surfingonthenet's questions

On Debian servers we're supposed to store certificates on /etc/ssl/certs dir, and key files on /etc/ssl/private dir.

The problem is SSL private key files use to be readable only by the owner. So, I'm wondering what's the best practices regarding how to make it readable for Docker containers?

I mean, I have a service running on a Docker container, which needs to ready SSL cert and key files in order to expose it via HTTPS. In its default set up, I'm getting permission denied accessing /etc/ssl/private/server.key file.

To sort this out I moved this file to another directory and set it as 644. But, is that right?

Any help would be appreciated

once in a while we need a single server for a specific purpose that won't get high traffic. For my scenario, this server requires a static external IP

I'm wondering what is the best way to have a high-available single server with static external IP on GCP?

Usually, we'd choose to create an instance-group with 1 minimal and 1 maximum instance, but that wouldn't keep the static IP for egress traffic after an instance crash/recreation. So, I'd have to create an instance-group with no external IP and make the egress traffic going through a NAT Gateway + a Load Balancer for another static IP for the ingress traffic.

The problem is, that sounds too much for a single server.

On AWS it can be achieved in an easier way. It's just:

1. Launching one instance
2. Associate an external IP address to it
3. Create a Life cycle snapshot for backing up data
4. Create alarm to restart or restore the instance in case of system or instance failure

So, my question is: Is there some easier way to achieve this on Google Cloud Platform?