The New Method to Setup SSL Certificates using Google Cloud Platform

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

what's up guys this is Tim and in this video we're going to go over the easiest way to make your application SSL compliant and to install an SSL certificate now this is not going to be using the kind of legacy approach where you go to a domain registrar you purchase a search for a year or two years yeah you verify that the cert is on your server they generate a token and you do the handshake and you don't do any of that stuff and and the reason I'm excited about this is I've spent so much time installing SSL certificates it's always a headache it's always slow it's never fun and Google has come out with a way to support SSL on api's websites any sort of web application that's public facing they've come up with a super easy way to install SSL certificates that I want to show you guys how to use and so in this tutorial we're gonna be going through exactly how to set that up and how you may after this tutorial never have to install another SSL cert again we can only hope anyways guys let's get started so this instance here that this is a compute engine instance host my web site so if I go to this IP address it will return my web site although we are on HTTP and so the goal of this video is to get this over to HTTPS and also hooked up with my domain and it's pretty pretty easy to do in in GCP so let's get started here so you can't point you can't point a load balancer to a particular VM instance in GCP you have to point to an instance group so what I'm going to do is I'm going to add this to an instance group but before I do that let me just show you something real quick about this VM instance I just want to make sure people don't get hung up on this so instances follow various templates operating systems protocols etc we want to make sure we're allowing traffic on both HTTP and HTTPS in order that the ssl start is going to work for this so let's just make sure we have that enabled let's go over to instance groups I'm gonna say create instance group and I'm gonna do unmanaged and we're gonna do we're just gonna call this whimsical instance group this is mostly a formality you can have a single VM instance in an instance group so it doesn't really change anything at the end of the day but this is just how it has to be set up in GCP and then we'll just immediately add our instance so whimsical website - is that VM instance I just showed you guys and I go ahead and create this the idea here is for an instance group as you're scaling up you could just copy VM instances and add them into the group and then the load balancer can you know run an algorithm to distribute traffic amongst the various instances and it can run health checks and and spin up new instances Auto scale etc it's pretty nifty but that's that's kind of beyond what we're trying to do here okay so we have this instance group and in it we have a single instance which is again the website that I just showed you guys so we're good on the hosting front just just if you guys were curious like what's actually going on on this instance I have nginx installed and nginx has a couple HTML pages when you curl localhost or you curl 127.0.0.1 you'll get this this website returned and but but again we're using the IP directly here and now we want to want to integrate the the domain and seltzer so let's do that so I'm going to go over to Network Services and what we want to do is we want to create a load balancer again we're primarily using it in the scenario for the SSL cert support that it's going to provide us but as you scale you get all these additional capabilities with caching and a bunch of other things so we're gonna do create load balancer it's gonna be an HTTP load balancer and this is an external facing load balancer all right let's call this whimsical load balancer now there's a bunch of different components to this because you're essentially you're gonna make the connection from the domain DNS to the instance group to the VM and so let's it'll just walk you through it here let's start with the backend configuration so back in services and back in buckets what's the backend for us it's that compute engine VM or the instance group which is the level above it so let's do back-end services and we actually have to create a back-end service but this is pretty easy so let's call this whimsical back-end it is of type instance group okay so for here the backend is actually going to be HTTP and basically what that means is the domain is going to make a connection with the front end of the load balancer and that will all be supported with SSL and then Google is going to do SSL termination after that and internally it will make trettel make requests over HTTP because at that point we're already in a secure region so we can leave that as is let's see here yeah so these should all be correct so we may have to create a health check so I'm gonna go create health check and let's call this whimsical health check what is this this is just a way for the load balancer to ping the VM and make sure that it's still available and it will do it at a specified interval and you can make it like do anything I'm just gonna say make a request make an HTTP request to the - forward slash which would be the homepage if you get a response then consider consider everything up and ready to go so we will do I don't think we need to do that frequently okay let's go ahead and save this and then we'll go create alright so we have our back-end let's take a look at let's take a look at the front-end now so the front-end is where we want HTTP so we're gonna call this front and whimsical protocol we want HTTP in order for Google to create a certificate the the front-end IP address has to be it can't be a feminine to be a static reserved IP so we're gonna say create IP okay so this is my favorite part the SSL certificate so you can upload a cert and do all that or you could just create a cert right here so we're gonna do create new cert we're gonna call this whimsical new cert and we're gonna do Google managed and then we're gonna throw our domain in here so whimsical die and they're gonna take care of everything so they're just spun up a cert and they're gonna manage it and we don't do worry about any of that I think that's it so I'm going to go to done okay we have our front-end now let's go to review and finalize so everything does look good to me so let's go to create okay it looks like that's done loading so we're gonna click into our load balancer and we'll click into cloud DNS so it will it will give us a zone here with the with the NS records but we need to create an a record so they already created this one here but I don't think it's right it needs to point to the front end IP address of the load balancer which is this guy right here so again the a name points to the front end IP address okay and okay so that should be all we need to do here and then the only other step is wherever you registered your domain whether it be GoDaddy or Namecheap or something there's a DNS section and you just supply three or four of these name servers and then it will point to Google because the request first goes to global the global DNS which will be maintained by your domain registrar and then they will forward it to your hosting provider which would be Google here and then it comes in bound to Google's DNS and then Google says okay the a name is the front end of the IP address the IP the the load balancer which is the front the front end IP here then proxies it back to the back end instance group and then to the actual instance itself so let's see if we can get this to work now that we have everything set up here so okay so I had to flush my DNS again there's different ways to do it on a Windows Mac and then I opened an incognito window the point is there is a little bit of propagation time here so you can either wait it out or you can try to use incognito windows and flush your local DNS that did work for me so so yeah now that we had the cloud DNS set up that the a name set up in here and the domain was already pointing to these name servers I could do new incognito window and if I go to my domain whimsical dot a I you can see we have perfect SSL support and and now it's running on it's running on SSL here and I just think this this approach is way easier than having to like by assert and/or reinstall a cert if we find that we don't need this anymore we can get rid of it and stop paying for it so it's just better payment model paper use and just a lot lot easier and I can tell you I won't be setting up SSL certs manually anymore all right and that's all I have so thank you for listening

Info

Channel: Refactored

Views: 34,271

Rating: undefined out of 5

Keywords: lets encrypt, ssl certificate, google cloud platform, ssl, https, how to setup ssl, tutorial, nginx, google load balancer, google managed ssl, website security, port 443, decrypt, rsa, tls, Comodo, 256-bit, google cloud ssl, PositiveSSL, qualys, SHA256, cipher suite, ssl labs, namecheap, free ssl, google cloud wordpress, google cloud wordpress ssl, ssl certificates, bitnami wordpress, bitnami ssl certificate install, wordpress https, ssl google cloud

Id: sTDVsMUegL8

Channel Id: undefined

Length: 13min 13sec (793 seconds)

Published: Sat May 16 2020