How to host a website on Google Cloud and add a security certificate

If you are taking the plunge from Godaddy/ Host Gator shared or virtual private hosting to a more secure (cheaper and scalable) Google Cloud (or Amazon AWS), following steps will be useful. Though the steps are tailored for Google Cloud Compute Engine LAMP instance, modifying them for Amazon AWS is not very difficult.

Arani

Section A: Create a Google Cloud account

(Skip this if you already have one)

Before hosting, you would need to create a Google Cloud Compute Engine instance.

  1. Visit cloud.google.com and create an account. You will be required to enter your credit card details to enable billing. However, you will receive a $300 credit that should last you about a year if you run your LAMP stack with the standard settings.
  2. Visit the Console Marketplace (on left menu) https://console.cloud.google.com/marketplace
  3. Search for LAMP Stack and click on the one by Google Click to Deploy
  4. Go ahead with the standard settings (10GB , 1vCPU and 3.75 GB memory)
  5. Note down the external IP. This points to /var/www/html on your server. All you files need to be stored in this folder

Section B: Create a SSH key to connect to the server from your local computer

For Windows, you will require GitBash terminal. (PuTTYgen for Windows can also be used but since it generates SSH keys using a windows format, it leads to compatibility issues at times. It’s preferable to use GitBash over PuTTYgen)

For Mac,

  1. Open your terminal and generate a new key
ssh-keygen -t rsa -f ~/[KEY_FILENAME] -C [USERNAME]

This generates a private and a public key.

2. Restrict access to the private key

chmod 400 ~/[KEY_FILENAME]

For both Mac and Windows users

3. Open the public key in an editor and copy the contents. It should have the following format

ssh-rsa [KEY_VALUE] [USERNAME]

4. On Google Cloud Console left menu, goto metadata and click on SSH Keys. Click Edit and paste the contents. Save it.

You can also find the steps here.

Section C: Host a website

  1. Buy a domain
  2. Change A records to point the server (to the external IP — 35.238.134.134 in this case)

 

3. Login to the Google Cloud server

ssh -i yourkey user@35.238.134.134

4. Navigate to folder where you would like to upload the website’s files

cd /var/www/html/folder/projects

You can keep your files in any folder inside /var/www/html (I like to keep mine in /folder/projects inside the html folder)

5. Create a folder for the website’s files

sudo mkdir equitableglobalisation

6. Give it necessary permissions

sudo chmod 777 equitableglobalisation

7. Go back to root

cd \

8. Navigate to Apache

cd /etc/apache2/sites-available

9. Duplicate the default config file

sudo cp 000-default.conf equitableglobalisation.com.conf

10. Open the file in vi editor

sudo vi equitableglobalisation.com.conf

11. Press — i — to get into insert mode

12. Change the following (uncomment if necessary)

ServerName www.equitableglobalisation.com
ServerAlias equitableglobalisation.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/folder/projects/equitableglobalisation

13. Press ctrl+c to get out of insert mode

14. Press :wq! to save the file

15. Enable the site

sudo a2ensite equitableglobalisation.com

16. Reload apache

sudo service apache2 reload

17. Go back to root

cd \

Your website is now hosted but it will be served only over http. To add a security certificate, perform the following steps.

Section D: Installing a security certificate

  1. If you have certbot installed, type the following command. If you have the latest one (late 2019) or don’t have it, skip this
sudo apt-get remove certbot

2. Install and update certbot (make sure you are in the root. Step 17 of Host a Website)

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

2. Install certificate. You can choose the operating system and server. (In the case of the instance we deployed, it will be the OS will either be Debian 8 or 9 and the server will be Apache2. The following instructions are for Debian 8)

sudo ./certbot-auto – -apache

When asked for domains, type numbers separated by comma of both domains — with or without www

When asked for redirection, choose 2 to redirect all traffic to https

3. Enable auto renewal (or run this command once in three months since certbot certificates are issued for three months only. You can run a cron job with this command as well if you want)

sudo ./certbot-auto renew — dry-run

You can find more information about certbot here

Section E: Upload website files from local computer to Google Compute Engine

Open Dreamweaver or the SFTP software of your choice and add a new site. You would need the private key file that you generated, the username and the server IP. Root directory is the path to the folder that you created while hosting

The steps keep changing. I will try to keep this up to date with the latest command. If you have any questions, ask me in the comments. Will try my best to answer on time.

If you need help to switch to Google Cloud or Amazon AWS or have an interesting project, you can reach out to us at iarani.com We help organisations around the world in their Digital Transformation journey.


Can you spare a moment, please?

Was this content useful?

Get regular updates on how to practice consent and resources for your children