HTTP(S) Layer 7 Load Balancing on Google Cloud with Cloud CDN

Steps to setup Load Balancing on Google Cloud

  1. Enable APIs and create a Service account
  2. Nginx configuration for Load Balancer
  3. Create a Health Check
  4. Create Instance Template
  5. Create a Managed Instance Group
  6. Reserve Global Region IPv4 and IPv6 addresses
  7. Create Load Balancer
  8. Install LetsEncrypt SSL Certificate
  9. Configure DNS and setup Cloud CDN

Support

  1. You can hire me on Fiverr for $5 for professional Google Cloud services and WordPress website development
  2. Support me with $1 on Patreon to create more tutorials on Google Cloud and Wordpress

Prerequisites

Enable APIs and create a Service account

Cloud SQL >> Cloud SQL Client
Project >> Editor

Nginx Configuration for Load Balancer

sudo nano /etc/nginx/sites-available/yourdomainname.com
fastcgi_cache_path /home/username/yourdomainname.com/cache levels=1:2 keys_zone=yourdomainname.com:100m inactive=60m;server {
listen [::]:80;
listen 80;
server_name yourdomainname.com www.yourdomainname.com; if ($http_x_forwarded_proto != "https") {
return 301 https://www.yourdomainname.com$request_uri;
}
error_log /home/username/yourdomainname.com/logs/error.log; root /home/username/yourdomainname.com/public/;
index index.htm index.html index.php;
set $skip_cache 0; if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
if ( $cookie_woocommerce_items_in_cart = "1" ){
set $skip_cache 1;
}
if ($request_uri ~* "/wp-admin/|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $skip_cache 1;
}

if ($request_uri ~* "/(cart|checkout|my-account)/*$") {
set $skip_cache 1;
}
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache yourdomainname.com; fastcgi_cache_lock on;
fastcgi_cache_use_stale error timeout invalid_header updating http_500;
fastcgi_cache_valid 200 302 60m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
fastcgi_pass_header Set-Cookie:Set-Cookie;
fastcgi_pass_header Cookie;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
fastcgi_cache_background_update on;
add_header X-Cache $upstream_cache_status; add_header Content-Security-Policy "img-src * 'self' data: blob: https:; default-src 'self' https://www.googletagmanager.com https://*.google-analytics.com https://www.yourdomainname.com https://*.googleapis.com https://*.gstatic.com https://*.gravatar.com https://*.w.org data: 'unsafe-inline' 'unsafe-eval';" always;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Access-Control-Allow-Origin "https://www.yourdomainname.com";
add_header Referrer-Policy "origin-when-cross-origin" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
}
location ~* \.(jpg|jpeg|png|gif|ico)$ {
expires 365d;
add_header Cache-Control "public";
}
location ~* \.(?:css|js)$ {
expires 7d;
add_header Cache-Control "public";
}
location ~* \.(?:eot|woff|woff2|ttf|svg|otf) {
expires 30d;
add_header Cache-Control "public";
types {font/opentype otf;}
types {application/vnd.ms-fontobject eot;}
types {font/truetype ttf;}
types {application/font-woff woff;}
types {font/x-woff woff2;}
}
}

Connect to Cloud SQL

sudo nano ~/yourdomainname.com/public/wp-config.php

Using Cloud SQL proxy

Using Private IP

define('FORCE_SSL_ADMIN', true);
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';

Create Instance Template

Cloud SQL Proxy connection

#! /bin/bash
sudo apt-get update
sudo apt-get install mysql-client
wget https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 -O cloud_sql_proxy
chmod +x cloud_sql_proxy
sudo mkdir /cloudsql; sudo chmod 777 /cloudsql
./cloud_sql_proxy -instances=INSTANCE_CONNECTION_NAME=tcp:3306

Create a Managed Instance Group

Reserve Global Region IPv4 and IPv6 Address

Create Load Balancer

Backend configuration

Create Health Check

Frontend Configuration

Uploading your own Certificate

sudo nano /etc/letsencrypt/live/yourdomainname.com/fullchain.pem
sudo nano /etc/letsencrypt/live/yourdomainname.com/cert.pem
sudo nano /etc/letsencrypt/live/yourdomainname.com/privkey.pem

Configure DNS and Setup Cloud CDN

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store