How to Setup a SSL for Google Cloud Storage hosted Site?

Google Cloud Storage (GCS) is fantastic to host a static website, and I explained the procedure in my previous article.

There are two possible ways you can access the GCS hosted site.

• Using Google Storage domain, ex – storage.googleapis.com/yourdomainname
• Through custom domain

Accessing through google storage domain is by default having SSL enabled. However, when you intend to use a custom domain, then you got to find your way to configure SSL.

In other words, GCS doesn’t enable SSL on a custom domain.

There were many questions if there is a workaround to get SSL/TLS enabled on a custom domain, so it’s accessible over HTTPS.

The good news is, you can do it.

Let’s see how…

I assume you already have a site hosted in GCS, and your website is accessible over HTTP. I’ve set up my lab domain (techpostal.com) to GCS.

Let’s make it accessible over HTTPS.

Using Cloudflare – FREE Solution

One of the quickest ways to implement SSL in FREE is by routing traffic through Cloudflare. Cloudflare got many advances from security and performance, and I personly use and love it.

You can get it started in FREE (yes, SSL is provided under a free plan).

• Create an account at Cloudflare
• Click “Add Site”
• Enter the site name and click “Begin Scan.”

• It will take a few seconds, and you will notice the scan status is completed. Click continue setup

• Cloudflare will scan the existing domain record and show you, so you don’t have to add them manually. If some entry is missing then add them else click Continue

• Select the plan and continue
• Change the name server of your domain to Cloudflare at your domain registrar.

By changing the name server, you route your website traffic to go through the Cloudflare network. Once the name server is updated, click continue.

• It will take some time to get the DNS updated, and once done, you will notice site status becomes active.

This concludes site is ready to take full advantage of Cloudflare, which includes free SSL.

By default, when you add a site to Cloudflare, it’s accessible through http://, https://, www, which you may not want.

A good practice is to serve website content through one protocol only, which is HTTPS, in this case. To achieve that, we will set up page rules which will take of necessary redirection.

I assume you are still logged into Cloudflare

• Go to Crypto tab
• Scroll down and turn ON “Always use HTTPS.”

With the above settings, all the requests with “HTTP” will be redirected to “HTTPS.”

• Next, let’s on the automatic HTTPS rewrites.

• Try to access your website, and you should see it’s accessible over HTTPS.

Cloudflare solution is probably one of the easiest ones.

Using Google Load Balancer

If you don’t want to use Cloudflare for some reason, you can leverage Google Cloud load balancer (LB), which allows you to terminate SSL handshake.

The following needs to be done.

• Provision Google Cloud HTTP(S) Load Balancer
• Implement SSL (refer the guide)
• Configure LB backend as a Cloud Storage Bucket

• Update Domain A record at DNS registrar to point to Google LB Front-end IP

Verify your website through https://

Google LB also gives you an option to enable their CDN. So if you are ready to spend a few $$, then you may explore having LB in front of the cloud storage bucket to serve the static website.