Linux servers.

Building a Web Site on Google Compute Engine

The Goal

Here's how I deployed a web site to the Google Cloud Platform. I used FreeBSD for good performance, stability, and minimal complexity. I set up HTTPS with free Let's Encrypt TLS certificates for both RSA and ECC. Then I adjusted the Apache configuration for a good score from the authoritative Qualys server analysis.

My site cromwell-intl.com had been hosted on OpenBSD since the early 2000s. I needed to move it out of the data center where it had been running. The Google Compute Engine looked like a great platform, and it is. It provides high performance, and the price is certainly right!

Google Cloud Platform Free Tier

This move of cromwell-intl.com to Google was the first step, to be a template for putting other sites in the Google Cloud.

The Google Cloud Platform Free Tier has several products that are always free up to some usage limits, with low cost beyond that.

Try Google Cloud Platform and receive $50

The free tier includes one VM with plenty of horsepower for a web site. Their f1-micro instance has a single-core Intel Xeon 2.20 GHz CPU with 614 MB RAM. It's a shared-core machine, you get 20% of a virtual CPU all the time with bursts up to 100%. (That was initially, now it's 100% for at least 15 minutes, with initial bursts of a few seconds at 200%) After your first server, each additional f1-micro machine costs just US$ 3.88 per month.

The free tier f1-micro VM comes with 30 GB of persistent disk storage based on locally attached solid-state drives. Additional storage is US$ 0.04 per GB per month, although 30 GB was more than enough for me.

You get one static external IPv4 address (IPv6 is only available when you are also using load balancers). Ingress traffic is unlimited, and the first 1 GB egress traffic per month is free. Beyond that first gigabyte of outbound traffic, the pricing is kind of complicated but quite cheap.

That first free gigabyte is to all destinations other than Australia and China other than Hong Kong. It's US$ 0.12 per GB to most of the world after that first free gigabyte. All traffic to Australia is US$ 0.19/GB, and traffic to China other than Hong Kong is US$ 0.23/GB.

You could run multiple web sites on the one VM. Then you could bill the individual sites for egress traffic based on data collected in the web server logs.

Reserve an IP Address

Follow Google's instructions to specify your region. I put my server in Oregon.

Now follow their instructions to reserve an external IP address. Below is the view after the VM was running and using the reserved IP address.

Google Compute Engine VPC network settings: External IP address, region, and type.

Set Up DNS

Google Domains provides excellent DNS service. Very high performance, mirrored around the world. US$ 12 transfers a domain from your current registrar to them and adds an additional 1 year of registration. Then it's US$ 12 per year.

Here I have registered cromwell-intl.com by IP address, and set up A and CNAME records.

The A record for "@", meaning the domain itself, defines the IPv4 address.

The CNAME record specifies that www.cromwell-intl.com is really an alias, and the canonical name is simply cromwell-intl.com.

So, regardless of the user's assumption about whether the name has the "www." or not, it resolves to the same IP address. In a later step I will configure Apache to redirect all requests for the "www." version to the simpler name. The search engines will clearly see the site as a single site, not a collection duplicated across two hostnames.

Google Domains settings: DNS address records and setting the time to live.

Deploying the VM

When I first did this, there wasn't a simple point-and-click method to choose a FreeBSD VM image. However, FreeBSD images was available through the freebsd-org-cloud-dev project. Now things are even simpler.

Download and install Google Cloud SDK Try Google Cloud Platform and receive $50

First, install the Google Cloud SDK package on your local system. This gives you the gcloud command-line interface. It modifies your ~/.bashrc file. If you routinely use tcsh, go ahead and set this up and remember to run bash to do any required gcloud steps. Once the server is deployed, I do everything on the server by connecting in over SSH, and tasks about the server through the web interface.

I found gcloud much easier to set up and use than the corresponding AWS command-line toolkit. Once the server is deployed, you can connect with SSH and you seldom need gcloud.

Start by using gcloud to see the list of images currently available from the FreeBSD project: 

$ gcloud compute images list --project freebsd-org-cloud-dev --no-standard-images

FreeBSD Versions

Use -RELEASE.

The -CURRENT series is bleeding-edge development with weekly updates. If you use -CURRENT, you will have to rebuild libraries from time to time when installed software mysteriously quits working.

The -STABLE series hopes to be what its name implies, but there will be bugs, fixes, and improvements along the way. If you want bleeding-edge features of the development series with a minimum of maintenance and instability, use -STABLE. But for a web server, use -RELEASE. 

$ gcloud compute images list --project freebsd-org-cloud-dev --no-standard-images | grep release

Now deploy your FreeBSD server! Change the version as needed, and change web to your desired hostname. The 30 GB disk size is the maximum size for the free tier, it was much more than enough to hold my site. 

$ gcloud compute instances create web \
	--image-project=freebsd-org-cloud-dev \
	--image=freebsd-13-0-release-amd64 \
	--boot-disk-size=30GB \
	--boot-disk-type=pd-standard \
	--machine-type=f1-micro

Now you can start the VM through the web dashboard. It's running!

Google Compute Engine VM image view: The server is up and running!

Set Up SSH

Verify that the virtualized firewall will pass SSH. Let's go ahead and add HTTP and HTTPS, and remove the unneeded rule allowing RDP. We'll also make sure that ICMP is allowed through, so we can do simple tests with ping,

Google Compute Engine firewall settings: Allow SSH, HTTP, and HTTPS connections, and also allow inbound ICMP.

Follow Google's instructions to add SSH keys. You need to paste at least one public key into place. Once it's there and you can connect in over SSH, you can use scp to copy your existing ~/.ssh/authorized_keys files into place. Or, you can do this. The first command is on your local machine, the second is on your cloud server: 

$ gcloud compute ssh web

$ vim .ssh/authorized_keys
[... now copy and paste in your content ...]

This is so much easier and more logical than the maze of menus on GoDaddy!

Testing The Server

Once it's running you can view an overview from the dashboard. That's "Home" in the 3-line menu at upper left in the GCP pages. Here's the view after the site is up. The network traffic graph shows that some clients are downloading pages:

Google Compute Engine dashboard view of project.

Next Step

You can connect in over SSH and see what's going on.

Proceed to the next step to see how to check out and set up the FreeBSD system.

Next step: FreeBSD server in Google Cloud