Ova

How to open 8080 port in GCP?

Published in GCP Networking Firewall 5 mins read

Opening port 8080 in Google Cloud Platform (GCP) is achieved by creating an ingress firewall rule within your Virtual Private Cloud (VPC) network that explicitly permits incoming TCP traffic on that specific port to your virtual machine (VM) instances.

Understanding GCP Firewall Rules

GCP firewall rules are essential for controlling network traffic to and from your VM instances. These rules are configured at the VPC network level, meaning they apply to all instances within that network, rather than being managed individually on each VM. They act as a critical security layer, allowing you to define exactly which types of traffic are permitted or denied.

To learn more about firewall rules, refer to the official GCP Firewall Rules Documentation.

Step-by-Step Guide to Opening Port 8080 in GCP

Follow these steps in the Google Cloud Console to create a new firewall rule allowing incoming traffic on TCP port 8080:

  1. Navigate to the Google Cloud Console:

    • Go to the Google Cloud Console and ensure you have selected the correct project from the project selector at the top.

  2. Access VPC Network Firewall Rules:

    • In the Google Cloud Console's navigation menu (usually on the left side), scroll down to VPC network and click on Firewall.

  3. Create a New Firewall Rule:

    • On the Firewall rules page, click the Create firewall rule button, usually located at the top of the page.

  4. Configure the Rule Details:

    • Name: Enter a unique and descriptive name for your firewall rule, for example, allow-tcp-8080-web-app.
    • Description: (Optional but recommended) Provide a brief explanation of the rule's purpose, such as "Allows incoming TCP traffic on port 8080 for web applications."
    • Network: Select the specific VPC network where your VM instances are located. This is typically your default network unless you've created custom ones.
    • Priority: Leave this at its default value (e.g., 1000) unless you have specific reasons to change it. Lower numbers indicate higher priority.
    • Direction of traffic: Select Ingress as this rule will apply to incoming traffic to your instances.
    • Action on match: Select Allow to permit the traffic.
    • Targets: Define which instances this rule should apply to:
      • All instances in the network: Applies to all VMs in the selected network (least restrictive).
      • Specified target tags: Recommended for better control. Enter a network tag (e.g., web-server) that you will apply to the VM instances that need port 8080 open.
      • Specified service account: Applies to instances associated with a particular service account.
    • Source IP ranges: This is crucial for security. Specify the IP addresses or CIDR blocks from which incoming traffic is allowed:
      • To allow traffic from anywhere on the internet (least secure, use with caution): Type 0.0.0.0/0.
      • To allow traffic from specific IPs or networks: Enter the CIDR block(s), e.g., 203.0.113.0/24.
    • Protocols and ports: Select Specified protocols and ports.
      • Check the box next to tcp and type 8080 in the adjacent field. This specifically targets TCP traffic on port 8080.

  5. Create the Rule:

    • Click the Create button at the bottom of the page to save and activate your new firewall rule.

Key Considerations for Firewall Rules

  • Security Best Practices: Always aim to limit Source IP ranges to the absolute minimum necessary. Using 0.0.0.0/0 opens the port to the entire internet, which can be a security risk if your application isn't hardened.
  • Targeting: Utilizing Specified target tags is highly recommended. This allows you to apply the firewall rule only to the relevant VM instances by assigning that tag to them.
  • Application Listening: Ensure that your application or service inside the VM instance is actually configured to listen on port 8080. The firewall rule only allows traffic to the VM; the application still needs to respond to it.

Example Use Cases for Port 8080

Port 8080 is commonly used for:

  • Web Application Servers: Often used by application servers like Apache Tomcat, Jetty, JBoss, or Spring Boot applications.
  • Development and Staging Environments: Running non-standard HTTP services during development or testing.
  • Proxy Servers: Some local or forward proxies might use this port.

Firewall Rule Components at a Glance

Component Description Example for Port 8080
Name Unique identifier for the rule. allow-web-app-8080
Direction Specifies if rule applies to incoming (ingress) or outgoing (egress). Ingress
Action on match What to do with traffic matching the rule. Allow
Targets Which instances the rule applies to. Specified target tags: web-app
Source IP ranges The IP addresses from which traffic is allowed/denied. 0.0.0.0/0 (public) or 10.0.0.0/8
Protocols & ports The specific protocols and ports to allow/deny. tcp:8080

Verifying Your Firewall Rule

After creating the rule, you can verify its effectiveness:

  1. Check Rule Status: Go back to the Firewall section in the Google Cloud Console and confirm that your new rule is listed and active.
  2. Test Connectivity:
    • Ensure an application or web server is running and listening on port 8080 inside your VM instance.
    • From a machine outside your GCP network (and within your allowed Source IP ranges), attempt to connect:
      • Using telnet: telnet YOUR_VM_EXTERNAL_IP 8080
      • Using netcat (nc): nc -vz YOUR_VM_EXTERNAL_IP 8080
      • If successful, you should see a connection established or a message indicating the port is open. If it fails, check your firewall rule settings, VM network tags, and ensure the application is listening.
← Previous Article
Do You Need LT Tires on Your 1500 Truck?
Next Article →
How to Adjust to a New Language