Setting up a Cloudflare SSL certificate for Bitnami WordPress on Google Cloud Compute Engine

Bitnami WordPress on Google Cloud Compute Engine does not out of the box ship with SSL turned on, site owners need to secure communication to and from their website using SSL.

Here’s how to configure SSL using a free Cloudflare SSL certificate for Bitnami WordPress on Google Cloud Compute Engine.

Creating certificate files with Cloudflare

First we generate and download the SSL certificate files from Cloudflare.

    1. Open up your site profile on Cloudflare.com
    2. Switch to the Crypto tab
    3. Within the Origin Certificates section click the Create Certificate button
    4. Ensure the Let Cloudflare generate a private key and a CSR option is set to RSA
    5. Click Next
    6. With the Key format field set to PEM (Default) highlight and paste the contents of the Origin Certificate and Private Key blocks into separate new files on your Desktop:
      • Origin Certificate: server.crt
      • Private Key: server.key

Configuring Apache on your WordPress Bitnami instance

  1. Now we connect with SSH to the hosting server; your Google Cloud Compute Engine instance. You can do this via the Google Cloud Platform > Compute Engine > VM Instances > Connect with SSH or with your preferred terminal client.
    1. Open an SSH session to your Google Cloud Compute Engine instance
    2. Navigate to the /opt/bitnami/apache2/conf/ directory with the following terminal command:
       cd /opt/bitnami/apache2/conf/
    3. Delete or rename the existing server.crt and server.key files in this directory (I prefer to rename them to server.crt_legacy and server.key_legacy):
       sudo mv server.crt server.crt_legacy
      
       sudo mv server.key server.key_legacy
    4. Create two new files in their place:
       sudo touch server.crt
      
       sudo touch server.key
    5. With your preferred terminal text editor paste the contents of the two Cloudflare certificate files mentioned above into these new files on your hosting server
       sudo nano server.crt
      
       sudo nano server.key
    6. Restart the Apache service
      sudo /opt/bitnami/ctlscript.sh restart apache

Enable SSL within Cloudflare

  1. Open up your site profile on Cloudflare.com
  2. Switch to the Crypto tab
  3. Change the SSL dropdown from Flexible to Full
  4. Change the Always use HTTPS option to On
  5. Change the Automatic HTTPS Rewrites option to On

That’s it!

Turning off PageSpeed and OPcache in Bitnami Apache for Google Cloud Platform

Here’s how to turn off the Google PageSpeed module within Apache and PHP’s OPCache functionality that is enabled by default within Bitnami instances on Google Cloud Platform.

    1. Establish a terminal session to your Google Cloud Platform instance with your preferred terminal client (e.g. Putty).
    2. Open up /opt/bitnami/apache2/conf/httpd.conf with your preferred file editor and find the following lines:Include conf/pagespeed_libraries.conf
      Include conf/pagespeed.conf
    3. Comment them out to match the following lines:
      # Include conf/pagespeed.conf
      # Include conf/pagespeed_libraries.conf
    4. Save changes and return to terminal prompt.
    5. Open up /opt/bitnami/php/etc/php.ini with your preferred file editor and find the following line:opcache.enable=1
    6. Comment it out and disable opcache.enable by matching the following lines:
      # opcache.enable=1
      opcache.enable=0
    7. Save changes and return to terminal prompt.
    8. Restart the Apache service with the following command:
      sudo /opt/bitnami/ctlscript.sh restart apache

That’s it 🙂

Resetting SSH access after “Too many authentication failures for …” on Google Cloud Compute Engine

Locked yourself out of SSH/SFTP access on Google Cloud Compute Engine? Does the below look familiar… Fun times…

Status: Connecting to domain.com...
Status: Connecting to domain.com...
Response: fzSftp started, protocol_version=8
Command: open "...@domain.com" 22
Error: Server sent disconnect message
Error: type 2 (protocol error):
Error: "Too many authentication failures for ... from 125.18.17.115 port 7145 ssh2"
Error: Could not connect to server

Here’s how to increase the number of allowed login attempts within sshd_config and then restart the sshd service so you can get back to work. 🙂

  1. Open up Google Cloud Console
  2. From the Menu button open Compute Engine > VM Instances
  3. Beside your Compute Engine instance hit the SSH button within the Connect column
  4. When your terminal connection is established enter the following:
    sudo nano /etc/ssh/sshd_config
  5. By default the sshd_config file does not have a MaxAuthTries entry but scroll through the file using the up/down keys and check just incase…
  6. I set the maximum number of login attempts to 10, change this number to suit your security needs. Add the following lines anywhere within the sshd_config file:
    # Max login attempts
    MaxAuthTries 10
  7. Save and close the file by using the following keyboard combinations:
    CTRL+O followed by the enter key to save the file changes
    CTRL+X to close the Nano file editor
  8. Reboot the sshd service using the following commands (I’m not sure which one works so let’s do all of them…)
    sudo service sshd restart
    sudo systemctl restart sshd
  9. Try and reconnect to your Compute Engine instance using Putty (SSH) or Filezilla (SFTP)

That’s it 🙂