WordPress in GCP Free Tier – Quick Start

This article provides a super-quick process for creating a WordPress site in the Google Cloud Platform (GCP), suitable for use in CGP’s free service tier. I found that creating a VM instance from the Google Cloud Platform Marketplace is much easier than building out WordPress straight from a GCP VM instance.

This article assumes a familiarity with IP networking and Linux.

First, create an External IP address for your WordPress VM. One External IP address is included in GCP’s free tier.

console.cloud.google.com > VPC network > External IP addresses > Reserve static IP address

Name, or note the name of, the External IP address, so you can attach it to the VM instance.

Next, launch a WordPress instance from the GCP Marketplace; use the f1-micro machine type if you wish to take advantage of GCP’s free tier. The f1-micro instance may seem under-powered, but in my limited testing, it is faster than my websites hosted on a shared hosting provider. YMMV.

console.cloud.google.com/marketplace/product/click-to-deploy-images/wordpress > Launch
Machine type: micro (1 shared vCPU; 0.6 GB memory, f1-micro)
Add Network Interface: select your External IP address as the External IP
Check Allow HTTP traffic from the Internet
Check Allow HTTPS traffic from the Internet
Deploy

Once the WordPress instance is deployed, you will be shown a list of URLs, usernames, and passwords associated with your WordPress instance (like the wp-admin URL and the default WordPress “admin” credentials) and the accompanying MySQL database details. Record these; you can find many (but not all) of this information if you drill down into the “VM instance details”.

Access your VM either via the Google Cloud Shell or via SSH; “SSH connections to Linux VMs” has the details. As a putty user, I found “Connecting to VMs using advanced methods” and “Installing the public key as an authorized key on a server” helpful.

At this point, you are ready to start configuring WordPress. But one last batch of commands will be useful to configure your new WordPress instance for SSL using LetsEncypt. The “Setup Free SSL for WordPress on Google Cloud” and “certbot instructions” links were helpful. Of course your DNS plumbing needs to in place first.

root@wp-vm:/tmp# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 9.13 (stretch)
Release:        9.13
Codename:       stretch

root@wp-vm:/# apt update
root@wp-vm:/# apt install dnsutils telnet tcpdump
root@wp-vm:/# apt install snapd
root@wp-vm:/# snap install core
root@wp-vm:/# snap refresh core
root@wp-vm:/# snap install --classic certbot
root@wp-vm:/# ln -s /snap/bin/certbot /usr/bin/certbot
root@wp-vm:/# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated)  (Enter 'c' to cancel): uniyatra.com,wp.uniyatra.com,www.uniyatra.com
Requesting a certificate for uniyatra.com
Performing the following challenges:
http-01 challenge for uniyatra.com
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf
Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf

root@wp-vm:/# certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/uniyatra.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Account registered.
Simulating renewal of an existing certificate for .uniyatra.com
Performing the following challenges:
http-01 challenge for uniyatra.com
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/uniyatra.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
  /etc/letsencrypt/live/uniyatra.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

root@wp-vm:/# tail -1 /etc/crontab
45 2    * * 6   root    /usr/bin/certbot renew && /etc/init.d/apache2 restart

Then the requisitite testing:

root@wp-vm:/# /usr/sbin/apache2ctl -t
 Syntax OK
 root@wp-vm:/# /etc/init.d/apache2 restart

and just for the record:

root@wp-vm:/# grep letsencrypt /etc/apache2/sites-available/000-default-le-ssl.conf 
 Include /etc/letsencrypt/options-ssl-apache.conf
 SSLCertificateFile /etc/letsencrypt/live/uniyatra.com/fullchain.pem
 SSLCertificateKeyFile /etc/letsencrypt/live/uniyatra.com/privkey.pem

Leave a Comment

Your email address will not be published. Required fields are marked *