Google cloud CDN set up for WordPress | Discourse

By Anil Gupta,  13 Jan, 18       0  Tech Tips

Google cloud CDN set up for wordpress or Discouse. Step by step guide for Google Load balancer, back end service with HTTPS certificate set up. Wordpress runs super fast with caching rules set up by caching plugin.


Google cloud CDN set up for wordpress or Discourse super fast caching.

At this time, the google cloud CDN can only be used with Google’s own infrastructure i.e. your application like wordpress or Discourse should be deployed on either Google App Engine or Google Compute VM.

Our example set up has Bitnami WordPress image or Bitnami Discourse image to deploy on Google Compute VM instance.

For Cloud CDN to work, you need to set up these things first in this order:

  1. Get 2048 bit HTTPS SSL certificates. Generate 2048 bit SSL certificate using Lets Encrypt.

    If you are have already set up wordpress to use https with WP Encrypt plugin, your certificates cannot be re-used here.

    They are 4096 bit encrypted, be default.

    Let the 4096 bit ones run on wordpress. But do get 2048 strength ones separately to be used with Google CDN.

  2. Compute VM with wordpress or Discourse is in running state.
  3. Current VM https or http: It does not matter if your current set up without Load balancer is running with HTTPS or HTTP layer.

    In case of wordpress, you might already have https layer set up.

Set up Google CDN

  1. Create Instance Group: https://console.cloud.google.com/compute/instanceGroups/

    IMPORTANT: Choose the ‘Unmanaged Instance group‘ type. You can add an existing Compute VM (that’s running your wordpress or discourse) only in Unmanaged group.

    Google Instance group for load balancer
    Google Instance group for load balancer

    Choose the region where your current VM instance is located and then choose the VM itself.

  2. Create Google Cloud Load Balancer: https://console.cloud.google.com/net-services/loadbalancing/loadBalancers/
    Select ‘Create HTTP(S) load balancer‘.

    Google load balancer configuration
    Google load balancer configuration
    1. Create ‘Backend Service‘.
      Protocol HTTP
      Named port http
      Timeout 30 seconds
      Choose the ‘instance group‘ we created above.
      Keep the CPU utilization very high like 90%.
      Create a ‘Health Check‘.Choose Protocol as ‘TCP’ and port = 80. Keep all other values default.
      ENABLE ‘CLOUD CDN’.

      Leave other values default. Save.

    2. Host and path rules: Leave the default values intact.
    3. Frontend configuration:
      Protocol Https

      IP4 Ephemeral
      Port 443
      Certificate Create a certificate and use the files created with 2048 bit encryption.
    4. Click ‘Done‘.
    5. Review and finalize.
    6. Click Create load Balancer. Once it is created, you will get a new IP address.
  3. Firewall rules
    You must create a firewall rule that allows traffic from 130.211.0.0/22 and 35.191.0.0/16 to reach your instances.

    Google load balancer firewall rule settings
    Google load balancer firewall rule settings

    These are IP address ranges that the load balancer uses to connect to backend instances.

    This rule allows traffic from both the load balancer and the health checker.

  4. Change your domain DNS to point to new IP address mentioned in your Load balancer.
  5. Wait for about 5 minutes to let DNS settings propagate. Then, launch your wordpress blog of discourse domain with https:// in front. Your site is now served using Google cloud CDN.

    truvisa
    truvisa

Issue 1

Problem
After all this set-up, you will notice that your website’s https://truvisa.com version works fine as expected.

But, http://truvisa.com starts to throw 404 not found error.

This is because at this time, there is no way to set up automatic redirection of http to https at Load balancer level. Here is stackoverflow thread http to https on google load balancer for this issue. The issue is already with Google in works.

Temporary Solution:

  1. Create a STATIC IP:
    Go to https://console.cloud.google.com/networking/addresses/.

    Static IP for http load balance
    Static IP for http load balance

    Here, you will see the ephemeral IP address that has been automatically assigned to the Load balancer. Make it ‘Static’ explicitly now. Save.

  2. Use the static IP with load balancer:
    The idea is to have the same IP address for both http and https routing.

    Add a new http forwarding rule and choose the STATIC IP that we just created in the IP selection.

    Here are the final settings.

    HTTP front-end set up load balancer
    HTTP front-end set up load balancer
  3. Once saved, your http://truvisa.com version should work and no 404 error is thrown.

    Please note that at this time, the http to https redirection is still not working.

Issue 2

Problem
If your Google Load balancer is connecting to your Compute Engine VM on HTTP connection, the user using the HTTP protocol to reach your site will NOT be automatically redirected to https version.

The problem is: Compute engine is always connected via http link (to the load balancer) and not https.
Thus, the .htaccess file always consider the connection to be http and not https even if the url starts with https.

Solution
Add this redirection rule to your /opt/bitnami/apps/wordpress/conf/httpd-prefix.conf file.
HTTP:X-Forwarded-Proto is sent by Google Load balancer to Compute engine request. This is one way the compute engine can understand if the request came through proxy and should redirect it to https version.
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP:X-Forwarded-Proto} =http [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [L,NE,R=301]

and then re-start Apache server using this command:

sudo /opt/bitnami/ctlscript.sh restart apache

Source: Stackoverflow

Check Google CDN Cache hit ratio

We already checked ‘Cloud CDN’ option while creating ‘backend service’ inside Load balancer set up above.

Hence, your Cloud CDN is already active and you can check it here: https://console.cloud.google.com/net-services/cdn/

This page also shows Cache hit ratio for each load balancer that you might have:

Google cloud CDN hit ratio
Google cloud CDN hit ratio

Click on the load balancer to see the details:

Google cloud CDN with load-balancer
Google cloud CDN with load-balancer

Wait for a day and then see the cache hit ratio jump to signal that resources are being cached and served from Google’s servers directly.

Google CDN cache hit ratio after one day
Google CDN cache hit ratio after one day

If your cache hit ratio stays at zero (like the 3rd one in our image), check the ‘Cache-control‘ response header set by your web server.

As per Google’s recommendation, it will cache pages (full page html), css, js, image or any other file that has its http response header set with ‘Cache-control’ as:

Check header - Press F12 in chrome browser top open dev tools , then network tab. Open web page. and then click web page name in Dev tools side window.
Check header – Press F12 in chrome browser top open dev tools , then network tab. Open web page. and then click web page name in Dev tools side window.