Assigning a domain name to a web server VM using the management console, CLI, or API
To create an infrastructure for assigning a domain name to a web server VM:
To assign a domain name in Cloud DNS to a web server VM:
- Get your cloud ready.
- Create a web server VM.
- Create a public DNS zone.
- Delegate your domain to Cloud DNS.
- Create a type A resource record.
- Test the website.
If you no longer need the resources you created, delete them.
Get your cloud ready
Sign up for Yandex Cloud and create a billing account:
- Go to the management console
and log in to Yandex Cloud or create an account if you do not have one yet. - On the Yandex Cloud Billing
page, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page
Learn more about clouds and folders.
Required paid resources
The support cost includes:
- Fee for using a public IP address (see Yandex Virtual Private Cloud pricing).
- Fee for VM computing resources and disks (see Yandex Compute Cloud pricing).
- Fee for using a public DNS zone and public DNS requests (see Yandex Cloud DNS pricing).
Create a cloud network and subnet
- In the management console
, select your folder. - In the list of services, select Virtual Private Cloud.
- At the top right, click Create network.
- In the Name field, specify
webserver-network
. - In the Advanced field, disable the Create subnets option.
- Click Create network.
- In the left-hand panel, select
Subnets. - At the top right, click Create.
- In the Name field, specify
webserver-subnet-ru-central1-b
. - In the Zone field, select the
ru-central1-b
availability zone. - In the Network field, select the cloud network named
webserver-network
. - In the CIDR field, specify
192.168.1.0/24
. - Click Create subnet.
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder through the --folder-name
or --folder-id
parameter.
-
Create the
webserver-network
cloud network.yc vpc network create webserver-network
Result:
id: enp1gg8kr3pv******** folder_id: b1gt6g8ht345******** created_at: "2023-12-20T20:08:11Z" name: webserver-network default_security_group_id: enppne4l2eg5********
For more information about the
yc vpc network create
command, see the CLI reference. -
Create a subnet in the
ru-central1-b
availability zone:yc vpc subnet create webserver-subnet-ru-central1-b \ --zone ru-central1-b \ --network-name webserver-network \ --range 192.168.1.0/24
Result:
id: e2li9tcgi7ii******** folder_id: b1gt6g8ht345******** created_at: "2023-12-20T20:11:16Z" name: webserver-subnet-ru-central1-b network_id: enp1gg8kr3pv******** zone_id: ru-central1-b v4_cidr_blocks: - 192.168.1.0/24
For more information about the
yc vpc subnet create
command, see the CLI reference.
-
To create a cloud network, use the create REST API method for the Network resource or the NetworkService/Create gRPC API call.
-
To create a subnet, use the create REST API method for the Subnet resource or the SubnetService/Create gRPC API call.
Create a security group
Create a security group that allows inbound TCP traffic on ports 22
, 80
, and 443
as well as any outbound traffic.
-
In the management console
, select your folder. -
In the list of services, select Virtual Private Cloud.
-
In the left-hand panel, select
Security groups. -
Click Create security group.
-
In the Name field, specify the security group name, e.g.,
webserver-sg
. -
In the Network field, select the
webserver-network
network you created earlier. -
Under Rules, create the following traffic management rules:
Traffic
directionDescription Port range Protocol Source /
Destination nameCIDR blocks Inbound http
80
TCP
CIDR
0.0.0.0/0
Inbound https
443
TCP
CIDR
0.0.0.0/0
Inbound ssh
22
TCP
CIDR
0.0.0.0/0
Outbound any
All
Any
CIDR
0.0.0.0/0
-
Click Save.
Run this command:
yc vpc security-group create \
--name webserver-sg \
--rule "description=http,direction=ingress,port=80,protocol=tcp,v4-cidrs=[0.0.0.0/0]" \
--rule "description=https,direction=ingress,port=443,protocol=tcp,v4-cidrs=[0.0.0.0/0]" \
--rule "description=ssh,direction=ingress,port=22,protocol=tcp,v4-cidrs=[0.0.0.0/0]" \
--rule "description=any,direction=egress,port=any,protocol=any,v4-cidrs=[0.0.0.0/0]" \
--network-name webserver-network
Result:
id: enp4htsnl1sa********
folder_id: b1gt6g8ht345********
created_at: "2023-12-23T19:07:03Z"
name: webserver-sg
network_id: enp37qpnksl2********
status: ACTIVE
rules:
- id: enpdu0t8san9********
description: http
direction: INGRESS
ports:
from_port: "80"
to_port: "80"
protocol_name: TCP
protocol_number: "6"
cidr_blocks:
v4_cidr_blocks:
- 0.0.0.0/0
- id: enpr7oirpff5********
description: https
direction: INGRESS
ports:
from_port: "443"
to_port: "443"
protocol_name: TCP
protocol_number: "6"
cidr_blocks:
v4_cidr_blocks:
- 0.0.0.0/0
- id: enp0bgk6dkdd********
description: ssh
direction: INGRESS
ports:
from_port: "22"
to_port: "22"
protocol_name: TCP
protocol_number: "6"
cidr_blocks:
v4_cidr_blocks:
- 0.0.0.0/0
- id: enpspns0tfml********
description: any
direction: EGRESS
protocol_name: ANY
protocol_number: "-1"
cidr_blocks:
v4_cidr_blocks:
- 0.0.0.0/0
For more information about the yc vpc security-group create
command, see the CLI reference.
Save the security group ID (id
) as you will need it to create a VM.
To create a security group, use the create REST API method for the SecurityGroup resource or the SecurityGroupService/Create gRPC API call.
Create a web server VM
Before you start, prepare a keypair (a public and a private key) to access your VM over SSH.
-
In the management console
, select your folder. -
In the list of services, select Compute Cloud.
-
In the left-hand panel, select
Virtual machines. -
Click Create virtual machine.
-
Under General information:
- In the Name field, specify the VM name:
mywebserver
. - In the Availability zone field, select
ru-central1-b
.
- In the Name field, specify the VM name:
-
Under Boot disk image, navigate to the Marketplace tab and click Show all Marketplace products.
-
In the window that opens, find and select LAMP.
-
Under Network settings:
- In the Subnet field, select the
webserver-subnet-ru-central1-b
subnet you created earlier. - In the Public IP address field, select
Auto
. - In the Security groups field, select the
webserver-sg
security group you created earlier.
- In the Subnet field, select the
-
Under Access, specify the VM access credentials:
- Specify the username in the Login field:
yc-user
. - In the SSH key field, paste the contents of the public key created earlier.
- Specify the username in the Login field:
-
Click Create VM.
Run the following command and specify the security group ID you saved earlier:
yc compute instance create \
--name mywebserver \
--zone ru-central1-b \
--network-interface subnet-name=webserver-subnet-ru-central1-b,nat-ip-version=ipv4,security-group-ids=<security_group_ID> \
--create-boot-disk image-folder-id=standard-images,image-id=fd8jtn9i7e9ha5q25niu \
--ssh-key <SSH_key>
Where --ssh-key
is the path to the public SSH key file, e.g., ~/.ssh/id_ed25519.pub
.
Result:
done (32s)
id: fhmaq4shfrcm********
folder_id: b1gt6g8ht345********
created_at: "2023-12-23T05:36:34Z"
name: mywebserver
zone_id: ru-central1-b
platform_id: standard-v2
resources:
memory: "2147483648"
cores: "2"
core_fraction: "100"
status: RUNNING
metadata_options:
gce_http_endpoint: ENABLED
aws_v1_http_endpoint: ENABLED
gce_http_token: ENABLED
aws_v1_http_token: DISABLED
boot_disk:
mode: READ_WRITE
device_name: fhmprher1d0q********
auto_delete: true
disk_id: fhmprher1d0q********
network_interfaces:
- index: "0"
mac_address: d0:0d:ad:13:91:7e
subnet_id: e9bk1m87r4m4********
primary_v4_address:
address: 192.168.1.11
one_to_one_nat:
address: 158.160.***.***
ip_version: IPV4
security_group_ids:
- enpa5j0mrgm4********
gpu_settings: {}
fqdn: fhmaq4shfrcm********.auto.internal
scheduling_policy: {}
network_settings:
type: STANDARD
placement_policy: {}
For more information about the yc compute instance create
command, see the CLI reference.
To create a VM, use the create REST API method for the Instance resource or the InstanceService/Create gRPC API call.
This will create the mywebserver
VM in your folder. To connect to the VM over SSH, use the VM public IP address and the yc-user
username. If you are going to use the created web server VM over time, convert its public IP address to static.
Create a public DNS zone
-
In the management console
, select your folder. -
Select Cloud DNS.
-
Click Create zone.
-
Specify your domain’s DNS zone settings:
- Zone: Domain zone. Its name must end with a trailing dot, e.g.,
example.com.
for theexample.com
domain. You cannot create top-level domain (TLD) zones. To create a domain name with non-Latin characters, use the Punycode encoding. - Type:
Public
. - Name: DNS zone name.
- Zone: Domain zone. Its name must end with a trailing dot, e.g.,
-
Click Create.
Run this command:
yc dns zone create \
--name <zone_name> \
--zone <domain_zone> \
--public-visibility
Where:
--name
: DNS zone name.--zone
: Domain zone. Its name must end with a trailing dot, e.g.,example.com.
for theexample.com
domain. You cannot create top-level domain (TLD) zones. To create a domain name with non-Latin characters, use the Punycode encoding.
Result:
id: dns39gihj0ef********
folder_id: b1gt6g8ht345********
created_at: "2023-12-21T16:43:37.883Z"
name: my-domain-zone
zone: example.com.
public_visibility: {}
For more information about the yc dns zone create
command, see the CLI reference.
To create a public DNS zone, use the create REST API method for the DnsZone resource or the DnsZoneService/Create gRPC API call.
Delegate your domain to Cloud DNS
To delegate a domain to Cloud DNS, in your account on your domain registrar's website, specify the DNS server addresses in the domain settings:
ns1.yandexcloud.net
ns2.yandexcloud.net
Delegation does not take effect immediately. It usually takes up to 24 hours (86,400 seconds) for internet service providers to update records. This depends on the TTL value which specifies how long domain records are cached.
You can check the domain delegation using Whoisdig
utility:
dig +short NS example.com
Result:
ns2.yandexcloud.net.
ns1.yandexcloud.net.
A
resource record
Create a type In your DNS zone, create a type A
resource record pointing to your web server public IP address:
-
In the management console
, select your folder. -
Select Cloud DNS.
-
Select the previously created DNS zone.
-
Click Create record.
-
Specify the record parameters:
-
In the Name field, select
Matches zone name (@)
. -
In the Type field, select the
A
record type. -
Under Data, specify your web server public IP address.
You can get your VM IP address either in the management console
on the VM page under Network or with theyc compute instance get <VM_name>
CLI command.
-
-
Click Create.
Run this command:
yc dns zone add-records \
--name <zone_name> \
--record "<domain_name> 600 A <VM_IP_address>"
Where:
--name
: Name of the public DNS zone you created earler.--record
: New resource record parameters:-
<domain_name>
: Domain name that must end with a trailing dot, e.g.,example.com.
for theexample.com
domain. -
<VM_IP_address>
: Web server public IP address.You can get your VM IP address either in the management console
on the VM page under Network or with theyc compute instance get <VM_name>
CLI command.
-
Result:
+--------+--------------+------+---------------+-----+
| ACTION | NAME | TYPE | DATA | TTL |
+--------+--------------+------+---------------+-----+
| + | example.com. | A | 51.250.**.*** | 600 |
+--------+--------------+------+---------------+-----+
For more information about the yc dns zone add-records
command, see the CLI reference.
To create a resource record in a DNS zone, use the updateRecordSets REST API method for the DnsZone resource or the DnsZoneService/UpdateRecordSets gRPC API call.
Test the website
The website on your web server is now accessible by its domain name. To test the site, enter its IP address or domain name in your browser:
http://<VM_public_IP_address>
http://example.com
How to delete the resources you created
To stop paying for the resources you created:
- Delete the VM.
- Delete the static public IP address if you reserved one for your VM.
- Delete the domain zone you created.