Wordpress Gcloud Load Balancer HTTPS front end, but IP on port 80 still open on the back end-CodePudding

I'm trying to put a simple Wordpress site on Google Cloud with SSL.

I set up a load balancer using an instance group, as described here: https://docs.bitnami.com/google-templates/how-to/configure-lb-ssl-google-templates/ except I used one-click deployment instead of bitnami.

unmanaged instance group with the vm as a member
load balancer with the instance group on the backend, port 80
front end HTTPS, port 443

The front end works, this is my test site: https://thescanclub.com

However, insecure access is still possible to the backend I.P. and also the database! I must have left out a firewall or something. How would you fix this?

Back end IP to the vm: 34.150.136.72

PS... this is a small test site and may get a new vm if I have to redo it.

CodePudding user response：

The Google Managed Certificate that you created resides within the Front End of the Load Balancer. This means that it will only use the Google's SSL certificate, and redirect from HTTP to HTTPS when you access your Wordpress site through the Load Balancer's front end IP address or through the domain (thescanclub.com).

Digging the A record of your domain, you'll see that it is not pointed to the VM's public IP but rather to a different one which I presume is the HTTPS Load Balancer's front end IP.

If you wish to access the website directly from the VM's public IP, then it will be best to set up a letsencrypt SSL certificate within the Bitnami instance and set up the HTTP to HTTPS redirection through it. Hope you find this documentation helpful.