Cloudbooklet
  • News
  • Artificial Intelligence
  • Applications
  • Linux
No Result
View All Result
Cloudbooklet
  • News
  • Artificial Intelligence
  • Applications
  • Linux
No Result
View All Result
Cloudbooklet
No Result
View All Result
Home Google Cloud

Install Web Apps with SSL Certificate on Google Cloud Platform

by Cloudbooklet
5 years ago
in Google Cloud, Compute Engine
Installing Ssl Certificate Gcp
ShareTweetSendShare
Readers like you help support Cloudbooklet. When you make a purchase using links on our site, we may earn an affiliate commission.

In the previous posts, I showed you how to Install Nginx, PHP-FPM in Google Cloud and connect with Cloud SQL. In this post, you will create and install SSL certificate and setup WordPress, CodeIgniter, Laravel and more web apps on Google Compute Engine. Let’s get started. This setup is tested on Google Cloud Platform, so […]

ADVERTISEMENT

In the previous posts, I showed you how to Install Nginx, PHP-FPM in Google Cloud and connect with Cloud SQL. In this post, you will create and install SSL certificate and setup WordPress, CodeIgniter, Laravel and more web apps on Google Compute Engine. Let’s get started.

This setup is tested on Google Cloud Platform, so this guide can be used on any other cloud hosting services or VPS or Dedicated servers.

Prerequisites

  1. Your Compute Engine Instance running and installed Nginx and PHP.
  2. For setting up Compute Engine, see the Setting up Compute Engine Instance.
  3. For installing Nginx and PHP, see how to install LEMP in Compute Engine Instance.
  4. Domain name is pointed to your virtual machine.
  5. For setting up Cloud DNS, see the Setting up Google Cloud DNS for your domain.
  6. Google Cloud SQL Setup, see Setup Cloud SQL and connect with Compute Engine.

Setup your website

Your website will be located in the home directory and have the following structure

ADVERTISEMENT

Replace yourdomainname.com with your original domain name.

You might also like

How To Setup Ssh Keys On Ubuntu

How to Setup SSH Keys on Ubuntu 20.04

4 months ago
Draggan Ai Editing Tool Install And Use Draggan Photo Editor

DragGAN AI Editing Tool Install and Use DragGAN Photo Editor

4 months ago
home
-- yourdomainname.com
---- logs
---- public

The public directory is your website’s root directory and logs directory for your error logs

Now we create these directories and set correct permissions

ADVERTISEMENT

You need to SSH into your VM Instance and run these commands

mkdir -p yourdomainname.com/logs yourdomainname.com/public
sudo chmod -R 755 yourdomainname.com

Now create a new Nginx configuration for your website in the sites-available directory

ADVERTISEMENT
sudo nano /etc/nginx/sites-available/yourdomainname.com

Copy and paste the following configuration, ensure that you change the server_name, error_log and root directives to match your domain name. Hit CTRL+X followed by Y to save the changes.

server {
    listen 80;
    listen [::]:80;

    server_name yourdomainname.com www.yourdomainname.com;

    error_log /home/username/yourdomainname.com/logs/error.log;

    root /home/username/yourdomainname.com/public/;
    index index.html index.php;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }
}

To enable this newly created website configuration, symlink the file that you just created into the sites-enabled directory.

ADVERTISEMENT
sudo ln -s /etc/nginx/sites-available/yourdomainname.com /etc/nginx/sites-enabled/yourdomainname.com

Check your configuration and restart Nginx for the changes to take effect

sudo nginx -t
sudo service nginx restart

Create SSL certificate and enable HTTP/2

HTTPS
HTTPS is a protocol for secure communication between a server (instance) and a client (web browser). Due to the introduction of Let’s Encrypt, which provides free SSL certificates, HTTPS are adopted by everyone and also provides trust to your audiences.

ADVERTISEMENT

HTTP/2
HTTP/2 is the latest version of the HTTP protocol and can provide a significant improvement to the load time of your sites. There really is no reason not to enable HTTP/2, the only requirement is that the site must use HTTPS.

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx

Now we have installed Certbot by Let’s Encrypt for Ubuntu 18.04, run this command to receive your certificates.

sudo certbot --nginx certonly

Enter your email and agree to the terms and conditions, then you will receive the list of domains you need to generate SSL certificate.

To select all domains simply hit Enter

The Certbot client will automatically generate the new certificate for your domain. Now we need to update the Nginx config.

Redirect HTTP Traffic to HTTPS with www in Nginx

Open your site’s Nginx configuration file add replace everything with the following. Replacing the file path with the one you received when obtaining the SSL certificate. The ssl_certificate directive should point to your fullchain.pem file, and the ssl_certificate_key directive should point to your privkey.pem file.

server {
    listen [::]:80;
    listen 80;

    server_name yourdomainname.com www.yourdomainname.com;
    # redirect http to https www
    return 301 https://www.yourdomainname.com$request_uri;
}

server {
    listen [::]:443 ssl http2;
    listen 443 ssl http2;

    server_name yourdomainname.com;

    ssl_certificate /etc/letsencrypt/live/yourdomainname.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomainname.com/privkey.pem;

    root /home/username/yourdomainname.com/public/;
    index index.html index.php;

    # redirect https non-www to https www
    return 301 https://www.yourdomainname.com$request_uri;
}

server {
    listen [::]:443 ssl http2;
    listen 443 ssl http2;

    server_name www.yourdomainname.com;

    ssl_certificate /etc/letsencrypt/live/yourdomainname.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomainname.com/privkey.pem;

    error_log /home/username/yourdomainname.com/logs/error.log;

    root /home/username/yourdomainname.com/public/;
    index index.html index.php;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;

        add_header Content-Security-Policy "img-src * 'self' data: blob: https:; default-src 'self' https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://s.ytimg.com https://www.youtube.com https://www.yourdomainname.com https://*.googleapis.com https://*.gstatic.com https://*.gravatar.com https://*.w.org data: 'unsafe-inline' 'unsafe-eval';" always;
        add_header X-Xss-Protection "1; mode=block" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Access-Control-Allow-Origin "https://www.yourdomainname.com";
        add_header Referrer-Policy "origin-when-cross-origin" always;
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
    }
}

The http2 value is all that is needed to enable the HTTP/2 protocol.

Now you have enabled SSL Hardening, created a Content Security Policy, X-XSS-Protection, Clickjacking, MIME Sniffing, Referrer Policy, Access Control Allow Origin.

These are some Nginx security tweaks by closing all areas of attacks.

Hit CTRL+X followed by Y to save the changes.

Check your configuration and restart Nginx for the changes to take effect.

sudo nginx -t
sudo service nginx restart

Renewing SSL Certificate

Certificates provided by Let’s Encrypt are valid for 90 days only, so you need to renew them often. Now you set up a cronjob to check for the certificate which is due to expire in next 30 days and renew it automatically.

sudo crontab -e

Add this line at the end of the file

0 0,12 * * * certbot renew >/dev/null 2>&1

Hit CTRL+X followed by Y to save the changes.

This cronjob will attempt to check for renewing the certificate twice daily.

Learn how to install WordPress on Google Cloud.

Learn how to install CodeIgniter on Google Cloud.

Learn how to install Laravel on Google Cloud.

Tags: Google Cloud PlatformNginxPHPUbuntu 18.04
ShareTweetSendShare
Cloudbooklet

Cloudbooklet

Comments 1

  1. Avatar Of Ravindra Bharava Ravindra Bharava says:
    3 years ago

    Hi,
    I am facing some issue and my https not getting activated , pls help me

    2020/08/05 11:28:53 [warn] 16907#16907: conflicting server name “www.ravindrabhargava.com” on 0.0.0.0:80, ignored
    2020/08/05 11:28:53 [warn] 16907#16907: conflicting server name “ravindrabhargava.com” on 0.0.0.0:80, ignored
    2020/08/05 11:29:02 [warn] 16926#16926: conflicting server name “www.ravindrabhargava.com” on 0.0.0.0:80, ignored
    server {
    2020/08/05 11:29:02 [warn] 16926#16926: conflicting server name “ravindrabhargava.com” on 0.0.0.0:80, ignored

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related Posts

Set Up Deep Learning With Nvidia, Cuda, Cudnn On Ubuntu

How to Set Up Deep Learning with Nvidia, CUDA, cuDNN on Ubuntu 22.04

7 months ago
How To Install Or Upgrade Php 8.2 On Ubuntu 22.04

How to Install or Upgrade PHP 8.2 on Ubuntu 22.04

9 months ago
How To Change Timezone On Ubuntu 22.04

How to Change Timezone on Ubuntu 22.04

1 year ago
How To Install Ansible On Ubuntu 22.04

How to Install Ansible on Ubuntu 22.04

1 year ago

Follow Us

Trending Articles

Disc-Less Xbox Series X

Microsoft Unveils New Disc-Less Xbox Series X with Lift-to-Wake Controller

September 21, 2023

Validator AI: The AI Powered Business Idea Validator

7 Best AI Girl Generators for Creating Realistic and Beautiful AI Girls

Top 10 Advantages of a Cloud VPS Server

10 Best Minecraft Server Hosting Providers in 2023

10 Best AI Prompts for Writers to Improve Website SEO

Popular Articles

Nsfw Ai Story Writers

Top 9 NSFW AI Story Writers to Try Today

September 11, 2023

Create High Quality AI Cover Song with Covers AI

Free AI Script Generators Online to Create High Quality Scripts

How to Make Money with AI: A Step-by-Step Guide

5 FREE AI Email Generators – Automate Your Email Marketing

Top 8 Anonymous Email Account Providers to Protect Your Online Identity

Subscribe Now

loader

Subscribe to our mailing list to receives daily updates!

Email Address*

Name

Cloudbooklet Logo

Welcome to our technology blog, where we explore the latest advancements in the field of artificial intelligence (AI) and how they are revolutionizing cloud computing. In this blog, we dive into the powerful capabilities of cloud platforms like Google Cloud Platform (GCP), Amazon Web Services (AWS), and Microsoft Azure, and how they are accelerating the adoption and deployment of AI solutions across various industries. Join us on this exciting journey as we explore the endless possibilities of AI and cloud computing.

  • About
  • Contact
  • Disclaimer
  • Privacy Policy

Cloudbooklet © 2023 All rights reserved.

No Result
View All Result
  • News
  • Artificial Intelligence
  • Applications
  • Linux

Cloudbooklet © 2023 All rights reserved.