Google Cloud Platform - Compute Engine/App Engine - SSL/HTTPS

2
votes

goal: make my google cloud app ssl

used a prebuilt solution to launch an instance on google's compute engine. i need to upload ssl cert to accept credit cards & more or less do anything. i cannot find a ui or any way to ssl my app/domain with compute engine.

google's app engine has a ui to upload certs but no way to launch prebuilt solutions or transfer apps from compute engine.

also, of course, the domain is registered using google domains and the app is registered to google cloud platform under same account.

thanks -- matt

2
google-app-enginesslhttpsgoogle-compute-enginegoogle-cloud-platform
Welcome to stackoverflow. You're quite that chatty one, aren't you? :-) I had to read your question a couple of times to understand what your're looking for. Since compute engine give you your own VM and an IP you have to install the certificate in your VM yourself (old school). If that gives you a headache you should ask this question over at serverfault.com . That is unless the prebuilt solution offers an upload form for that - in which case you should check the manual of that solution. – konqi

2 Answers

1
votes

You can setup an HTTPS Load Balancer in front of your GCE instances and install an SSL certificate and key there.

https://cloud.google.com/compute/docs/load-balancing/http/

0
votes

A solution which is built for Google Compute Engine likely won't work as-is on Google App Engine (App Etfite expects that you supply code written as a set of HTTP request handlers, but does not support background tasks, running your own database, etc). Since you're already fairly happy with the pre-built solution you installed, it probably makes more sense to customize that rather than replace your solution with one running on App Engine.

You have two options for getting SSL running:

  1. You could use Layer 3 load-balancing, and install and configure the SSL certificates on your server hosts. For example, you could get a certificate from Let's Encrypt, and use their tool to install the cert if you're running nginx or apache. For other software, you'd need to install the cert manually. This is probably the most portable (to other clouds/local machine) solution, but requires that you secure your SSL certs and maintain that software.

  2. You could create a SslCertificate resource and attach it a Layer-7 load balancer provided by Compute Engine (TargetHttpsProxy). To do this, you would set up HTTP load balancing after uploading your public and private certificate to Google. This solution can take advantage of Google's caching and scaling infrastructure and can support health checks to verify that your application is up, but the details will vary more across different service providers.