无法访问托管在 GCP Compute Engine 上的 Wordpress PHP 网站

问题描述 投票:0回答:0

我已经使用 Terraform 设置了一个带有保留静态 IP 的计算引擎 VM 和一个带有 

roles/cloudsql.editor
的服务帐户和一个 CloudSQL 实例作为数据库。目标是在 Compute Engine 实例上安装 LAMP 服务器。

启动脚本将安装运行 wordpress 网站所需的一切(它使用 vagrant 在本地 VM 上工作,它针对 GCP 进行了调整)。我面临的问题是我无法访问该站点。 http://{VM_IP} 只是将我重定向到 https://{VM_IP} 并抛出 

ERR_CONNECTION_TIMED_OUT
错误。

虚拟机附有

http-server
标签。如果我在 
index.html
中创建一个带有文本的 
/var/www/html/
,那么我可以在 http://{VM_IP} 看到它,它不会将我重定向到 https。但它不会为我提供 .php 文件。

地形配置:

# This terraform file will create next resources: 
# *static IP for VM
# *service account for VM (with SQL Editor role)
# *CloudSQL instance to use as the primary database (also create user and a database)

# The startup script will perform everything needed to install NoviNano. All you need to do is to auth with your GCP account (`gcloud auth application-default login`) from within the folder. Next do `terraform plan` and input the data variables. After that do `terraform apply`, input data variables (login, password, google project_id etc) and wait around 10-15 minutes for the resources to create. Go to Compute Engine and click on the external IP address of the newly created VM. 

provider "google" {
  project = var.project_id
  region  = var.compute_region
  zone    = var.compute_zone
}

########################## COMPUTE ##########################
resource "random_id" "vm_name_suffix" {
  byte_length = 4
}

# reserve a static external IP
resource "google_compute_address" "static" {
  name = "php-vm-external-ip"
}

# define what image to use in GCP Compute Engine
data "google_compute_image" "ubuntu_image" {
  family  = "ubuntu-2004-lts"
  project = "ubuntu-os-cloud"
}

# bind apropriete role to service account
resource "google_project_iam_binding" "cloud_sql_editor" {
  project = var.project_id
  role    = "roles/cloudsql.editor"
  members = [
    "serviceAccount:${google_service_account.service_account.email}"
  ]
}

# new service account
resource "google_service_account" "service_account" {
  account_id   = var.service_account_id
  display_name = "PHP-VM-Service-Account"
}

# compute config
resource "google_compute_instance" "vm_instance" {
  name         = "php-vm-tr-${random_id.db_name_suffix.hex}"
  machine_type = var.compute_machine_type
  zone         = var.compute_zone
  # allow ingress 80 tcp
  tags = ["http-server"]

  # startup script 
  metadata_startup_script = file("${path.module}/scripts/wp-php.sh")
  # we will pass arguments through custom metadata key-value pairs. This is absolute trash (we are passing sensitive data), but unfortunatly i didnt manage to find a better solution
  metadata = {
    SITE_V      = var.site_v
    DB_NAME     = var.db_name
    DB_HOST     = google_sql_database_instance.instance.ip_address.0.ip_address
    DB_PASS     = var.sql_pass
    DB_USER     = var.sql_user
    PHP_VM_IP   = google_compute_address.static.address
    ADMIN_LOGIN = var.admin_login
    ADMIN_EMAIL = var.admin_email
    ADMIN_PASS  = var.admin_pass
  }

  boot_disk {
    initialize_params {
      # ubuntu 20.04
      image = data.google_compute_image.ubuntu_image.self_link
    }
  }

  network_interface {
    network = "default"
    access_config {
      nat_ip = google_compute_address.static.address
    }
  }

  service_account {
    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
    email  = google_service_account.service_account.email
    scopes = ["cloud-platform"]
  }

  # do not create vm instance before service account, static ip and db instance
  depends_on = [google_service_account.service_account, google_compute_address.static, google_sql_database_instance.instance]
}
########################### COMPUTE ###########################


########################## CLOUD-SQL ##########################
resource "random_id" "db_name_suffix" {
  byte_length = 4
}

# main database
resource "google_sql_database" "wp-php-db" {
  name     = var.db_name
  instance = google_sql_database_instance.instance.name
}

# user for db
resource "google_sql_user" "admin_user" {
  name     = var.sql_user
  instance = google_sql_database_instance.instance.name
  host     = google_compute_address.static.address
  password = var.sql_pass
}

resource "google_sql_database_instance" "instance" {
  name             = "wp-db-instance-${random_id.db_name_suffix.hex}"
  region           = var.compute_region
  database_version = "MYSQL_8_0"
  settings {
    # really small but enough. 0.6 GB of RAM
    tier              = "db-f1-micro"
    availability_type = "ZONAL"

    backup_configuration {
      enabled            = "false"
      binary_log_enabled = "false"
    }

    ip_configuration {
      ipv4_enabled = "true"
      authorized_networks {
        value = google_compute_address.static.address
      }
    }
  }
  deletion_protection = "false"
}

########################## CLOUD-SQL ##########################

虚拟机的启动脚本:

#!/bin/sh

# if everything is already done, dont do anything. Prevents running the script when the instance reboots
if [ -e /var/www/html/wp-config.php ]
then
   echo "Everything seems fine"
   exit 0
fi

# we will pass arguments through custom metadata key-value pairs. This is absolute trash (we are passing sensitive data), but unfortunatly i didnt manage to find a better solution
getMetadata() {
  curl -fs http://metadata/computeMetadata/v1/instance/attributes/$1 \
    -H "Metadata-Flavor: Google"
}

SITE_VERSION=`getMetadata SITE_V`
DB_NAME=`getMetadata DB_NAME`
DB_HOST=`getMetadata DB_HOST`
DB_PASS=`getMetadata DB_PASS`
DB_USER=`getMetadata DB_USER`
PHP_VM_IP=`getMetadata PHP_VM_IP`
ADMIN_LOGIN=`getMetadata ADMIN_LOGIN`
ADMIN_EMAIL=`getMetadata ADMIN_EMAIL`
ADMIN_PASS=`getMetadata ADMIN_PASS`


site_v="${SITE_VERSION}"
base_url=https://github.com/mplesha/NoviNano/releases/download/v1.0/
zip_base=20180706_novinano

case $site_v in
  mt)
    export ARCHIVE_NAME=${zip_base}_mt_b2a03d4e0cbc53e87026180706071957_archive.zip
    export ARCHIVE_LINK=${base_url}${zip_base}_mt_b2a03d4e0cbc53e87026180706071957_archive.zip
    ;;
  nk)
    export ARCHIVE_NAME=${zip_base}_nk_71b6e5d0e46a01132850180706065954_archive.zip
    export ARCHIVE_LINK=${base_url}${zip_base}_nk_71b6e5d0e46a01132850180706065954_archive.zip
    ;;
  ns)
    export ARCHIVE_NAME=${zip_base}_ns_896ead05e3b627043459180706065900_archive.zip
    export ARCHIVE_LINK=${base_url}${zip_base}_ns_896ead05e3b627043459180706065900_archive.zip
    ;;
  rs)
    export ARCHIVE_NAME=${zip_base}_rs_9359544ad31107df3491180706065933_archive.zip
    export ARCHIVE_LINK=${base_url}${zip_base}_rs_9359544ad31107df3491180706065933_archive.zip
    ;;
  sv)
    export ARCHIVE_NAME=${zip_base}_sv_0e61d66b99566e5c1751180706065615_archive.zip
    export ARCHIVE_LINK=${base_url}${zip_base}_sv_0e61d66b99566e5c1751180706065615_archive.zip
    ;;
  ts)
    export ARCHIVE_NAME=${zip_base}_ts_976c110733e7eff58704180706072907_archive.zip
    export ARCHIVE_LINK=${base_url}${zip_base}_ts_976c110733e7eff58704180706072907_archive.zip
    ;;    
  *)
    export ARCHIVE_NAME=${zip_base}_ts_976c110733e7eff58704180706072907_archive.zip
    export ARCHIVE_LINK=${base_url}${zip_base}_ts_976c110733e7eff58704180706072907_archive.zip
    ;;
esac   

# install dependencies. Apache, php, mysql-client, unzip
sudo apt update && \
sudo apt-get install apache2 default-mysql-client unzip -y && \
sudo apt install php libapache2-mod-php php-mysql php-zip -y 

# install WP-CLI
sudo wget https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/bin/wp  && \
sudo chmod +x /usr/bin/wp

# download zip into /var/www/html/ 
sudo wget $ARCHIVE_LINK -P /var/www/html/
sudo unzip -q /var/www/html/$ARCHIVE_NAME -d /var/www/html/

# wordpress config for database
wp config create --dbname=$DB_NAME --dbuser=$DB_USER --dbhost=$DB_HOST --dbpass=$DB_PASS --force --path=/var/www/html/ --allow-root

# import the db and replace adresses
wp --quiet db import /var/www/html/database.sql --path=/var/www/html/ --allow-root
wp search-replace "/home/ubuntu/workspace/$SITE_VERSION" "/var/www/html" --path=/var/www/html/ --allow-root
wp search-replace "//novinano-tesp.c9users.io/$SITE_VERSION" "//$PHP_VM_IP" --path=/var/www/html --allow-root
wp search-replace "https://"PHP_VM_IP "http://$PHP_VM_IP" --path=/var/www/html --allow-root

# Create admin user
wp user create $ADMIN_LOGIN $ADMIN_EMAIL --role=administrator --user_pass=$ADMIN_PASS --path=/var/www/html/ --allow-root

# Remove sensitive and unneed data
sudo rm /var/www/html/database.sql /var/www/html/installer-backup.php /var/www/html/$ARCHIVE_NAME /var/www/html/index.html  

# Allow only the PHP user to get access to files.
sudo chown www-data:www-data -R /var/www/html/

# Restart apache to apply plugins and changes
sudo systemctl reload apache2.service

echo -e "\033[0;32mAccess the site at ${PHP_VM_IP}. The Host for the database is ${DB_HOST}\033[0m"

我已经尝试了这些线程中提出的解决方案:“Google 云计算引擎 http 连接超时”和“ERR_CONNECTION_TIMED_OUT Wordpress 网站托管在 GCP”但不幸的是它们没有帮助。我的 VM 有一个静态 IP,附加了 

http-server
标签,实例内部没有防火墙规则。

如果您需要更多信息,请发表评论。谢谢!

补充资料:

netstat -tulpn | grep LISTEN on instance

apache status

curl localhost + curl {VM_IP} with .php file

curl localhost + curl {VM_IP} with .html file

wordpress apache google-cloud-platform google-compute-engine
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.