Google Cloud Brokers: Quickly create and configure your first VM virtual machine on the GCP Compute Engine (GCE)
Friends who have bought or used cloud products are faced with such a starting problem: they want to deploy their own website and run a back-end script on Google Cloud(GCP, Google Cloud). As a result, when they enter the console, they are directly persuaded by dense professional terms. What VPC, IAM, extranet IP, instance permissions... It makes people feel big.
The elastic cloud server (virtual machine) in GCP is called
Compute Engine (GCE)
. Its biggest advantage lies in Google's top backbone network all over the world, which has surprisingly low network latency, and extremely flexible configuration, supporting custom CPU and memory accurate to single digits.
Today we don't back the official rules and refuse any nonsense. Take your Google account, let's go directly to the hard core dry goods, hand in hand to take you to configure your first VM virtual machine on GCP, and completely get through the external network access.
The first stage: deep dismantling, the "three core bill defense lines" before the boot"
Before clicking the power-on button, you must build the resource model of this virtual machine in your mind. In GCP, the cost of running a machine is mainly determined by the welding of the following three parts. If you choose the wrong one, you will not only have the performance to pull the crotch, but also the bill at the end of the month will make your flesh hurt.
Machine type (Machine Type): CPU and memory. The new account wants to roll wool or do a light weight test, and identify the e2-micro model.
Boot Disk: The hard disk of the virtual machine. GCP provides SSDs that balance persistent disks (Balanced PD) and extreme speed. The default is 10GB. If you are running a complex Docker environment or with a database, it is recommended to change it directly to 20GB ~ 30GB, so as not to fill up the system disk instantly.
Network (Network/VPC): This is the easiest place to step on the pit. GCP assigns a public IP to your machine by default, but note that the default public IP is dynamic (Ephemeral). This means that as long as you restart the server, the IP address will be completely changed and the domain name you bind will be invalid directly. We have to fix it back.
The second stage: actual combat exercise-start-up start-up five-step quick pass
Open in browser
GCP console (Google Cloud Console)
, the upper left navigation menu to find
Compute Engine-> VM Instance (VM Instances)"
.
If you are using it for the first time, the system will prompt you to activate the Compute Engine API, click Activate, and wait a little for 1 minute.
Click at the top
Create Instance"
Enter the core configuration battlefield.
Step 1: Name and select the machine
Set "Feng Shui Treasure"
Name: Use only lowercase letters, numbers, and hyphens, such as my-first-web-server.
Region and Zone: Extremely important! * If the business is to do cross-border e-commerce, mainly for European and American users, choose us-west1 (Oregon) or us-central1 (Iowa). In the Asia-Pacific region, asia-east1 (Taiwan) or asia-northeast1 (Tokyo, Japan) is preferred, with the lowest delay for domestic visits.
Step 2: Select the precise calculation engine
Advanced configuration (Machine configuration): Series selection E2.
Machine type: pull the drop-down menu to the top and select e2-micro(2-core CPU,1GB memory). It is enough to run a lightweight small website, write a crawler or do development and debugging.
Step 3: Pick the operating system (boot disk)
Look to the side configuration, find "startup disk" and click "change":
Operating system: Ubuntu (version 22.04 LTS or 24.04 LTS) or Debian is strongly recommended for beginners or production environments. The community ecology of these two systems is the largest, and any technical problems encountered can be solved by searching the Internet.
Size: Change to 20GB, click to select.
Step 4: Open the external network firewall door
Go down and find the "Firewall (Firewall)" check box:
Check "Allow HTTP traffic".
Check "Allow HTTPS traffic". Architect Insider: If these two are not checked, the distributed firewall on the outermost layer of Google Cloud will kill all 80 and 443 port traffic from the public network. When the time comes, you will install Nginx perfectly in the server, and people outside will never open your website.
Step 5: Advanced Network Optimization (Make Dynamic IP Permanent)
Don't rush to create, expand the bottom
Advanced Options (Advanced options)-> Network (Networking)"
:
Find the "network interface (Network interfaces)" and click the default interface to expand it.
Locate the External IP Address (External IPv4 address), which defaults to Temporary (Ephemeral) ".
Click the drop-down menu, select "Reserved static external IP address (Reserve static external IP address)" and name it my-server-static-ip.
Click Finish.
Finally, take a deep breath and click on the very bottom
Create"
.
The third stage: witness the moment of miracle-no key, zero threshold
One-click login
After clicking Create, return to the list of instances. In about 20 to 30 seconds, your machine status will turn into a green check box, and the precious public network IP you just reserved will be displayed on the right.
Traditional cloud server login, you need to use your own command to generate SSH key, or to download
.pem
File, and then equipped with a terminal (such as Putty or Xshell) to type the command into it.
In GCP, Google uses its own IAM identity authentication to achieve a real "one-click flash connection"
.
Click directly on the "SSH" button on the right side of your virtual machine.
The browser will instantly pop up a pure black native terminal window. The system automatically completes the generation, transmission, and login of the key pair in the background.
In a second, you're sitting firmly inside this overseas Linux server!
The first thing to do is to execute the following standard update commands from large factories to patch up the system:
Bash
sudo apt update && sudo apt upgrade -y
The fourth stage: the history of avoiding blood and tears in daily operation and maintenance and the norms of large factories
The machine is on and can be connected, but the real enterprise-level operation and maintenance has just begun. The following two bloody lessons are exchanged for real money by countless novices:
1. Completely eliminate port 22 exposure and make good use of GCP default firewall
Although you just checked Allow HTTP/HTTPS traffic, you must be clear that GCP defaults
TCP:22(SSH default port) to open globally (0.0.0.0/0)
.
This means that from the second your machine is turned on, hundreds of hacker scripts around the world have been frantically scanning and trying to violently crack port 22 of your machine.
Advanced specification: now that we can log in with the SSH button of the browser (using Google's internal IAP tunnel), we can go to GCP's "VPC network"-> "firewall" policy and delete the rule that allows global access to port 22, or restrict only fixed IP access in your home. Only when the door is closed and locked can the server be truly invisible.
2. The "cold asset trap" of expense bills"
Many novices have a misunderstanding: "I shut down the virtual machine completely (STOP), it does not consume CPU and memory, does Google not deduct a penny from me?"
Completely wrong!
When you shut down, although the computing resources stopped, but your
The 20GB boot disk is still occupying the cabinet space of Google's physical computer room.
The one you reserved.
Static external IP address is still occupied by you
. Instead, GCP charges a high punitive idle fee for idle static IPs that are "reserved but not bound to a running virtual machine.
Hardcore Stop Loss Advice: If
You don't want this machine at all. You must go to the console and click "Delete" and check "delete the startup disk at the same time" when deleting ". Then, go to the network settings to manually "release (Release)" the static IP ". Only in this way can the hourglass be completely stopped.
Summary
On GCP, the core trick of opening the first VM virtual machine is three:
Use static IP to hold the back of the domain name, use custom hard disk capacity (20G) to prevent the system from blocking, and finally use up the disk with IP destruction to keep the wallet.
.
If you straighten out this smooth and safe boot logic, you will cross the hardest threshold of cloud computing. Next, whether it's deploying Docker containers, building pagoda panels or configuring Nginx, you already have an impeccable solid foundation.