Google Compute Engine

Quickstart: Creating an instance and launching Apache

It's easy to get started using Google Compute Engine. This quickstart provides step-by-step instructions on how to get started using Google Compute Engine. By the end of this quickstart, you should know how to:

  1. Start a virtual machine

    To start, you will create a virtual machine instance with a machine type, an image, and a root persistent disk.

  2. Configure a firewall to allow traffic to and from the Internet

    In step 2 of this exercise, you will create a firewall rule to allow external traffic to and from the Internet.

  3. Install an Apache server to serve web pages

    Next, you will ssh into your virtual machine and install Apache.

  4. Lastly and optionally, we'll discuss how to delete your resources once you're done with them.

You can also watch the video on this page to walk you through the steps of this tutorial. The video covers the same concepts and shows you how to perform each step of this quickstart.

This guide is intended as a beginner's tutorial to Google Compute Engine. If you would like to access Google Compute Engine programmatically, you might consider using the Python or Javascript client libraries.


  1. Setup
  2. Start an instance
  3. Add a firewall
  4. Log in to an instance
  5. Serve web pages
  6. Delete your instance and persistent disk
  7. Next steps


Before you can run this exercise, you must set up your environment as described here:

  1. Sign up for Google Compute Engine, if you haven't already.
  2. Download and Install the gcutil command line tool.
  3. If you didn't set your project ID in the installation procedure, you can still set a default gcutil project ID by running:
    $ gcutil getproject --project=<project-id> --cache_flag_values

    You were prompted to create a project ID when you enabled the service in the Google Developers Console. If your project belongs to a specific domain, your project ID would be in the form <domain>:<your-chosen-project-id>.

    Optional: For this tutorial, we are also using the --cache_flag_values flag, which tells gcutil to store all the flags in this command in a file at ~/.gcutil.flags. All subsequent gcutil commands can omit these flags, such as the --project flag, because gcutil reuses the initial flag value. If you do not include the --cache_flag_values flag, you need to provide all required flags for every gcutil action. The rest of this quickstart guide omits the --project flag because we have set the --cache_flag_values flag above.

    Similarly, you can also use the --cache_flag_values to store flags such as --zone and --machine_type, which might simplify instance creation if you plan to create many instances in the same zone or with the same machine types. You can always override the cached flag values by providing a new flag value on the command line:

    gcutil addinstance --zone=<new-zone> ...

Create an instance

First, you will need to create a new virtual machine instance. Your instances run on the Compute Engine infrastructure and you can ssh in to and configure them, install and run software, create a network, create a server farm, and much more.

When you create an instance, Google Compute Engine will automatically create a root persistent disk for you, using the image that you specified. The root persistent disk stores the root filesystem and OS image that your instance needs to boot.

Here are the steps to creating your first instance:

  1. Create and Start Your Instance

    To create an instance, you need to execute the addinstance command:

    gcutil addinstance my-first-instance --machine_type=n1-standard-2 \
    --image=debian-7 --zone=us-central1-a --wait_until_running --auto_delete_boot_disk


    • my-first-instance is a name that you choose for your instance. Your instance name must adhere to the restrictions described on the Instance resource page. For this example, use my-first-instance.
    • --machine_type=n1-standard-2 sets your desired machine types. A machine type determines the memory, number of virtual cores, and persistent disk limits that your instance will have.
    • --image=debian-7 sets the image and operating system to use. If you provide debian-7, gcutil automatically resolves the image to the latest debian-7 image. Image versions are marked by dates so the newest version of the image will be the one with the most recent date. An image contains the operating system and root file system that is necessary for starting an instance. Currently, Google Compute Engine offers Debian and CentOS images. This image will be applied to a root persistent disk which is automatically created if you do not specify a disk on instance creation. The newly-created persistent boot disk is named after your instance, in the format <instance-name>.
    • --zone=us-central1-a determines where your instance should live. In this example, the instance will be created in the us-central1-a zone.
    • --wait_until_running flag tells gcutil to block until the instance is running. By default, after you run the addinstance command, gcutil will exit the addinstance command even if your instance has not yet started running. You must then check the status of your instance and wait for the status to change to RUNNING before you can use your new instance. To avoid this extra step, you can use the ‑‑wait_until_running flag, which will force the addinstance command to wait until the instance is running before it exits, indicating that the instance is ready to use.
    • --auto_delete_boot_disk tells Compute Engine that the associated root persistent disk should be deleted if the instance is deleted. This helps you remove unused resources and saves you an extra API call to delete the root disk separately. If you omit this flag, the default for this property is false.

    View a list of important flags and parameters for more information or run gcutil --help for the full list of available flags.

  2. Select a passphrase for ssh keys

    If this is your first time using gcutil to add an instance, you will be asked to create a passphrase to protect your ssh keys.

  3. (Optional) Check Instance Status

    After calling gcutil addinstance, Google Compute Engine will launch your instance. Before you can use your instance, however, you must wait for your instance to report its status as RUNNING. If you didn't use the --wait_until_running flag with the addinstance command, you can check on the status of the instance by querying Google Compute Engine. To check the status of your instance, execute the following command:

    $ gcutil getinstance my-first-instance
  4. Make note of your instance's external IP

    By default, your instance is assigned a new ephemeral external IP. Make note of this IP when you perform a getinstance command:

    $ gcutil getinstance my-first-instance
    | name                   | my-first-instance   |
    | ...                    | ...                 |
    | description            |                     |
    |   ip                   |       |
    |   access-configuration | External NAT        |
    |   type                 | ONE_TO_ONE_NAT      |
    |   external-ip          |       |

    You need this IP later to browse to your new web server.

Add a firewall

By default, Google Compute Engine blocks all connections to and from an instance to the Internet. To install Apache and serve web pages, you need to create a firewall rule that permits incoming HTTP traffic on port 80.

Every project comes with two default firewalls:

  • A firewall that allows SSH access to any instance.
  • A firewall that allows all communication between instances in the same network.

You must manually create a firewall rule that allows HTTP requests to your instance. For this example, create a new firewall using the following gcutil command:

$ gcutil addfirewall http2 --description="Incoming http allowed." --allowed="tcp:http"
INFO: Waiting for asynchronous operation to complete. Current status: RUNNING. Sleeping for 5s.

|      property       |                     value                      |
| name                | operation-1340145141786-4c2dadb1ed2a0-578a4b5e |
| creation time       |                                                |
| status              | DONE                                           |
| progress            | 100                                            |
| statusMessage       |                                                |
| target              | httpstuff                                      |
| target id           | 12918719030692922187                           |
| client operation id |                                                |
| insertTime          | YYYY-MM-DDT22:32:21.786                        |
| startTime           | YYYY-MM-DDT22:32:21.964                        |
| endTime             | YYYY-MM-DDT22:32:22.976                        |
| operationType       | insert                                         |
| error code          |                                                |
| error message       |                                                |

By performing this command, you have:

  • Created a new firewall named http2 that allows tcp:http traffic
  • Assigned the firewall to the default network in the project. Since you didn't specify a network for the firewall rule, it was automatically applied to the default network.
  • Allowed all sources inside and outside the network (including over the Internet) to make requests to the server. We didn't specify a permitted source for the firewall, so all sources are allowed to make requests to instances assigned to the default network (source is the default setting, meaning all sources are allowed).
  • Applied this firewall rule to all instances on the network. Because we did not specify a target for your firewall, the firewall applies this rule to all instances in the network.

To review information about your firewall at any time, perform a gcutil getfirewall request:

$ gcutil getfirewall http2

|   property    |          value          |
| name          | http2                   |
| description   | Incoming http allowed.  |
| creation time | YYYY-MM-DDT22:32:22.347 |
| network       | default                 |
| source IPs    |               |
| source tags   |                         |
| target tags   |                         |
| allowed       | tcp: 80                 |

Whenever you create a firewall, you can restrict the sources and targets to specific callers and instances using appropriate addfirewall flags. To see a complete list of supported flags, run gcutil help addfirewall. See Networking and Firewalls for more information about how networking works in Google Compute Engine.

Log in

The gcutil tool has a built-in ssh command that enables you to ssh into an instance using the instance name.

To log in to your instance, execute the following command:

$ gcutil ssh my-first-instance

The SSH keys you created previously will be used to authenticate your SSH session. You should now be at the command prompt in your instance's home directory.

Once you have logged in, you can do anything you could do on any other standard Linux machine, including installing applications. You have root permissions on your instance and full control over everything.

If you need to log out of your instance, you can execute the following command:

me@my-first-instance$ exit

Serve web pages

It is easy to configure your instance to serve HTTP requests from outside its network. Once your instance is running, install Apache on your instance, as follows.

  1. Install Apache HTTP Server

    You have full administrator privileges on any instance that you start in Google Compute Engine. Instances have access to package repositories by default.


    Within your instance, run the following commands:

    me@my-first-instance$ sudo apt-get update
    me@my-first-instance$ sudo apt-get install apache2
    ...output omitted...

    1. Make sure the operating system firewall is disabled.
      # Save your iptable settings
      user@my-first-instance:~$ sudo service iptables save
      # Stop the iptables service
      user@my-first-instance:~$ sudo service iptables stop
      # Disable iptables on startup.
      user@my-first-instance:~$ sudo chkconfig iptables off
    2. Install Apache using the following commands:
      me@my-first-instance:~$ sudo yum install httpd
      Installed size: 3.6 M
      Is this ok [y/N]: y
      me@my-first-instance:~$ sudo service httpd start
      Starting httpd:                                            [  OK  ]
  2. Create a New Home Page

    The Apache web server comes with a default web page that we can overwrite to prove that we really control our server. ssh into your instance and execute the following command to overwrite the existing Apache home page:

    me@my-first-instance$ echo '<!doctype html><html><body><h1>Hello World!</h1></body></html>' | sudo tee /var/www/index.html
    me@my-first-instance$ echo '<!doctype html><html><body><h1>Hello World!</h1></body></html>' | sudo tee /var/www/html/index.html

    You can also use the gcutil push command from your local terminal to copy files from your local machine to your instance. However, push does not allow you to save in a directory that requires root permissions, which is necessary in this scenario because the default location above for web server files requires root permissions. You can change the default location to somewhere that doesn't require root access, or open the existing file for edit as root. See the Apache HTTP Server Docs for more information.

  3. Browse to Your Home Page

    Browse to the external IP address listed previously when you called gcutil getinstance. The full URL of your page is http://<IP address>

Delete your instance and root persistent disk

When you are finished using your instance, you can delete it and the associated root persistent disk. Deleting an instance stops the virtual machine and removes it from the project.

To delete your instance and root persistent disk, execute the following command:

$ gcutil deleteinstance my-first-instance [--delete_boot_pd]

When you create a persistent disk, it counts towards your persistent disk quota and also incurs monthly persistent disk charges. To make sure you're not charged for persistent disks that you aren't using, make sure to delete your persistent disks when you no longer need them. This can done either by specifying the --auto_delete_boot_disk flag, like you did earlier, or by providing the --delete_boot_pd flag. If you don't provide either flags, gcutil prompts you to decide if you want to delete the root persistent disk.

If you wanted to keep your root persistent disk and skip the prompt, you can also provide the --nodelete_boot_pd flag instead.

For more information about quotas, review the quota page. For information about persistent disk pricing, review the pricing page.

Next Steps

Congratulations! You've just run your first Google Compute Engine instance. Learn more about Google Compute Engine on the following pages:

  1. Read the Overview page to get an idea of the basic elements of the Google Compute Engine architecture.
  2. Read the details pages for the various resources including instances, networks and firewalls, and disks.
  3. Read the gcutil page to learn more about the tool.

Authentication required

You need to be signed in with Google+ to do that.

Signing you in...

Google Developers needs your permission to do that.