Assigning a domain name to a VM with a web server
In this tutorial, you will assign your own domain name to a VM with a web server. You can use any domain name registrar to register your domain name.
To create a VM, this tutorial uses a public LAMP image with a pre-installed Apache HTTP server
To assign a domain name to a VM with a web server in Cloud DNS:
- Prepare your cloud.
- Create a VM with a web server.
- Create a public DNS zone.
- Delegate your domain to Cloud DNS.
- Create a type A resource record.
- Check that the website is running.
If you no longer need the resources you created, delete them.
You can also assign a domain name to a VM with a web server via Terraform using a ready-made configuration file.
Prepare your cloud
Sign up for Yandex Cloud and create a billing account:
- Go to the management console
and log in to Yandex Cloud or create an account if you do not have one yet. - On the Yandex Cloud Billing
page, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page
Learn more about clouds and folders.
Required paid resources
The support cost includes:
- Fee for using a public IP address (see Yandex Virtual Private Cloud pricing).
- Fee for VM computing resources (see Yandex Compute Cloud pricing).
- Fee for using a public DNS zone and public DNS requests (see Yandex Cloud DNS pricing).
Create a cloud network and subnet
- In the management console
, select your folder. - In the list of services, select Virtual Private Cloud.
- At the top right, click Create network.
- In the Name field, specify
webserver-network
. - In the Advanced field, disable the Create subnets option.
- Click Create network.
- In the left-hand panel, select
Subnets. - At the top right, click Create.
- In the Name field, specify
webserver-subnet-ru-central1-b
. - In the Zone field, select the
ru-central1-b
availability zone. - In the Network field, select the
webserver-network
cloud network. - In the CIDR field, enter
192.168.1.0/24
. - Click Create subnet.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
Create the
webserver-network
cloud network.yc vpc network create webserver-network
Result:
id: enp1gg8kr3pv******** folder_id: b1gt6g8ht345******** created_at: "2023-12-20T20:08:11Z" name: webserver-network default_security_group_id: enppne4l2eg5********
For more information about the
yc vpc network create
command, see the CLI reference. -
Create a subnet in the
ru-central1-b
availability zone:yc vpc subnet create webserver-subnet-ru-central1-b \ --zone ru-central1-b \ --network-name webserver-network \ --range 192.168.1.0/24
Result:
id: e2li9tcgi7ii******** folder_id: b1gt6g8ht345******** created_at: "2023-12-20T20:11:16Z" name: webserver-subnet-ru-central1-b network_id: enp1gg8kr3pv******** zone_id: ru-central1-b v4_cidr_blocks: - 192.168.1.0/24
For more information about the
yc vpc subnet create
command, see the CLI reference.
-
To create a cloud network, use the create REST API method for the Network resource or the NetworkService/Create gRPC API call.
-
To create a subnet, use the create REST API method for the Subnet resource or the SubnetService/Create gRPC API call.
Create a security group
Create a security group that allows inbound TCP traffic on ports 22
, 80
, and 443
, as well as any outbound traffic.
-
In the management console
, select your folder. -
In the list of services, select Virtual Private Cloud.
-
In the left-hand panel, select
Security groups. -
Click Create group.
-
Under Name, enter
webserver-sg
. -
In the Network field, select the
webserver-network
network you created earlier. -
Under Rules, create the following traffic management rules:
Traffic
directionDescription Port range Protocol Source /
Destination nameCIDR blocks Incoming http
80
TCP
CIDR
0.0.0.0/0
Incoming https
443
TCP
CIDR
0.0.0.0/0
Incoming ssh
22
TCP
CIDR
0.0.0.0/0
Outgoing any
All
Any
CIDR
0.0.0.0/0
-
Click Save.
Run this command:
yc vpc security-group create \
--name webserver-sg \
--rule "description=http,direction=ingress,port=80,protocol=tcp,v4-cidrs=[0.0.0.0/0]" \
--rule "description=https,direction=ingress,port=443,protocol=tcp,v4-cidrs=[0.0.0.0/0]" \
--rule "description=ssh,direction=ingress,port=22,protocol=tcp,v4-cidrs=[0.0.0.0/0]" \
--rule "description=any,direction=egress,port=any,protocol=any,v4-cidrs=[0.0.0.0/0]" \
--network-name webserver-network
Result:
id: enp4htsnl1sa********
folder_id: b1gt6g8ht345********
created_at: "2023-12-23T19:07:03Z"
name: webserver-sg
network_id: enp37qpnksl2********
status: ACTIVE
rules:
- id: enpdu0t8san9********
description: http
direction: INGRESS
ports:
from_port: "80"
to_port: "80"
protocol_name: TCP
protocol_number: "6"
cidr_blocks:
v4_cidr_blocks:
- 0.0.0.0/0
- id: enpr7oirpff5********
description: https
direction: INGRESS
ports:
from_port: "443"
to_port: "443"
protocol_name: TCP
protocol_number: "6"
cidr_blocks:
v4_cidr_blocks:
- 0.0.0.0/0
- id: enp0bgk6dkdd********
description: ssh
direction: INGRESS
ports:
from_port: "22"
to_port: "22"
protocol_name: TCP
protocol_number: "6"
cidr_blocks:
v4_cidr_blocks:
- 0.0.0.0/0
- id: enpspns0tfml********
description: any
direction: EGRESS
protocol_name: ANY
protocol_number: "-1"
cidr_blocks:
v4_cidr_blocks:
- 0.0.0.0/0
For more information about the yc vpc security-group create
command, see the CLI reference.
Save the security group ID (id
) as you will need it when creating a VM.
To create a security group, use the create REST API method for the SecurityGroup resource or the SecurityGroupService/Create gRPC API call.
Create a VM with a web server
Before you start, prepare a key pair (public and private keys) to access your VM over SSH.
-
In the management console
, select your folder. -
In the list of services, select Compute Cloud.
-
In the left-hand panel, select
Virtual machines. -
Click Create virtual machine.
-
Under Basic parameters:
- In the Name field, enter
mywebserver
. - In the Availability zone field, select
ru-central1-b
.
- In the Name field, enter
-
Under Image/boot disk selection, go to the Marketplace tab and click Show more.
-
In the window that opens, find and select LAMP.
-
Under Network settings:
- In the Subnet field, select the
webserver-subnet-ru-central1-b
subnet created earlier. - In the Public IP field, select
Auto
. - In the Security groups field, select the
webserver-sg
security group created earlier.
- In the Subnet field, select the
-
Under Access, specify the information required to access the VM:
- In the Login field, enter the username:
yc-user
. - In the SSH key field, paste the contents of the public key created earlier.
- In the Login field, enter the username:
-
Click Create VM.
Run the command specifying the security group ID you saved at the previous step:
yc compute instance create \
--name mywebserver \
--zone ru-central1-b \
--network-interface subnet-name=webserver-subnet-ru-central1-b,nat-ip-version=ipv4,security-group-ids=<security_group_ID> \
--create-boot-disk image-folder-id=standard-images,image-id=fd8jtn9i7e9ha5q25niu \
--ssh-key <SSH_key>
Where --ssh-key
is the path to the public SSH key file and its name, e.g., ~/.ssh/id_ed25519.pub
.
Result:
done (32s)
id: fhmaq4shfrcm********
folder_id: b1gt6g8ht345********
created_at: "2023-12-23T05:36:34Z"
name: mywebserver
zone_id: ru-central1-b
platform_id: standard-v2
resources:
memory: "2147483648"
cores: "2"
core_fraction: "100"
status: RUNNING
metadata_options:
gce_http_endpoint: ENABLED
aws_v1_http_endpoint: ENABLED
gce_http_token: ENABLED
aws_v1_http_token: DISABLED
boot_disk:
mode: READ_WRITE
device_name: fhmprher1d0q********
auto_delete: true
disk_id: fhmprher1d0q********
network_interfaces:
- index: "0"
mac_address: d0:0d:ad:13:91:7e
subnet_id: e9bk1m87r4m4********
primary_v4_address:
address: 192.168.1.11
one_to_one_nat:
address: 158.160.***.***
ip_version: IPV4
security_group_ids:
- enpa5j0mrgm4********
gpu_settings: {}
fqdn: fhmaq4shfrcm********.auto.internal
scheduling_policy: {}
network_settings:
type: STANDARD
placement_policy: {}
For more information about the yc compute instance create
command, see the CLI reference.
To create a VM, use the create REST API method for the Instance resource or the InstanceService/Create gRPC API call.
This will create the mywebserver
VM in your folder. To connect to the VM over SSH, use the yc-user
username and its public IP address. If you plan to use the created web server over a long period of time, make the VM public IP address static.
Create a public DNS zone
-
In the management console
, select your folder. -
Select Cloud DNS.
-
Click Create zone.
-
Specify the DNS zone settings consistent with your domain:
- Zone: Domain zone. The zone name must end with a dot. For example, the
example.com.
zone name corresponds to theexample.com
domain. You cannot create public top-level domain (TLD) zones. To create a domain zone with non-Latin characters, use Punycode encoding. - Type:
Public
. - Name: Zone name.
- Zone: Domain zone. The zone name must end with a dot. For example, the
-
Click Create.
Run this command:
yc dns zone create \
--name <zone_name> \
--zone <domain_zone> \
--public-visibility
Where:
--name
: DNS zone name.--zone
: Domain zone. The zone name must end with a dot. For example, theexample.com.
zone name corresponds to theexample.com
domain. You cannot create public top-level domain (TLD) zones. To create a domain zone with non-Latin characters, use Punycode encoding.
Result:
id: dns39gihj0ef********
folder_id: b1gt6g8ht345********
created_at: "2023-12-21T16:43:37.883Z"
name: my-domain-zone
zone: example.com.
public_visibility: {}
For more information about the yc dns zone create
command, see the CLI reference.
To create a public DNS zone, use the create REST API method for the DnsZone resource or the DnsZoneService/Create gRPC API call.
Delegate your domain to Cloud DNS
To delegate your domain to Cloud DNS, in your domain name registrar account, specify these DNS server addresses in the domain settings:
ns1.yandexcloud.net
ns2.yandexcloud.net
Delegation does not take effect immediately. It usually takes up to 24 hours (86400 seconds) for internet service providers to update records. This depends on the TTL value which determines how long domain records are cached.
You can check the domain delegation using Whoisdig
utility:
dig +short NS example.com
Result:
ns2.yandexcloud.net.
ns1.yandexcloud.net.
Create a type A resource record
In your DNS zone, create a type A resource record that points to the web server's public IP address:
-
In the management console
, select your folder. -
Select Cloud DNS.
-
Select the previously created DNS zone.
-
Click Create record.
-
Set the record parameters:
-
In the Name field, select
Matches zone name (@)
. -
In the Type, select
A
as the record type. -
Under Data, specify the web server's public IP address.
You can find the IP address of the VM in the Network section on its page in the management console
or use theyc compute instance get <VM_name>
CLI command.
-
-
Click Create.
Run this command:
yc dns zone add-records \
--name <zone_name> \
--record "<domain_name> 600 A <VM_IP_address>"
Where:
--name
: Name of the public DNS zone you created previously.--record
: Resource record parameters:-
<domain_name>
: Domain name that must end with a dot. For example, for theexample.com
domain, the correct value isexample.com.
-
<VM_IP_address>
: Public IP address of the web server.You can find the IP address of the VM in the Network section on its page in the management console
or use theyc compute instance get <VM_name>
CLI command.
-
Result:
+--------+--------------+------+---------------+-----+
| ACTION | NAME | TYPE | DATA | TTL |
+--------+--------------+------+---------------+-----+
| + | example.com. | A | 51.250.**.*** | 600 |
+--------+--------------+------+---------------+-----+
For more information about the yc dns zone add-records
command, see the CLI reference.
To create a resource record in a DNS zone, use the updateRecordSets REST API method for the DnsZone resource or the DnsZoneService/UpdateRecordSets gRPC API call.
Check that the website is running
The website on your web server is now accessible by its domain name. To check that the site is up, enter its IP address or domain name in your browser:
http://<VM_public_IP_address>
http://example.com
How to delete the resources you created
Some resources are not free of charge. To avoid paying for them, delete the resources you no longer need:
- In Compute Cloud, delete the VM you created.
- In Cloud DNS, delete the domain zone you created.
- In Virtual Private Cloud, delete the security group first, then delete the subnet; finally, delete the network.
How to create an infrastructure using Terraform
Terraform
For more information about the provider resources, see the documentation on the Terraform
If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.
To create an infrastructure for assigning a domain name to a VM with a web server in Cloud DNS using Terraform:
-
Install Terraform, get the authentication credentials, and specify the source for installing the Yandex Cloud provider (see Configure a provider, step 1).
-
Prepare a file with the infrastructure description:
Ready-made archiveCreating files manually- Create a directory for the file with the infrastructure description.
- Download the archive
(2 KB). - Unpack the archive to the directory. As a result, it should contain the
bind-domain-to-vm.tf
configuration file and thebind-domain-to-vm.auto.tfvars
user data file.
-
Create a directory for the file with the infrastructure description.
-
In the directory, create a configuration file named
bind-domain-to-vm.tf
:bind-domain-to-vm.tf# Declaring variables for custom parameters variable "folder_id" { type = string } variable "domain_name" { type = string } variable "ssh_key_path" { type = string } # Adding other variables locals { network_name = "webserver-network" subnet_name = "webserver-subnet-ru-central1-b" sg_name = "webserver-sg" vm_name = "mywebserver" domain_zone_name = "my-domain-zone" } # Setting the provider terraform { required_providers { yandex = { source = "yandex-cloud/yandex" version = ">= 0.47.0" } } } provider "yandex" { folder_id = var.folder_id } # Creating a cloud network resource "yandex_vpc_network" "webserver-network" { name = local.network_name } # Creating a subnet resource "yandex_vpc_subnet" "webserver-subnet-b" { name = local.subnet_name zone = "ru-central1-b" network_id = "${yandex_vpc_network.webserver-network.id}" v4_cidr_blocks = ["192.168.1.0/24"] } # Creating a security group resource "yandex_vpc_security_group" "webserver-sg" { name = local.sg_name network_id = "${yandex_vpc_network.webserver-network.id}" ingress { protocol = "TCP" description = "http" v4_cidr_blocks = ["0.0.0.0/0"] port = 80 } ingress { protocol = "TCP" description = "https" v4_cidr_blocks = ["0.0.0.0/0"] port = 443 } ingress { protocol = "TCP" description = "ssh" v4_cidr_blocks = ["0.0.0.0/0"] port = 22 } egress { protocol = "ANY" description = "any" v4_cidr_blocks = ["0.0.0.0/0"] from_port = 0 to_port = 65535 } } # Creating a VM instance resource "yandex_compute_instance" "mywebserver" { name = local.vm_name platform_id = "standard-v2" zone = "ru-central1-b" resources { cores = "2" memory = "2" } boot_disk { initialize_params { image_id = "fd8jtn9i7e9ha5q25niu" } } network_interface { subnet_id = "${yandex_vpc_subnet.webserver-subnet-b.id}" nat = true security_group_ids = ["${yandex_vpc_security_group.webserver-sg.id}"] } metadata = { user-data = "#cloud-config\nusers:\n - name: yc-user\n groups: sudo\n shell: /bin/bash\n sudo: 'ALL=(ALL) NOPASSWD:ALL'\n ssh-authorized-keys:\n - ${file("${var.ssh_key_path}")}" } } # Creating a DNS zone resource "yandex_dns_zone" "my-domain-zone" { name = local.domain_zone_name zone = "${var.domain_name}." public = true } # Creating a type А resource record resource "yandex_dns_recordset" "rsА1" { zone_id = yandex_dns_zone.my-domain-zone.id name = "${yandex_dns_zone.my-domain-zone.zone}" type = "A" ttl = 600 data = ["${yandex_compute_instance.mywebserver.network_interface.0.nat_ip_address}"] }
-
In the directory, create a file named
bind-domain-to-vm.auto.tfvars
with user data:bind-domain-to-vm.auto.tfvarsfolder_id = "<folder_ID>" ssh_key_path = "<path_to_SSH_key>" domain_name = "<domain_name>"
For more information about the parameters of resources used in Terraform, see the provider documentation:
-
In the
bind-domain-to-vm.auto.tfvars
file, specify the user-defined parameters:folder_id
: Folder ID.ssh_key_path
: Path to the file with a public SSH key to authenticate the user on the VM, e.g.~/.ssh/id_ed25519.pub
. For more information, see Creating an SSH key pair.domain_name
: Your domain name, e.g.example.com
.
-
Create resources:
-
In the terminal, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using the command:
terraform validate
If the configuration is correct, the following message is returned:
Success! The configuration is valid.
-
Run the command:
terraform plan
The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
in the terminal and press Enter.
-