium.com/@pentacent/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71) to solve issue with SSL. – Serhii Rohoza May 13 '20 at 21:42
  • Thank you for confirmation! Please accept/upvote my answer if my comments were useful for you. – Serhii Rohoza May 14 '20 at 07:56

1 Answers1

1

You have two separate issues:

  • DNS server configuration;
  • NGINX web server configuration.

To solve issue with DNS you should follow one from two ways :

  1. use Google Domains only:
    • configure necessary DNS records at Google Domains side by following documentation Resource records;
    • remove your zone from Google Cloud DNS.
  2. switch to Google Cloud DNS:
    • create managed zone for your domain;
    • set custom DNS servers (same as NS records you can see at the previous step in created managed zone) for your domain.

After that you should wait for 24-48 hours for DNS propagation. You can check status of DNS online with services like dnsmap.io or mxtoolbox.com. If everything was configured correctly, you'll be able to see your application via http://domain.name and/or http://www.domain.name.

To solve issue with SSL you should follow instructions from these articles How To Secure a Containerized Node.js Application with Nginx, Let's Encrypt, and Docker Compose and Nginx and Let’s Encrypt with Docker in Less Than 5 Minutes to solve issue with SSL.

Serhii Rohoza
  • 4,287
  • 2
  • 16
  • 29