From 876271dcebae42c83297c6d245877b5591f54514 Mon Sep 17 00:00:00 2001
From: Nikolay Edigaryev <edigaryev@gmail.com>
Date: Tue, 24 Dec 2024 16:39:26 +0400
Subject: [PATCH] docs: a firewall rule needs to be created when deploying
 Orchard to GCE (#983)

---
 docs/orchard/deploying-controller.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/docs/orchard/deploying-controller.md b/docs/orchard/deploying-controller.md
index 39983d29..ee0782f7 100644
--- a/docs/orchard/deploying-controller.md
+++ b/docs/orchard/deploying-controller.md
@@ -31,7 +31,13 @@ gcloud compute addresses create orchard-ip --region=us-central1
 export ORCHARD_IP=$(gcloud compute addresses describe orchard-ip --format='value(address)' --region=us-central1)
 ```
 
-Once we have the IP address, we can create a new instance with Orchard Controller running inside a container:
+Then, ensure that there exist a firewall rule targeting `https-server` tag and allowing access to TCP port 443. If that's not the case, create one:
+
+```shell
+gcloud compute firewall-rules create default-allow-https --direction=INGRESS --priority=1000 --network=default --action=ALLOW --rules=tcp:443 --source-ranges=0.0.0.0/0 --target-tags=https-server
+```
+
+Once we have the IP address and the firewall rule set up, we can create a new instance with Orchard Controller running inside a container:
 
 ```bash
 gcloud compute instances create-with-container orchard-controller \