(GCP Cloud CDN) bucket http works but https doesn't - google-cloud-platform

I have set up a CDN by following this document: https://cloud.google.com/cdn/docs/setting-up-cdn-with-bucket
http (with port 80)
https (with port 443) with a google-managed certificate
example.com is pointing to the load balancer's ip adress (google domains)
the certificate says example.com is active
simple index.html is in the backend bucket
I can load http://example.com fine but it is insecure. When I load https://example.com on chrome I get the following:
This site can’t provide a secure connection
mydomain.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Can somebody help me set up Cloud CDN with https using GCP storage?
EDIT: trying adding AAAA following How do you serve a static website using Google Cloud CDN, Google Cloud Storage, and a custom domain?
Requestor Pays was already off
The permission was to allUsers with Storage Object Viewer
EDIT2: adding AAAA didn't work for me
EDIT3: Got rid of AAAA. It is working now... I guess it takes quite long

Yes, depending on your domain provider. Normally, the longest takes up to 78 hours.
You need to enable the http-https redirect. You need to configure the http frontend, and there you have the option to enable the http-https redirect.
I would assume that you did not add the external IP of the Load Balancer as one of the domains accepted by your SSL certificate (and you shouldn't have to), so it will not really load the page via https://(LoadBalancer-IPAddress)

Related

Cloudfront domain defaults to HTTP when HTTPS is available

Similarly to other stacks, I have hosted a website using AWS services:
Registered domain on Route 53 (example.net)
Content is hosted on an S3 bucket
Got an SSL certificate using AWS Certificate Manager
Created a CloudFront distribution, pointed it to S3 and connected it to my domain with Route 53.
All of this works except for an issue at what seems to be the final hurdle. When I enter my domain url into the search bar, example.net, the connection isn't secure by default. I've illustrated the problem here.
I'm relatively new to hosting and can't find a solution relating to this. My thoughts are that I'm missing some Cloudfront or Route 53 configuration, since another thing that doesn't work is connecting via www (I don't care about that issue as much). Any input is appreciated.
By default enabling HTTPS on a website doesn't disable HTTP. They are both available, on separate ports. That's why you have to type https:// in the browser's address bar to go directly to the HTTPS version of your website. You can get CloudFront to redirect all HTTP requests to HTTPS by following this guide.

Google Cloud Storage web hosting: redirect http to https

I'm hosting a static website on a Google Cloud Storage bucket. The bucket is named as my domain:
www.example.com.
I also have a single Cloud Load Balancer forwarding rule on GCP with my bucket configured as its backend.
I'd like to configure my load balancer so that each request to HTTP protocol is redirected to HTTPS.
What is the simplest method to achieve this behavior?
Thanks
Hosting website on a bucket can be done by following this link. On the same page it's mentioned that if you want to redirect from HTTP to HTTPS then you need to set up additional HTTP-LB with a redirected setting in the URL map. Here is the step by step process to setting up redirection from HTTP to HTTPS.

Getting net::ERR_CERT_COMMON_NAME_INVALID when accessing AWS ALB

I am trying to access my AWS Application Load Balancer(ALB) but I am getting a net::ERR_CERT_COMMON_NAME_INVALID instead.
Current Scenario:
ALB has an HTTPS:443 listener (only one listener is present) with an SSL Certificate provided for my domain example.com & *.example.com.
I would be more than happy to provide any further details required to support my query.
Thanks in advance.
This comes down to one of the following scenarios:
The SSL certificate attached to the load balancer does not include the domain you're expecting it to. For wildcards remember that *.example.com will only cover a single level subdomain such as www.example.com not secondary levels such as beta.www.example.com.
The domain you're accessing with the browser is not supported on the SSL, you need to ensure the SSL is valid for that domain only (if it redirects to another domain or you're trying to access via the load balancer domain name it will not be valid).
You should be able to get some more information about the error by running the below.
curl -i -v https://example.com

Cloud Run deploy to GKE cannot change URL

When we create a cloud run service and run it on GKE it does not seem to be possible to change the URL or to map a custom domain to the service.
The domain is currently http://stacko-gke.default.example.com
and the service is https://console.cloud.google.com/run/detail/cluster/us-central1-a/crun/default/stacko-gke/metrics?project=stack-123456
We had to use the CURL trick to specify a host header and that worked, but I would need to be able to change the host for DNS to work properly, please advise.
You have 2 options on Cloud Run:
Create a domain mapping for each Service, and map your DNS: https://cloud.google.com/run/docs/mapping-custom-domains
If you are using HTTPS, the following considerations apply:
For Cloud Run, a managed certificate for HTTPS connections is automatically issued when you map a service to a custom domain. Note that provisioning the SSL certificate should take about 15 minutes. You cannot upload and use your own certificates.
Change the base domain from example.com to your own domain https://cloud.google.com/run/docs/gke/default-domain and create a wildcard A record (*) pointing to the IP address of your istio-ingressgateway.
For Cloud Run on GKE, only HTTP is available by default. You can install a wildcard SSL certificate to enable SSL for all services mapped to domains included in the wildcard SSL certificate. For more information see Enabling HTTPS.
You can map multiple custom domains to the same Cloud Run service such as example.com or www.example.com

Google Cloud Platform Bucket SSL Settings

I think my problem is the same as this one: (sorry for the duplicate)
Google Cloud Platform Bucket: serving content with custom domain over https
But, here my settings.
First, I created a custom subdomain : cdn.domain.com to have a SSL certificat. (to use it after)
I created a bucket, named cdn.domain.com
I created a Cloud DNS and add a A record to point to my load balancer's IP
And here is my load balancer configuration:
Http and HTTPS (with my certificat)
HTTPS certificat
So, is that possible to help me to setting my CDN please ?
https://35.227.242.87/web/build/css/select2.min.css it is unsecure :/
Change Google IP by my custom domain cdn.domain.com ?
https://cdn.domain.com/web/build/css/select2.min.css is that possible ?
Thank you very much.
[SOLVED] 2018-04-18
I did it. So, this is my configuration:
1 SSL certificat for my domain (cdn.domain.com)
no custom domain in google cloud
Added a load balancer with HTTP & HTTPS protocol and static IP on my bucket storage.
changed my domain DNS (cdn.domain.com) to point to my load balancer static IP
It's done and it works, very easy :)