Infrastructure Setup

This guide covers the core infrastructure setup for deploying static websites using Google Cloud Storage.

Core Infrastructure Setup

1. GCS Bucket Configuration

# Create bucket in specified region
gsutil mb -l asia-south1 gs://[BUCKET_NAME]

# Set public access permissions
gsutil iam ch allUsers:objectViewer gs://[BUCKET_NAME]

# Enable bucket versioning
gsutil versioning set on gs://[BUCKET_NAME]

2. CDN and Load Balancer Setup

# Create backend bucket with CDN
gcloud compute backend-buckets create [BACKEND_BUCKET_NAME] \
  --gcs-bucket-name=[BUCKET_NAME] \
  --enable-cdn

# Configure URL map
gcloud compute url-maps create [URL_MAP_NAME] \
  --default-backend-bucket=[BACKEND_BUCKET_NAME]

# Create HTTP proxy
gcloud compute target-http-proxies create [HTTP_PROXY_NAME] \
  --url-map=[URL_MAP_NAME]

# Reserve global IP
gcloud compute addresses create [IP_ADDRESS_NAME] --global

3. SSL/TLS Configuration

# Create SSL certificate
gcloud compute ssl-certificates create [SSL_CERT_NAME] \
  --domains=[DOMAIN_NAME]

# Create HTTPS proxy
gcloud compute target-https-proxies create [HTTPS_PROXY_NAME] \
  --url-map=[URL_MAP_NAME] \
  --ssl-certificates=[SSL_CERT_NAME]

# Create forwarding rules
gcloud compute forwarding-rules create [HTTP_FORWARDING_RULE] \
  --load-balancing-scheme=EXTERNAL \
  --global \
  --address=[IP_ADDRESS_NAME] \
  --target-http-proxy=[HTTP_PROXY_NAME] \
  --ports=80

gcloud compute forwarding-rules create [HTTPS_FORWARDING_RULE] \
  --load-balancing-scheme=EXTERNAL \
  --global \
  --address=[IP_ADDRESS_NAME] \
  --target-https-proxy=[HTTPS_PROXY_NAME] \
  --ports=443

Security Configuration

1. CORS Setup

gsutil cors set '[
  {
    "origin": ["https://[DOMAIN_NAME]"],
    "method": ["GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"],
    "responseHeader": ["Content-Type", "Access-Control-Allow-Origin", "Access-Control-Allow-Methods", "Access-Control-Allow-Headers"],
    "maxAgeSeconds": 3600
  }
]' gs://[BUCKET_NAME]

2. Bucket Security

# Set uniform bucket-level access
gsutil bucketiam set bucketpolicyonly:on gs://[BUCKET_NAME]

# Configure bucket encryption
gsutil bucketencryption set on gs://[BUCKET_NAME]

DNS Configuration

Get load balancer IP:

gcloud compute addresses describe [IP_ADDRESS_NAME] --global --format="get(address)"

Configure DNS records:

A record: Point to load balancer IP
AAAA record: For IPv6 support

Verification

# Verify bucket setup
gsutil ls -L gs://[BUCKET_NAME]

# Check SSL certificate
gcloud compute ssl-certificates describe [SSL_CERT_NAME]

# Test load balancer
curl -I https://[DOMAIN_NAME]

Core Infrastructure Setup​

1. GCS Bucket Configuration​

2. CDN and Load Balancer Setup​

3. SSL/TLS Configuration​

Security Configuration​

1. CORS Setup​

2. Bucket Security​

DNS Configuration​

Verification​

Core Infrastructure Setup

1. GCS Bucket Configuration

2. CDN and Load Balancer Setup

3. SSL/TLS Configuration

Security Configuration

1. CORS Setup

2. Bucket Security

DNS Configuration

Verification