Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Assigning a domain name to a VM with a web server using the management console, CLI, or API

Written by
Updated at May 7, 2025

To create an infrastructure for assigning a domain name to a VM with a web server:

To assign a domain name in Cloud DNS to a web server VM:

  1. Get your cloud ready.
  2. Create a web server VM.
  3. Create a public DNS zone.
  4. Delegate your domain to Cloud DNS.
  5. Create a type A resource record.
  6. Test the website.

If you no longer need the resources you created, delete them.

Get your cloud ready

Sign up in Yandex Cloud and create a billing account:

  1. Navigate to the management console and log in to Yandex Cloud or register a new account.
  2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one and link a cloud to it.

If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure to operate in.

Learn more about clouds and folders.

The support cost includes:

Create a cloud network and subnet

  1. In the management console, select your folder.
  2. In the list of services, select Virtual Private Cloud.
  3. At the top right, click Create network.
  4. In the Name field, specify webserver-network.
  5. In the Advanced field, disable the Create subnets option.
  6. Click Create network.
  7. In the left-hand panel, select Subnets.
  8. At the top right, click Create.
  9. In the Name field, specify webserver-subnet-ru-central1-b.
  10. In the Zone field, select the ru-central1-b availability zone.
  11. In the Network field, select the cloud network named webserver-network.
  12. In the CIDR field, specify 192.168.1.0/24.
  13. Click Create subnet.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. Create the webserver-network cloud network.

    yc vpc network create webserver-network

    Result:

    id: enp1gg8kr3pv********
folder_id: b1gt6g8ht345********
created_at: "2023-12-20T20:08:11Z"
name: webserver-network
default_security_group_id: enppne4l2eg5********

    For more information about the yc vpc network create command, see the CLI reference.

  2. Create a subnet in the ru-central1-b availability zone:

    yc vpc subnet create webserver-subnet-ru-central1-b \
  --zone ru-central1-b \
  --network-name webserver-network \
  --range 192.168.1.0/24

    Result:

    id: e2li9tcgi7ii********
folder_id: b1gt6g8ht345********
created_at: "2023-12-20T20:11:16Z"
name: webserver-subnet-ru-central1-b
network_id: enp1gg8kr3pv********
zone_id: ru-central1-b
v4_cidr_blocks:
  - 192.168.1.0/24

    For more information about the yc vpc subnet create command, see the CLI reference.

  1. To create a cloud network, use the create REST API method for the Network resource or the NetworkService/Create gRPC API call.

  2. To create a subnet, use the create REST API method for the Subnet resource or the SubnetService/Create gRPC API call.

Create a security group

Create a security group that allows inbound TCP traffic on ports 22, 80, and 443 as well as any outbound traffic.

  1. In the management console, select your folder.

  2. In the list of services, select Virtual Private Cloud.

  3. In the left-hand panel, select Security groups.

  4. Click Create security group.

  5. In the Name field, specify the security group name, e.g., webserver-sg.

  6. In the Network field, select the webserver-network network you created earlier.

  7. Under Rules, create the following traffic management rules:

    Traffic
    direction    		 Description Port range Protocol Source /
    Destination name    		 CIDR blocks
    Inbound http 80 TCP CIDR 0.0.0.0/0
    Inbound https 443 TCP CIDR 0.0.0.0/0
    Inbound ssh 22 TCP CIDR 0.0.0.0/0
    Outbound any All Any CIDR 0.0.0.0/0

  8. Click Save.

Run this command:

yc vpc security-group create \
  --name webserver-sg \
  --rule "description=http,direction=ingress,port=80,protocol=tcp,v4-cidrs=[0.0.0.0/0]" \
  --rule "description=https,direction=ingress,port=443,protocol=tcp,v4-cidrs=[0.0.0.0/0]" \
  --rule "description=ssh,direction=ingress,port=22,protocol=tcp,v4-cidrs=[0.0.0.0/0]" \
  --rule "description=any,direction=egress,port=any,protocol=any,v4-cidrs=[0.0.0.0/0]" \
  --network-name webserver-network

Result:

id: enp4htsnl1sa********
folder_id: b1gt6g8ht345********
created_at: "2023-12-23T19:07:03Z"
name: webserver-sg
network_id: enp37qpnksl2********
status: ACTIVE
rules:
  - id: enpdu0t8san9********
    description: http
    direction: INGRESS
    ports:
      from_port: "80"
      to_port: "80"
    protocol_name: TCP
    protocol_number: "6"
    cidr_blocks:
      v4_cidr_blocks:
        - 0.0.0.0/0
  - id: enpr7oirpff5********
    description: https
    direction: INGRESS
    ports:
      from_port: "443"
      to_port: "443"
    protocol_name: TCP
    protocol_number: "6"
    cidr_blocks:
      v4_cidr_blocks:
        - 0.0.0.0/0
  - id: enp0bgk6dkdd********
    description: ssh
    direction: INGRESS
    ports:
      from_port: "22"
      to_port: "22"
    protocol_name: TCP
    protocol_number: "6"
    cidr_blocks:
      v4_cidr_blocks:
        - 0.0.0.0/0
  - id: enpspns0tfml********
    description: any
    direction: EGRESS
    protocol_name: ANY
    protocol_number: "-1"
    cidr_blocks:
      v4_cidr_blocks:
        - 0.0.0.0/0

For more information about the yc vpc security-group create command, see the CLI reference.

Save the security group ID (id) as you will need it to create a VM.

To create a security group, use the create REST API method for the SecurityGroup resource or the SecurityGroupService/Create gRPC API call.

Create a web server VM

Before you start, prepare a keypair (a public and a private key) to access your VM over SSH.

  1. In the management console, select your folder.

  2. In the list of services, select Compute Cloud.

  3. In the left-hand panel, select Virtual machines.

  4. Click Create virtual machine.

  5. Under General information:

    • In the Name field, specify the VM name: mywebserver.
    • In the Availability zone field, select ru-central1-b.

  6. Under Boot disk image, navigate to the Marketplace tab and click Show all Marketplace products.

  7. In the window that opens, find and select LAMP.

  8. Under Network settings:

    • In the Subnet field, select the webserver-subnet-ru-central1-b subnet you created earlier.
    • In the Public IP address field, select Auto.
    • In the Security groups field, select the webserver-sg security group you created earlier.

  9. Under Access, specify the VM access credentials:

    • Specify the username in the Login field: yc-user.
    • In the SSH key field, paste the contents of the public key created earlier.

  10. Click Create VM.

Run the following command and specify the security group ID you saved earlier:

yc compute instance create \
  --name mywebserver \
  --zone ru-central1-b \
  --network-interface subnet-name=webserver-subnet-ru-central1-b,nat-ip-version=ipv4,security-group-ids=<security_group_ID> \
  --create-boot-disk image-folder-id=standard-images,image-id=fd8jtn9i7e9ha5q25niu \
  --ssh-key <SSH_key>

Where --ssh-key is the path to the public SSH key file, e.g., ~/.ssh/id_ed25519.pub.

Result:

done (32s)
id: fhmaq4shfrcm********
folder_id: b1gt6g8ht345********
created_at: "2023-12-23T05:36:34Z"
name: mywebserver
zone_id: ru-central1-b
platform_id: standard-v2
resources:
  memory: "2147483648"
  cores: "2"
  core_fraction: "100"
status: RUNNING
metadata_options:
  gce_http_endpoint: ENABLED
  aws_v1_http_endpoint: ENABLED
  gce_http_token: ENABLED
  aws_v1_http_token: DISABLED
boot_disk:
  mode: READ_WRITE
  device_name: fhmprher1d0q********
  auto_delete: true
  disk_id: fhmprher1d0q********
network_interfaces:
  - index: "0"
    mac_address: d0:0d:ad:13:91:7e
    subnet_id: e9bk1m87r4m4********
    primary_v4_address:
      address: 192.168.1.11
      one_to_one_nat:
        address: 158.160.***.***
        ip_version: IPV4
    security_group_ids:
      - enpa5j0mrgm4********
gpu_settings: {}
fqdn: fhmaq4shfrcm********.auto.internal
scheduling_policy: {}
network_settings:
  type: STANDARD
placement_policy: {}

For more information about the yc compute instance create command, see the CLI reference.

To create a VM, use the create REST API method for the Instance resource or the InstanceService/Create gRPC API call.

This will create the mywebserver VM in your folder. To connect to the VM over SSH, use the VM public IP address and the yc-user username. If you are going to use the created web server VM over time, convert its public IP address to static.

Create a public DNS zone

  1. In the management console, select your folder.

  2. Select Cloud DNS.

  3. Click Create zone.

  4. Specify your domain’s DNS zone settings:

    1. Zone: Domain zone. Its name must end with a trailing dot, e.g., example.com. for the example.com domain. You cannot create top-level domain (TLD) zones. To create a domain name with non-Latin characters, use the Punycode encoding.
    2. Type: Public.
    3. Name: DNS zone name.

  5. Click Create.

Run this command:

yc dns zone create \
  --name <zone_name> \
  --zone <domain_zone> \
  --public-visibility

Where:

  • --name: DNS zone name.
  • --zone: Domain zone. Its name must end with a trailing dot, e.g., example.com. for the example.com domain. You cannot create top-level domain (TLD) zones. To create a domain name with non-Latin characters, use the Punycode encoding.

Result:

id: dns39gihj0ef********
folder_id: b1gt6g8ht345********
created_at: "2023-12-21T16:43:37.883Z"
name: my-domain-zone
zone: example.com.
public_visibility: {}

For more information about the yc dns zone create command, see the CLI reference.

To create a public DNS zone, use the create REST API method for the DnsZone resource or the DnsZoneService/Create gRPC API call.

Delegate your domain to Cloud DNS

To delegate a domain to Cloud DNS, in your account on your domain registrar's website, specify the DNS server addresses in the domain settings:

  • ns1.yandexcloud.net
  • ns2.yandexcloud.net

Delegation does not take effect immediately. It usually takes up to 24 hours (86,400 seconds) for internet service providers to update records. This depends on the TTL value which specifies how long domain records are cached.

You can check the domain delegation using Whois or the dig utility:

dig +short NS example.com

Result:

ns2.yandexcloud.net.
ns1.yandexcloud.net.

Create a type A resource record

In your DNS zone, create a type A resource record pointing to your web server public IP address:

  1. In the management console, select your folder.

  2. Select Cloud DNS.

  3. Select the previously created DNS zone.

  4. Click Create record.

  5. Specify the record parameters:

    1. In the Name field, select Matches zone name (@).

    2. In the Type field, select the A record type.

    3. Under Data, specify your web server public IP address.

      You can get your VM IP address either in the management console on the VM page under Network or with the yc compute instance get <VM_name> CLI command.

  6. Click Create.

Run this command:

yc dns zone add-records \
  --name <zone_name> \
  --record "<domain_name> 600 A <VM_IP_address>"

Where:

  • --name: Name of the public DNS zone you created earler.
  • --record: New resource record parameters:

    • <domain_name>: Domain name that must end with a trailing dot, e.g., example.com. for the example.com domain.

    • <VM_IP_address>: Web server public IP address.

      You can get your VM IP address either in the management console on the VM page under Network or with the yc compute instance get <VM_name> CLI command.

Result:

+--------+--------------+------+---------------+-----+
| ACTION |     NAME     | TYPE |     DATA      | TTL |
+--------+--------------+------+---------------+-----+
| +      | example.com. | A    | 51.250.**.*** | 600 |
+--------+--------------+------+---------------+-----+

For more information about the yc dns zone add-records command, see the CLI reference.

To create a resource record in a DNS zone, use the updateRecordSets REST API method for the DnsZone resource or the DnsZoneService/UpdateRecordSets gRPC API call.

Test the website

The website on your web server is now accessible by its domain name. To test the site, enter its IP address or domain name in your browser:

  • http://<VM_public_IP_address>
  • http://example.com

How to delete the resources you created

To stop paying for the resources you created:

  1. Delete the VM.
  2. Delete the static public IP address if you reserved one for your VM.
  3. Delete the domain zone you created.

See also

Previous
Overview
Next
Terraform