Google Compute Engine

Quickstart: Creating an instance and launching Apache

It's easy to get started using Google Compute Engine. This quickstart provides step-by-step instructions on how to get started using Google Compute Engine.

By the end of this quickstart, you should know how to:

  1. Start a virtual machine

    To start, you will create a virtual machine instance with a machine type, an image, and a root persistent disk.

  2. Configure a firewall to allow traffic to and from the Internet

    In step 2 of this exercise, you will create a firewall rule to allow external traffic to and from the Internet.

  3. Install an Apache server to serve web pages

    Next, you will ssh into your virtual machine and install the Apache web server.

  4. Lastly and optionally, we'll discuss how to delete your resources after you're done with them.

You can also watch the video on this page to walk you through the steps of this tutorial. The video covers the same concepts and shows you how to perform each step of this quickstart.

This guide is intended as a beginner's tutorial to Google Compute Engine. If you would like to access Google Compute Engine programmatically, you might consider using the Python or Javascript client libraries.



Before you can run this quickstart, you must set up your environment.

  1. Enable Google Compute Engine, if you haven't already.
  2. Download and install the Cloud SDK.
  3. Authenticate your client by running:

    $ gcloud auth login

    The gcloud auth login command gets your OAuth2 credentials and saves them locally on your computer.

  4. Set your default project ID by running the following command and replacing PROJECT with your own project ID:

    $ gcloud config set project PROJECT

    If you do not know what your project ID is, refer to Identifying projects.

Create an instance

Virtual machine instances you create run on the Compute Engine infrastructure. You can ssh in to them and configure them, install and run software, create a network, create a server farm, and much more.

When you create an instance, Google Compute Engine automatically creates a root persistent disk for you, using an optional image that you specify. The root persistent disk stores the root filesystem and OS image that your instance needs to boot.

Here are the steps to create your first instance:

  1. Create and start your instance

    To create an instance named "my-first-instance" in the "us-central1-a" zone, use the gcloud compute instances create command:

    $ gcloud compute instances create my-first-instance --image debian-7 --zone us-central1-a


    is a name that you choose for your instance. Your instance name must adhere to the restrictions described on the Instance resource page.
    --image debian-7
    is the flavor of the image to use. Some alternate possible values are centos-6, rhel-6, opensuse-13, or sles-11. There are also other image options, such as Ubuntu, but they require an additional ‑‑image-project flag with your request. See the Operating Systems page for a full list of available operating systems and how to use them.
    --zone us-central1-a
    determines where your instance should live. In this example, the instance will be created in the us-central1-a zone. If you omit this flag, you will be prompted to select a zone. You can also set a default zone.
  2. Get the external IP address of the instance

    By default, your instance is assigned a new ephemeral external IP. You will need this external IP address later, to browse to your new web server. You can get the external IP address of your new instance by running:

    $ gcloud compute instances list
    my-first-instance us-central1-a n1-standard-1    RUNNING

    Note that you can also use the instances describe command to return all the instance settings:

    $ gcloud compute instances describe my-first-instance --zone us-central1-a
    canIpForward: false
    creationTimestamp: '2014-07-31T13:16:02.311-07:00'
    - autoDelete: true
      boot: true
      deviceName: persistent-disk-0
      index: 0
      kind: compute#attachedDisk
      mode: READ_WRITE
      source: https://www.googleapis.com/compute/v1/projects/my-project/zones/us-central1-a/disks/my-first-instance
      type: PERSISTENT
    id: '6522628601178798698'
    kind: compute#instance
    machineType: https://www.googleapis.com/compute/v1/projects/my-project/zones/us-central1-a/machineTypes/n1-standard-1
      fingerprint: IvbRJzVg1GI=
      kind: compute#metadata
    name: my-first-instance
    - accessConfigs:
      - kind: compute#accessConfig
        name: external-nat
        type: ONE_TO_ONE_NAT
      name: nic0
      network: https://www.googleapis.com/compute/v1/projects/my-project/global/networks/default
      automaticRestart: true
      onHostMaintenance: MIGRATE
    selfLink: https://www.googleapis.com/compute/v1/projects/my-project/zones/us-central1-a/instances/my-first-instance
    - email: 123412341234@project.gserviceaccount.com
      - https://www.googleapis.com/auth/devstorage.read_only
    status: RUNNING
      fingerprint: 42WmSpB8rSM=
    zone: https://www.googleapis.com/compute/v1/projects/my-project/zones/us-central1-a

Add a firewall rule

To install Apache and serve web pages, you need to create a firewall rule that permits incoming HTTP traffic on port 80, which by default is closed. To create a new firewall rule named "allow-http" that allows traffic on port 80, use:

$ gcloud compute firewall-rules create allow-http \
         --description "Incoming http allowed." --allow tcp:80
Created [https://www.googleapis.com/compute/v1/projects/my-project/global/firewalls/allow-http].
allow-http default  tcp:80

If successful, the create command returns details of the new firewall rule.

By running this command, you have:

  • Created a new firewall rule named allow-http that allows tcp:http traffic.
  • Assigned the firewall rule to the default network in the project. Because you didn't specify a network for the firewall rule, it was automatically applied to the default network.
  • Allowed all sources inside and outside the network (including over the Internet) to make requests to the server. You didn't specify a permitted source for the firewall rule, so all sources are allowed to make requests to instances assigned to the default network (source is the default setting, meaning all sources are allowed).
  • Applied this firewall rule to all instances on the network. Because you didn't specify a target for your rule, it applies to all instances in the network.

To get more information about the firewall rule, use the firewall-rules describe command and specify the name of the rule:

$ gcloud compute firewall-rules describe allow-http
- IPProtocol: tcp
  - '80'
creationTimestamp: '2014-07-31T13:31:11.880-07:00'
description: Incoming http allowed.
id: '11328171935303530875'
kind: compute#firewall
name: allow-http
network: https://www.googleapis.com/compute/v1/projects/my-project/global/networks/default
selfLink: https://www.googleapis.com/compute/v1/projects/my-project/global/firewalls/allow-http

More often, it is easier to list the firewall rules, which returns a human-readable table.

$ gcloud compute firewall-rules list
NAME                     NETWORK SRC_RANGES RULES                        SRC_TAGS TARGET_TAGS
allow-http               default  tcp:80
default-allow-internal   default tcp:1-65535,udp:1-65535,icmp
default-allow-ssh        default  tcp:22

Whenever you create a firewall rule, you can restrict the sources and targets to specific callers and instances using appropriate flags. To see a complete list of supported flags, display help for the create command:

$ gcloud compute firewall-rules create --help

You can also see the docs for this command online. See Networking and Firewalls for more information about how networking works in Google Compute Engine.

Log in to the instance

To log in to your instance, run:

$ gcloud compute ssh my-first-instance --zone us-central1-a

You should now be at the command prompt in the instance home directory. Once you have logged in, you can do anything you could do on any other standard Linux machine, including installing applications. You have root permissions on your instance and full control over everything. If you need to log out of your instance, type exit:

user@my-first-instance$ exit

You can also use your favorite SSH program to access the instance. For more information, see Connecting to instances.

Serve web pages

It is easy to configure your instance to serve HTTP requests from outside its network. Once your instance is running, install Apache on your instance, as follows.

  1. Install Apache HTTP Server

    You have full administrator privileges on any instance that you start in Google Compute Engine. Instances have access to package repositories by default.

    Debian 7

    Within your instance, run the following commands:

    me@my-first-instance$ sudo apt-get update
    me@my-first-instance$ sudo apt-get install apache2
    Ubuntu 14.04

    Within your instance, run the following commands:

    me@my-first-instance$ sudo apt-get update
    me@my-first-instance$ sudo apt-get install apache2
    CentOS 6 / RHEL 6

    Within your instance, run the following commands:

    me@my-first-instance:~$ sudo yum install httpd
    me@my-first-instance:~$ sudo service httpd start
    SUSE 11

    Within your instance, run the following commands:

    user@my-first-instance$ sudo zypper update
    user@my-first-instance$ sudo zypper in apache2
    user@my-first-instance$ sudo /usr/sbin/rcapache2 start

  2. Create a new home page

    The Apache web server comes with a default web page that we can overwrite to prove that we really control our server. ssh in to your instance and run the following command to overwrite the existing Apache home page:

    Debian 7
    me@my-first-instance$ echo '<!doctype html><html><body><h1>Hello World!</h1></body></html>' | sudo tee /var/www/index.html
    Ubuntu 14.04
    me@my-first-instance$ echo '<!doctype html><html><body><h1>Hello World!</h1></body></html>' | sudo tee /var/www/html/index.html
    CentOS 6 / RHEL 6
    me@my-first-instance$ echo '<!doctype html><html><body><h1>Hello World!</h1></body></html>' | sudo tee /var/www/html/index.html
    SUSE 11
    user@my-first-instance$ echo '<!doctype html><html><body><h1>Hello World!</h1></body></html>' | sudo tee /srv/www/htdocs/index.html

  3. Browse to your home page

    Browse to the external IP address listed previously when you called gcloud compute instances list.

    $ gcloud compute instances list
    my-first-instance us-central1-a n1-standard-1    RUNNING

    The full URL of your page is http://EXTERNAL_IP.

Clean up

When you are finished using your instance, you can delete it and the associated root persistent disk. Deleting an instance stops the virtual machine and removes it from the project.

To delete your instance and root persistent disk, execute the following command:

$ gcloud compute instances delete my-first-instance --zone us-central1-a

The command you used to create the instance also created a persistent disk that counts towards your persistent disk quota, and incurs monthly persistent disk charges. The delete command above also removed the persistent disk associated with the instance. To override this behavior, i.e., to preserve the disk, see Deleting instances.

Next steps

Congratulations! You've just run your first Google Compute Engine instance to host a web server. Learn more about Google Compute Engine on the following pages:

  1. Read the Overview Page to get an idea of the basic elements of the Google Compute Engine architecture.
  2. Review the quota page for more information about Google Compute Engine quotas, and review the pricing for information about persistent disk and machine type pricing.
  3. Read the details pages for the various resources including instances, networks and firewalls, and disks.
  4. See the gcloud compute page to learn more about the tool.