Staging Environments for WordPress Sites on GCP
If you are a web developer working with clients, running your own business website, or simply hosting your personal blog, you likely want to have a way for you or your customers to privately preview changes before they are made public. With Twingate Starter, you can easily create a private staging environment that is completely inaccessible from the public internet but still shareable with collaborators or clients — all without setting up a VPN, port forwarding, static IP addresses, or configuring DDNS.
In this guide, we’ll walk through how to set things up on Google Cloud Platform (GCP) for WordPress, but the same general steps also work if you use other solutions like AWS, Digital Ocean, or Linode. As the video tutorial below shows, the entire process takes under 3 minutes. We’ll walk through each step in the sections below.
🎥 Full 3 minute video tutorial:
Please also join us in our community forum to share and discuss your experience and any other use cases you’ve discovered!
GCP comes with pre-configured instances of WordPress to make it really fast to start building a website, and it has a free tier and free credits to get up and running with no cost. Please follow the short video tutorial below to deploy WordPress on GCP if you don’t already have it set up. Choose the GCP zone and machine configuration that is appropriate for you. As part of the deployment configuration, we can safely remove the external IP and deny HTTP/HTTPS traffic from the Internet. In the rest of this guide, we’ll show you how to use Twingate to grant yourself (or any other trusted party) secure, private access to your instance via just the Private IP address.
Sign up for Twingate
Twingate Starter is a new free plan that is designed for home and personal use. If you don’t have an account already, please click here and follow the simple steps to sign up for a Starter account and begin the initial setup. Once you have an account, there are 5 simple steps to get up and running.
1. Create a Remote Network
After creating a Twingate account, from the main “Network” page, add a new Remote Network and give it a name. This represents the network we’re going to connect to — in this case, that would be GCP.
2. Add a Connector
The next step is to deploy a Twingate Connector, which is a piece of software that allows for secure access to your remote network and the services running on it. In addition to Lightsail, it can also be deployed to other cloud instances (AWS, Azure, etc.) as well as your home devices, including Synology NAS and Raspberry Pi.
Generate Connector tokens
In this case, we’ll set it up on GCP. Click on one of the automatically generated Connectors (the names are random) and complete the following steps:
- Click on Linux as the deployment method
- Generate tokens. You’ll be prompted to sign in again, after which you should see two new tokens.
- Copy the automatically generated shell command. You will soon run this command on your Lightsail instance to install the Connector there.
Deploy the Connector on the Remote Network
In GCP, create a new VM instance where we’ll deploy the Twingate Connector.
- We suggest giving the VM instance the same name as the Connector for easy association
- Choose the Region, Zone, and Machine configuration that’s appropriate for you (some configurations can be free)
- Expand the “Networking, Disks, Security, …” section at the bottom, then expand the “Management” section. Inside the “Automation” textbox, paste in the command that was generated earlier. This will ensure that the Twingate Connector automatically installs and runs when you boot up your VM instance.
After just a minute or so, the instance should be up and running, and you can check the logs to verify that the Connector was successfully deployed. You should also see within the Twingate admin console that the Connector status has turned green.
3. Add a Resource
Now that you’ve deployed a Twingate Connector on GCP, you can get remote access to any other VM instance running on the same VPC network. Even though the WordPress instance has no external IP address and we’ve denied all HTTP/HTTPS access, we can add it as a Twingate Resource and get secure access.
Go back to your Remote Network and click on the “Add Resource” link. In the popup, click on the “CIDR Address” box, choose a Label name for the Resource, enter the private IP address of your WordPress VM instance, and click “Add Resource”. Congrats! You now have secure, private access to your VM instance and can use it as a staging environment for your WordPress site.
4. Download the Twingate client
All that’s left to do now is to install Twingate on your device (we support Windows, Mac, Linux and have apps for iOS and Android) to authenticate your account and authorize your access to the instance. As an example, let’s walk through setting up the Twingate client on macOS.
First, download and install the macOS app here. Type in the Network URL that you chose when you signed up (the
[abc] part of
[abc].twingate.com) and click “Join Network”. You’ll be asked to log in using the same account you used to sign up. After signing in, you’ll see that Twingate is connected with access to the Resource you created. Click on “Open in Browser…” and you should see your WordPress site is accessible via the Private IP address of your GCP VM instance, even though it has no public IP address.
Finally, disconnect from Twingate and try accessing the site again — you should see that it ’s completely inaccessible.
Congrats! You’ve finished setting up Twingate for GCP and used it to create a staging environment for your WordPress site. Anything else that you deploy to the same VPC network (e.g., a web app, dashboard, database, etc.) can also be added as a Resource, and you would have a private staging environment for those as well, using the same Connector. Join us in the community forum to share how things went and what cool use cases you’ve discovered!
5. Sharing is Caring
Do you want to share access to the WordPress site with a client, collaborator, or friend? You can easily do this from the Twingate web UI. Just go to the “Team” tab and click “Invite User” to send an email invitation. The recipient would simply follow the same steps to download the Twingate client, join your network, and get access to the WordPress site, or any other resource you set up!
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
Announcing WebAuthn for Twingate Universal MFA
Twingate is excited to announce support for WebAuthn MFA, enabling customers to use biometrics and security keys for MFA.