Skip to content


This page describes the infrastructure and other prerequisites for deploying Tower on Google Cloud Platform (GCP).

Tower container images#

Seqera Labs publishes Nextflow Tower Enterprise containers to a private Artifact Registry (AR) on GCP.

  1. Provide Seqera Labs with your GCP Service Account

    Supply your GCP Project's Service Account email address to the Seqera representative managing your onboarding and wait for confirmation that it has been added as an approved Artifact Registry Reader.

  2. Retrieve a local copy of the container

    Clients using the docker-compose deployment method must retrieve container copies for local use.

    1. Install gcloud CLI and Docker on the target machine.

    2. Authenticate the Service Account with the gcloud CLI.

    3. Configure Docker to interact with the GCP Region where the Seqera AR resides.

      gcloud auth configure-docker

    4. Confirm you have access to the repository.

      gcloud artifacts docker images list --include-tags

    5. Pull the containers to your machine:

      export REPOSITORY_URL=""
      export TAG="v22.1.5"
      docker pull ${REPOSITORY_URL}/backend:${TAG}
      docker pull ${REPOSITORY_URL}/frontend:${TAG}

Mandatory prerequisites#

SMTP server#

If don't have SMTP settings, you can use the WorkSpace SMTP Relay service for this.

You can also set up third party services like sendgrid, mailgun, mailjet etc from the Google Cloud marketplace. Work with your IT team to see what best works for your organization.

MySQL database#

We recommend the use of CloudSQL, Google Cloud’s fully managed database service, to setup a MYSQL database for Tower. Here is a quick start tutorial for setting up MYSQL on GCP.

  1. Browse to Cloud SQL and select Create Instance

  2. Select MySQL (you may need to enable the API)

  3. Change to Single zone availability unless there is a need for high availability

  4. Update the Region and Zone to match the location of your Tower deployment

  5. Expand Show configuration options, update Machine type and Storage settings. The recommended machine type and disk size depends on the number of parallel pipelines you expect to run. In this tutorial we use the Standard machine type with 1 vCPU, and 20 GB SSD storage.

  6. Expand Connections, disable Public IP, and enable Private IP

  7. Select the Network (usually default). You may need to set up a Private services access connection if you have not done it before for this VPC. Enable the API and select Use an automatically allocated IP range. Select Continue, then Create Connnection.

  8. Select Create Instance

  9. Once the database has been created, select the instance, then Databases, and create a new database tower

  10. Note the Private IP address of the instance as it will be supplied to the TOWER_DB_URL environment variable

Public IP address#

This IP address will be used to create the load balancer (ingress) for the Tower deployment. If you do not reserve an IP address, the ingress will create one for you automatically, but it will be different every time you deploy the ingress.

  1. Browse to VPC networkExternal IP addresses and select Reserve Static Address

  2. Assign a name e.g. tower-ip, this name will be used later to configure the ingress

  3. Select a region where your GKE cluster is deployed

  4. Select Reserve

VM instance (Docker Compose)#

A Compute Engine VM instance is required to deploy Tower via Docker Compose.

  1. From the Navigation menu of the Google Cloud console, select Compute Engine to create a new VM instance. Select the machine name, region/zone, and machine type. In this example we have used an e2-standard-2 instance (2 vCPUs, 8 GB memory).


    You can use the container-optimized OS for the VM.

  2. Enable HTTP traffic. By default, the frontend is exposed to port 8000, so you will need to add a firewall rule to the underlying VPC network to allow port 8000 (after VM creation).

  3. SSH into the machine. If you run into issues with SSH or would like to set up IAP SSH refer to the documentation for TCP forward to IAP.

  4. Install Docker if it is not already installed.

  5. Test Docker by running the Docker Compose image. If Docker does not have sufficient permissions, consider following these steps to run it without root, or use sudo.

    # test docker compose
    docker run docker/compose:1.24.0 version
    # check that docker/compose image was pulled
    docker images
  6. Create an alias for docker-compose:

    echo alias docker-compose="'"'docker run --rm \
        -v /var/run/docker.sock:/var/run/docker.sock \
        -v "$PWD:$PWD" \
        -w="$PWD" \
        docker/compose:1.24.0'"'" >> ~/.bashrc
    source .bashrc
  7. Configure gcloud and Docker as described in the Tower container images section.

GKE cluster (Kubernetes)#

A Google Kubernetes Engine (GKE) cluster is required to deploy Tower via Kubernetes. Refer to the GKE documentation for instructions on how to provision your own cluster.


GKE Autopilot is not currently supported by Tower due to a privilege issue with the Redis deployment. However, you can achieve most of the same behavior with a Standard cluster by enabling autoscaling and node auto-provisioning.## Optional prerequisites

Optional prerequisites#

SSL certificate#

Required to handle HTTPS to your Tower instance.


As of Tower Enterprise v22.1.x, HTTP-only implementations must set the following environment variable in their Tower hosting infrastructure in order for users to be able to successfully log in: TOWER_ENABLE_UNSAFE_MODE=true.

Resource quotas#

Google Cloud resources are subject to quotas. To request an increase to any quota, please refer to the Google Cloud docs for quotas.

Back to top