Google Cloud - configure HTTPS Load Balancer in few minutes

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey guys this is stomach from storage week.net in this video i want to show you how you can configure the https load balancer using the google manage ssl certificate let me first explain the environment i already created the instance group and you can find the link in the description to see how you can do that with the simple two instances saving on http page with the welcome message hi-firm and the instance name to see that the load balancer is actually balancing the load between both instances so there is a very simple web template which i also created in my previous video with the startup script the startup script installs apache2 php7 and put two pages one with the welcome message and the other one with the test.php to put some stress tests on the instance group to check the load balancing and auto scaling functionality that's all been done in the previous video there's also the http load balancer as you can see it's fully functional and when we visit that uh one page is responding after a couple of refreshes the other one again the first one so the load is balancing between two nodes all right so without the further ado let's go ahead and create the https load balance side to secure the communication between the end users and load balancer so i'll create a brand new https load balancer the same steps as previously let's give it a name with web server https lb the backend configuration i can create a new one but since i do have already backend service created i will just choose the one i do have in the host and pathfields there are some advanced options as you can see but in my case i don't need to take advantage of them it might be more useful in more complex situations so let's leave it as simple host and path rule for the frontend configuration let's give it a name i will call it web server https ip and change the protocol to https notice the port is also changed to 443 and we have to select the certificate so the way how the traffic will be secured i will go ahead and give it a name my ssl set seems to be okay i will create google manage certificate i have to specify the domain name i'm owning this is cloud.xyz and this is the one i'm going to use you can specify more domains or some sub domains for example www or about to my knowledge as of today you cannot put wildcard over here maybe this will change in the future anyways once the certificate is created let's save it and let's review our https load balancer configuration let's just confirm the front end configuration since the port is okay certificate is okay let's review the https load balancer setting as you can notice the half check of instance group is already green and let's click create now it will take some time before the load balancer is fully operational but if we refresh the page after a couple of seconds up to a minute it should already be available to go ahead and check the details even to find the ip address of our load balancer inside and i'm going to need to use this ip address to continue and configure the domain i use for the certificate okay the front end configuration is not yet ready let's try to refresh just to clear uh what i did with the domain when you create the ssl certificate it has to be connected with the domain name and the one i used the this is cloud.xyz it's just the one i bought there was a good price for it and i just bought it to use it in the lab environment so let's copy the ip address of our newly created load balancer and let's configure the domain to point to this rp address so first i will create the dns zone i will call it this is cloud xyz zone i think the dot is an issue here but that's okay it's just a name in the dns name let's go let's use the full domain name and create now the zone is created i'm going to use i'm going to add two records one of type a to point to the ip address of my load balancer and let's paste the ip address i have in the clipboard oh but without the port number with just the ap address ip address over here so let's save it and let's create another record type of cname to point www to the main domain as well so www type c name and point the canonical name to this is cloud.xyz just remember about the dot at the end over here okay once this is done i will have to update my domain provider with the name servers that i see on the screen you can even go for the registry setup and see which name service you have to use for the domain okay since the domain is configured outside of google cloud i did it already on my own but to show you this is done let me go for the who is information of my domain so i will navigate to the words page provide the domain name just remember this is page outside of google right so let's search for the domain and let's check the name server configuration and as you can see those are the four given to me by google the order might be different but it doesn't matter to be honest even not all four of them have to be configured it's just better if all four of them are okay so let's review what we've done the web server https load balancer is configured the certificate is still provisioning we created the dns zone and a record to point to this load balancer and we updated the domain information to point to the correct name servers now the page will still not be available it will need couple of hours maybe even up to a day to propagate all the information across the internet as you can see i cannot access the page and the pink will not respond yet i would be really surprised if it responds but it doesn't that's okay let's give it an hour and check again okay after one hour before we continue just to explain the subdomain i set it up and certificate but to make sure it will be responsive i added the scene name record in my dns as configuration just as a placeholder the subdomain will navigate to the main page it might be used in the future so let's refresh the page and see if the certificate is already provisioned and and it is it's active and we can see the expiration day and the certificate issuer regarding the expiration you don't have to worry about it because this is google managed so it will be recreated automatically let's see if the domain is responsive from the dns point of view and it is we can reach our domain via ping so let's see if the page will reload and as you can see this and as you can notice the communication is secured because the certificate is installed on our load balancer so the communication between end user and our load balancer is secured with the google trust services certificate the communication internal communication between the load balancer and our back-end service our instance group isn't but that's how we configured that in this example as you can see when we refresh the pages we hit one and the other instances of the instance group we can access the subdomain i configured so everything works according to according to the plan okay so i think that's it for today i showed you how easy it is to configure the https load balancer with google manage ssl certificate thanks for watching i hope you enjoyed that if you've got any questions or comments just post them below the video i will do my best to answer all of them in the next one i will show you how you can update the instance group using the rolling update option thanks and bye

Info

Channel: storagefreak

Views: 39,787

Rating: undefined out of 5

Keywords:

Id: 0qXM7kHlk1U

Channel Id: undefined

Length: 9min 36sec (576 seconds)

Published: Mon Jul 13 2020