This tutorial describes how to configure a Cloud Storage bucket to host a static website for a domain you own. Static web pages can contain client-side technologies such as HTML, CSS, and JavaScript. They cannot contain dynamic content such as server-side scripts like PHP.
Because Cloud Storage doesn't support custom domains with HTTPS on its own, this tutorial uses Cloud Storage with an external Application Load Balancer to serve content from a custom domain over HTTPS. For more ways to serve content from a custom domain over HTTPS, see troubleshooting for HTTPS serving . You can also use Cloud Storage to serve custom domain content over HTTP , which doesn't require a load balancer.
For examples and tips on static web pages, including how to host static assets for a dynamic website, see the Static Website page .
Objectives
This tutorial shows you how to:- Create a bucket.
- Upload and share your site's files.
- Set up a load balancer and SSL certificate.
- Connect your load balancer to your bucket.
- Point your domain to your load balancer using an
A
record. - Test the website.
Costs
This tutorial uses the following billable components of Google Cloud:
See the Monitoring your charges tip for details on what charges may be incurred when hosting a static website.
Before you begin
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project .
-
Make sure that billing is enabled for your Google Cloud project .
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project .
-
Make sure that billing is enabled for your Google Cloud project .
- Enable the Compute Engine API for your project.
- Have the following Identity and Access Management roles: Storage Admin and Compute Network Admin .
- Have a domain that you own or manage. If you don't have an existing domain,
there are many services through which you can register a new domain, such as Cloud Domains
.
This tutorial uses the domain
example.com
. - Have a few website files you want to serve. This tutorial works best if you
have at least an index page (
index.html
) and a 404 page (404.html
). - (Optional) If you want your Cloud Storage bucket to have the same
name as your domain, you must verify that
you own or manage the domain that you will be using
. Make sure you are
verifying the top-level domain, such as
example.com
, and not a subdomain, such aswww.example.com
. If you purchased your domain through Cloud Domains, verification is automatic.
Create a bucket
To create a bucket:
Console
- In the Google Cloud console, go to the Cloud Storage Buckets
page.
- Click + Create .
- On the Create a bucket
page, enter your bucket information. To go to the
next step, click Continue
.
- For Name your bucket , enter a name that meets the bucket name requirements .
- For Choose where to store your data , select a Location type and Location where the bucket data will be permanently stored.
- For Choose a storage class for your data
, either select a default storage class
for the bucket, or select Autoclass
for automatic storage class management of your
bucket's data.
Note: The Monthly cost estimate panel in the right pane estimates the bucket's monthly costs based on your selected storage class and location, as well as your expected data size and operations.
- For Choose how to control access to objects
, select whether or not your bucket
enforces public access prevention
, and
select an Access control
model
for your
bucket's objects.
Note: If public access prevention is already enforced by your project's organization policy , the Prevent public access toggle is locked.
- For Choose how to protect object data , configure Protection tools if desired, and select a Data encryption method .
- Click Create .
To learn how to get detailed error information about failed Cloud Storage operations in the Google Cloud console, see Troubleshooting .
Command line
-
In the Google Cloud console, activate Cloud Shell.
At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.
-
In your development environment, run the
gcloud storage buckets create
command:gcloud storage buckets create gs:// BUCKET_NAME --location= BUCKET_LOCATION
Where:
-
BUCKET_NAME
is the name you want to give your bucket, subject to naming requirements . For example,my-bucket
. -
BUCKET_LOCATION
is the location of your bucket. For example,us-east1
.
If the request is successful, the command returns the following message:
Creating gs:// BUCKET_NAME /...
Set the following flags to have greater control over the creation of your bucket:
-
--project
: Specify the project ID or project number with which your bucket will be associated. For example,my-project
. -
--default-storage-class
: Specify the default storage class of your bucket. For example,STANDARD
. -
--soft-delete-duration
: Specify the soft delete retention duration of your bucket. For example,2w1d
. -
--uniform-bucket-level-access
: Enable uniform bucket-level access for your bucket.
For a complete list of options for gcloud bucket creation, see
buckets create
options .For example:
gcloud storage buckets create gs:// BUCKET_NAME --project= PROJECT_ID --default-storage-class= STORAGE_CLASS --location= BUCKET_LOCATION --uniform-bucket-level-access
-
Client Libraries
C++
For more information, see the Cloud Storage C++ API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
C#
For more information, see the Cloud Storage C# API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
Go
For more information, see the Cloud Storage Go API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
Java
For more information, see the Cloud Storage Java API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
Node.js
For more information, see the Cloud Storage Node.js API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
PHP
For more information, see the Cloud Storage PHP API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
Python
For more information, see the Cloud Storage Python API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
Ruby
For more information, see the Cloud Storage Ruby API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
Terraform
You can use a Terraform resource to create a storage bucket .
The following sample includes assigning an index page suffix and a custom error page. For more information, see Assign specialty pages .
REST APIs
JSON API
-
Have gcloud CLI installed and initialized , in order to generate an access token for the
Authorization
header.Alternatively, you can create an access token using the OAuth 2.0 Playground and include it in the
Authorization
header. - Create a JSON file that contains the settings for the bucket, which must include a
name
for the bucket. See the Buckets:Insert documentation for a complete list of settings. The following are common settings to include: -
BUCKET_NAME
is the name you want to give your bucket, subject to naming requirements . For example,my-bucket
. -
BUCKET_LOCATION
is the location where you want to store your bucket's object data . For example,US-EAST1
. -
STORAGE_CLASS
is the default storage class of your bucket. For example,STANDARD
. - Use
cURL
to call the JSON API :curl -X POST --data-binary @ JSON_FILE_NAME \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json" \ "https://storage.googleapis.com/storage/v1/b?project= PROJECT_IDENTIFIER "
Where:
-
JSON_FILE_NAME
is name of the JSON file you created in Step 2. -
PROJECT_IDENTIFIER
is the ID or number of the project with which your bucket will be associated. For example,my-project
.
-
{ "name": " BUCKET_NAME ", "location": " BUCKET_LOCATION ", "storageClass": " STORAGE_CLASS ", "iamConfiguration": { "uniformBucketLevelAccess": { "enabled": true }, } }
Where:
XML API
-
Have gcloud CLI installed and initialized , in order to generate an access token for the
Authorization
header.Alternatively, you can create an access token using the OAuth 2.0 Playground and include it in the
Authorization
header. - Create an XML file that contains settings for the bucket. See the XML: Create a bucket documentation for a complete list of settings. The following are common settings to include:
-
BUCKET_LOCATION
is the location where you want to store your bucket's object data . For example,US-EAST1
. -
STORAGE_CLASS
is the default storage class of your bucket. For example,STANDARD
. - Use
cURL
to call the XML API :curl -X PUT --data-binary @ XML_FILE_NAME \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "x-goog-project-id: PROJECT_ID " \ "https://storage.googleapis.com/ BUCKET_NAME "
Where:
-
XML_FILE_NAME
is name of the XML file you created in Step 2. -
PROJECT_ID
is the ID of the project with which your bucket will be associated. For example,my-project
. -
BUCKET_NAME
is the name you want to give your bucket, subject to naming requirements . For example,my-bucket
.
-
<CreateBucketConfiguration> <LocationConstraint> BUCKET_LOCATION </LocationConstraint> <StorageClass> STORAGE_CLASS </StorageClass> </CreateBucketConfiguration>
Where:
Upload your site's files
Add the files you want your website to serve to the bucket:
Console
- In the Google Cloud console, go to the Cloud Storage Buckets
page.
-
In the list of buckets, click the name of the bucket that you created.
The Bucket detailspage opens with the Objectstab selected.
-
Click the Upload filesbutton.
-
In the file dialog, browse to the desired file and select it.
After the upload completes, you should see the filename along with file information displayed in the bucket.
To learn how to get detailed error information about failed Cloud Storage operations in the Google Cloud console, see Troubleshooting .
Command line
Use the gcloud storage cp
command to copy files to your bucket.
For example, to copy the file index.html
from its current location Desktop
to the bucket my-static-assets
:
gcloud storage cp Desktop/index.html gs://my-static-assets
If successful, the response looks like the following example:
Completed files 1/1 | 164.3kiB/164.3kiB
Client libraries
C++
For more information, see the Cloud Storage C++ API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
C#
For more information, see the Cloud Storage C# API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
Go
For more information, see the Cloud Storage Go API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
Java
For more information, see the Cloud Storage Java API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
The following sample uploads an individual object:
The following sample uploads multiple objects concurrently:
The following sample uploads all objects with a common prefix concurrently:
Node.js
For more information, see the Cloud Storage Node.js API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
The following sample uploads an individual object:
The following sample uploads multiple objects concurrently:
The following sample uploads all objects with a common prefix concurrently:
PHP
For more information, see the Cloud Storage PHP API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
Python
For more information, see the Cloud Storage Python API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
The following sample uploads an individual object:
The following sample uploads multiple objects concurrently:
The following sample uploads all objects with a common prefix concurrently:
Ruby
For more information, see the Cloud Storage Ruby API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
Terraform
REST APIs
JSON API
-
Have gcloud CLI installed and initialized , in order to generate an access token for the
Authorization
header.Alternatively, you can create an access token using the OAuth 2.0 Playground and include it in the
Authorization
header. -
Use
cURL
to call the JSON API with aPOST
Object request. For the fileindex.html
uploaded to a bucket namedmy-static-assets
:curl -X POST --data-binary @index.html \ -H "Content-Type: text/html" \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://storage.googleapis.com/upload/storage/v1/b/my-static-assets/o?uploadType=media&name=index.html"
XML API
-
Have gcloud CLI installed and initialized , in order to generate an access token for the
Authorization
header.Alternatively, you can create an access token using the OAuth 2.0 Playground and include it in the
Authorization
header. -
Use
cURL
to call the XML API with aPUT
Object request. For the fileindex.html
uploaded to a bucket namedmy-static-assets
:curl -X PUT --data-binary @index.html \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: text/html" \ "https://storage.googleapis.com/my-static-assets/index.html"
Share your files
To make all objects in your bucket readable to anyone on the public internet:
Console
- In the Google Cloud console, go to the Cloud Storage Buckets
page.
-
In the list of buckets, click the name of the bucket that you want to make public.
-
Select the Permissionstab near the top of the page.
-
If the Public accesspane reads Not public, click the button labeled Remove public access preventionand click Confirmin the dialog that appears.
-
Click the add_box Grant accessbutton.
The Add principals dialog box appears.
-
In the New principalsfield, enter
allUsers
. -
In the Select a roledrop down, select the Cloud Storagesub-menu, and click the Storage Object Vieweroption.
-
Click Save.
-
Click Allow public access.
Once shared publicly, a linkicon appears for each object in the public access column. You can click this icon to get the URL for the object.
To learn how to get detailed error information about failed Cloud Storage operations in the Google Cloud console, see Troubleshooting .
Command line
Use the buckets add-iam-policy-binding
command:
gcloud storage buckets add-iam-policy-binding gs://my-static-assets --member=allUsers --role=roles/storage.objectViewer
Client libraries
C++
For more information, see the Cloud Storage C++ API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
C#
For more information, see the Cloud Storage C# API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
Go
For more information, see the Cloud Storage Go API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
Java
For more information, see the Cloud Storage Java API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
Node.js
For more information, see the Cloud Storage Node.js API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
PHP
For more information, see the Cloud Storage PHP API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
Python
For more information, see the Cloud Storage Python API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
Ruby
For more information, see the Cloud Storage Ruby API reference documentation .
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .