Ssl – How to setup port forwarding on Google Cloud

google-compute-enginessl

I am trying to forward port 443 (SSL) on an external IP address on a Google Cloud VM, to port 6984 internally (using CouchDB) I am trying to do this so that I may use LetsEncrypt, which requires port 443 available to configure new certs.

I am looking at forwarding rules but see no way to specify a port mapping, only instance mapping.

How can I forward port 443 to port 6984 on a single Google Cloud VM?

Best Answer

What you're referring to is actually called Port Address Translation (PAT), and is not directly supported by Google Cloud Platform.

Instead, you might be able to reconfigure the software in question to listen on the desired port (6984).

EDIT: Let's Encrypt is sunsetting and deprecating TLS-SNI challenges, so you'll need to use HTTP-01 (port 80) or DNS-01 (DNS record) for Let's Encrypt instead -- so, if you use one of those, you can have CouchDB run on any port you want other than port 80.

Related Solutions

SSL Proxy: Forwarding without the encryption

Pretty simple, really. You want a virtual host with encryption, then a proxy to a non-encrypted HTTP endpoint.

<VirtualHost *:443>
    ServerName www.example.com
    SSLEngine On
    SSLCertificateFile /path/to/cert.pem
    SSLCertificateKeyFile /path/to/cert.key
    ProxyPass / http://localhost:9091/
    ProxyPassReverse / http://localhost:9091/
</VirtualHost>

Linux – Unable to visit virtual host over port 443

In ports.conf you need

Listen 443

and in /etc/apache2/sites-enabled/example.com.conf you need:

SSLEngine On
SSLCertificateFile      /path/to/file.pem
SSLCertificateKeyFile /path/to/file.key

where file.pem and file.key are certificate and key

Best Answer

Related Solutions

SSL Proxy: Forwarding without the encryption

Linux – Unable to visit virtual host over port 443

Related Topic