The Google Cloud Storage documentation states :
If you want the test.example.com to serve the same content as is served from www.example.com, add a CNAME record that aliases "test" to "www". A separate bucket is not needed in this scenario.
https://cloud.google.com/storage/docs/website-configuration?hl=en
With the alias CNAME in place (on Google Cloud DNS) the following error is being thrown by the Cloud Storage :
<Error>
<Code>NoSuchBucket</Code>
<Message>The specified bucket does not exist.</Message>
</Error>
Has this behavior changed and the documentation hasn't been updated ? Or are there any additional steps required to make this work ?
I was able to reproduce the same issue. As confirmed with the engineering team, CNAME > CNAME > bucket is not possible which is the opposite of what the documentation is saying. I was able to file a request for the documentation change which should be modified soon. As a workaround, creating a new bucket with the subdomain will resolve your issue.
CNAME is equivalent to your sub domain. Please use the step by step procedure from Google Cloud Platform Documentation. See below:
https://cloud.google.com/dns/docs/quickstart
Related
I am newbie at cloud servers and I've opened a google cloud storage to host image files. I've verified my domain and configured it, to view images via my domain. The problem is, same file is both accessible via my domain example.com/images/tiny.png and also via storage.googleapis.com/example.com/images/tiny.png Is there any solution to disable access via storage.googleapis.com and use only my domain?
Google Cloud Platform Support Version:
NOTE: This is the reply from Google Cloud Platform Support when contacted via email...
I understand that you have set up a domain name for one of your Cloud Storage buckets and you want to make sure only URLs starting with your domain name have access to this bucket.
I am afraid that this is not possible because of how Cloud Storage permission works.
Making a Cloud Storage bucket publicly readable also gives each of its files a public link. And currently this public link can’t be disabled.
A workaround would be implement a proxy program and running it on a Compute Engine virtual machine. This VM will need a static external IP so that you can map your domain to it. The proxy program will be in charged of returning the requested file from a predefined Cloud Storage bucket while the bucket keeps to be inaccessible to the public.
You may find these documents helpful if you are interested in this workaround:
1. Quick start to set up a Linux VM (1).
2. Python API for accessing Cloud Storage files (2).
3. How to download service account keys to grant a program access to a set of services (3).
4. Pricing calculator for getting a picture on how much a VM may cost (4).
(1) https://cloud.google.com/compute/docs/quickstart-linux
(2) https://pypi.org/project/google-cloud-storage/
(3) https://cloud.google.com/iam/docs/creating-managing-service-account-keys
(4) https://cloud.google.com/products/calculator/
My Version:
It seems the solution to this question is really a simple, just FUSE Google Cloud Storage with VM Instance.
After FUSE private files from GCS can be accessed through VM's IP address. It made Google Cloud Storage Bucket act like a directory.
The detailed documentation about how to setup FUSE in Google Cloud is here.
There is but it requires you to do more work.
Your current solution works because you've made access to the GCS bucket (example.com), public and then you're DNS aliasing from your domain.
An alternative approach would be for you to limit access to the GCS bucket to one (possibly several) accounts and then run a web-server that uses one of the accounts to access your image files. You could then also either permit access to your web-server to anyone or also limit access to it.
More work for you (and possibly cost) but more control.
I am trying to give the Google CDN service account access to my bucket as said here: https://cloud.google.com/cdn/docs/using-signed-urls
gsutil iam ch serviceAccount:service-{PROJECT_NUMBER}#cloud-cdn-fill.iam.gserviceaccount.com:objectViewer gs://{BUCKET}
But the response is:
BadRequestException: 400 Invalid argument
Adding it via the cloud console is also impossible, it says "Email addresses and domains must be associated with an active Google Account or Google Apps account."
Am I missing something or is this a bug?
The Cloud CDN cache fill service account is created when you enable signed URLs. The error message suggests there's a problem with the project number or you haven't yet enabled signed URLs for that project. You can enable signed URLs by following the instructions at https://cloud.google.com/cdn/docs/using-signed-urls#creatingkeys. Make sure you enable signed URLs for a backend service or backend bucket in the same project you specify in the gsutil command.
So, I've spent about 5 days searching for an answer here and on Google Docs, including having one of their support people help me. My domain still doesn't resolve to the website.
For the record, the website works if I use the ugly url (http://storage.googleapis.com/7thgradeplay.org/index.html).
I have transferred the domain to google domains, days ago.
I have verified the domain with Google Search Console. Billing is enabled and accruing. Public_html is set on all files and folders.
I am using Google Domains name servers. I am not using Google Cloud DNS.
Per Google support:
Synthetic Records: 302 redirect #.7thegradeplay.org to www.7thgradeplay.org
Custom Resource Records: www CNAME 7thegradeplay.org
Does this matter? storage bucket name is 7thegradeplay.org.
I think that's about all the config I've done.
All of these changes were done on Friday (3 days ago), and I still get a 404 error when I try to go to the website. I have followed the instructions and tried to troubleshoot with these pages:
https://cloud.google.com/dns/troubleshooting
https://cloud.google.com/storage/docs/hosting-static-website
The only thing I varied was the name of the bucket in storage. I used a bucket name without the leading 'www.' Please don't tell me this is all it takes to break it.
All help is appreciated.
P.S. I added a bucket called www.7thegradeplay.org with all the same files. Waited 15 minutes. still 404 error.
P.P.S. I found an answer, but it didn't work: Connect Google domain to Google Cloud Bucket.
I will retry step #5 in the PPS above tomorrow, after the PS change has had time to 'stew'.
Again, any help is appreciated.
Your bucket name needs to match the URL exactly, so if you're visiting www.7thgradeplay.org, the bucket also needs to be named www.7thgradeplay.org.
Similarly, the DNS record for "www.7thgradeplay.org" must be a CNAME to "c.storage.googleapis.com.".
Checking DNS, I see a CNAME from "wwww.7thgradeplay.org" to "7thgradeplay.org". It needs to be "c.storage.googleapis.com." If you've already set that, you may need to wait a while for it to percolate. DNS can be slow to update.
Follow below steps to Host Static Website on Google Cloud Storage.
Creating a CNAME record in DNS :
Go to your respective Domain Service provider account and find DNS
settings and Create a CNAME record that points to
c.storage.googleapis.com.
NAME TYPE DATA
www.example.com CNAME c.storage.googleapis.com
After adding “CNAME” record it will take some time to propagate this
records.
Creating a Cloud Storage Bucket :
Go to Google cloud Console and select Storage from side menu, And
click on Create bucket.
Now create a bucket whose name must matches the CNAME record that
you have created for your domain in DNS settings.
For example, If you added a CNAME record pointing www.example.com
to c.storage.googleapis.com, then create a bucket with the name
www.example.com.
Uploading files to Cloud Storage Bucket :
Now In the list of buckets, click on the name of the bucket that you
have created.
Now create index.html file in your local system for your website
home page.
Now click on Upload files button and select index.html file that
you have created.
Browse the static website :
Now browse your website with your domain name in your web browser.
For example, If your domain name is www.example.com then browse
your website by going to http://www.example.com in your web
browser.
Now, You have successfully hosted your website on Google Cloud
Storage.
I've done an extensive research but I can't find a solution.
How can I enable Service Account Authentication for a project that is linked with Google's private owned Bucket for Double Click Manager data? (more info on the current setup of this project here https://support.google.com/dcm/partner/answer/2941575?hl=en&ref_topic=6107456&rd=1).
Separate user authentication works with gsutil(navigating to browser->get token->paste back in your cmd->issue commands) but when it comes to configuring a service account I keep getting
AccessDeniedException: 403 Forbidden
What am I missing? Since the Google documentation says that this specific bucket can't be listed under Cloud Storage for that project, then the project and the service account should be linked to that bucket by default so I can't see the issue here.
During set-up you should have created a Google Group to control access to your bucket. You should add the service account email address to that group, and it will then be able to access the bucket.
I am trying to create subdomain for my cloud storage. Now, in my site all files hosted in GCS and have url like: http://commondatastorage.googleapis.com/#buckletname#/file.jpg
I want create subdomain with name like #buckletname#.site.com. For this, I created the name record in domain zone:
#buckletname# IN CNAME c.storage.googleapis.com.
www.#buckletname# IN CNAME c.storage.googleapis.com.
But I can't access files by url #buckletname#.site.com . What am I doing wrong?
Documentation for me is not clear. If you can provide step by step instructions how to implement it.
The name of the bucket must be the full domain, not simply the name of the subdomain.
For example, if you wanted the domain "myproject.site.com" to be hosted by Google Cloud Storage, the bucket name must be "myproject.site.com", and if you wanted the domain "www.myproject.site.com", you must have a bucket named exactly "www.myproject.site.com."