I deployed a Streamlit app to App Engine and configured a custom domain https://datanerd.tech that I purchased through Google Domains.
The problem I'm running into is that when I type in the browser the naked domain datanerd.tech, I am not getting auto re-directed to a secure connection via https://datanerd.tech. Instead, it stays with http://datanerd.tech even though a secure option is available.
This is my app.yaml file:
runtime: custom
env: flex
service: default
I'm unable to use the following in the yaml file to force a secure connection because I need a flexible environment.
handlers:
- url: /.*
secure: always
redirect_http_response_code: 301
script: auto
I'm not as experienced with setting up web servers, and so I'm not sure if this is a Google issue or a Streamlit issue.
EDIT
Here are the rules I have set up for connecting my google domain to App Engine:
App Engine configuration
Google Domain configuration
EDIT 2:
I attempted domain forwarding from my Google Domain account using https://datanerd.tech and the url no longer worked due to "To many redirects". I even tried cycling the different options of 'Redirect Type', 'Path Forwarding', and 'SSL' with no luck.
I was NOT able to solve this issue using App Engine. I was able to get a partial solution for www.datanerd.tech using #NoCommandLine's solution.
Instead, Since I wasn't dependent on App Engine; I switched services to Cloud Run and was able to map the custom domain with no issues.
Thanks again for your patience #NoCommandLine.
Login to Google Domains and select your domain
Click on 'DNS' on the (left hand side) of the page and on the right hand side of the page, look for the Domain Forward section
Add an entry to forward http://datanerd.tech to https://datanerd.tech
Update
This is what shows up for https://datanerd.tech. http://datanerd.tech also works
Related
I have been using the Google App Engine Launcher's "Deploy" button. I realize that the Launcher is going away at the end of July 2020, so I'm trying to learn to use gcloud. My web site has a custom url, www.xxx.org, but "gcloud app deploy" uploads to xxx.appspot.com instead of to www.xxx.org, presumably because "target url" is set to xxx.appspot.com. Can someone please tell me what gcloud command I need to use to change "target url" to www.xxx.org, or some other scheme that would work? I've wandered through lots of gcloud and GAE documentation and web searches without being able to figure out what I need to do.
There is a very good and complete guide about mapping a custom domain to your application in the official documentation. As #DanCornilescu said,it needs to be configured, but it is not necessary to be done before deployment.
Basically, you need to follow the steps from the guide:
1) Verify that you are the owner of your domain through Webmaster
Central
2)Ensure that your domain has been verified, otherwise you will not be able to proceed with the following steps. Note that only verified domains will be displayed.
3)If you need to delegate the ownership of your domain to other users or service accounts, you can add permission through the Webmaster Central page
4)After you verify ownership of your domain, you can map that domain to your App Engine app
5)Add the resource records that you receive to the DNS configuration of your domain registrar
6)Test for success by browsing to your app via its new domain URL, for example www.example.com
In case you need to do more complex mappings for different urls and subdomains you can always write down the routing rules in the dispatch.yaml file and they will be mapped successfully.
Also, to add a bit more of information about the dipatch.yaml file, it will handle the routing in the App as opposed with the app.yaml which will take care of the App's settings. Both .yamls can exist in the same application and can be deployed at the same time by using the following gcloud command:
gcloud app deploy app.yaml dispatch.yaml
The deployment is always done to .appspot.com, the custom domain is automatically updated if it is already configured. If it is not then it needs to be configured (it can be done after the deployment as well).
How to restrict access to GAE Flexible site only for all account from my domain in GSuite and eventually other Google accounts that I provide explicitely. AFAIR there where something simillar in Standard GAE version in app.yaml handlers section.
So my scenario:
prodution versions restricted until go-live
dev and stage version restricted permanently
I would like to do this on the IAM level, to reject traffic to the site. But I didn't found anything in docs.
Ok, after rethink the problem and dig deeper in a documentation I found a page about dev environment - https://cloud.google.com/appengine/docs/standard/python/creating-separate-dev-environments.
So my current solution is not to have separate versions like dev, stage and prod and work with them within one project, but to create separate projects for each of environment.
It will also simplify management of DBs - previous I thought about different database in one DB server for particular environment. Now I will have a separate DB instance for it.
Anyway I still have a problem with securing access.
I did it in the same way like in Restrict App Engine access to G Suite accounts on custom domain:
changed Google Authentication to my Google Suite domain
added Custom Domain in my app
added my page domain to my GSuite as a second domain
And I still can connect to my page without auth - even in "Incognito mode" and on others computers and mobiles.
EDIT:
As a workaround I used Django-lockdown module. For the timebeing is more than enough - I have a password, I have a session, I can set it in Middleware or as a decorator for urls.
EDIT 2:
I noticed today a new feature in GAE Flexible - Identity-Aware Proxy.
This is the feature, that I was searching. You can restrict accces by:
Google Account email: user#gmail.com
Google Group: admins#googlegroups.com
Service account: server#example.gserviceaccount.com
Google Apps domain: example.com
I'm trying to assign custom domain to App Engine module. At the moment I have staging.example.com pointed to app-id.appspot.com and that works correctly but I also want to assign api.staging.example.com to api.app-id.appspot.com. I've created CNAME record from api.staging.example.com to ghs.googlehosted.com, added api.staging.domain.com in developers console/appengine/settings/custom domains and here is my dispatch.yaml:
dispatch:
- url: "staging.example.com/*"
module: default
- url: "api.staging.example.com/*"
module: api
Any ideas what could be wrong? Every request to endpoints on api.staging.example.com shows only 404 error and I can't see this in the logs, it looks like api.staging.example.com is pointed to somewhere else, all request to api-app-id.appspot.com works correctly.
Are you making HTTPS requests? The official docs note that double-wildcard domains are not supported for SSL certificates.
Google recommends using the HTTPS protocol to send requests to your app. Google does not issue SSL certificates for double-wildcard domains hosted at appspot.com. Therefore with HTTPS you must use the string "-dot-" instead of "." to separate subdomains
So you'll need to replace the first . with -dot- to follow this pattern:
https://module-dot-app-id.appspot.com. In your case api-dot-app-id.appspot.com.
OK, I know where is my problem - Google Cloud Endpoints.
Google Cloud Endpoints does not support custom domains.
https://cloud.google.com/appengine/docs/python/endpoints/
https://code.google.com/p/googleappengine/issues/detail?id=9384
I followed the steps detailed here to use a custom domain with google app engine.
I'm the admin of the Google Apps account
I'm the owner of the Google App Engine account
I've added the domain to my Google Apps account through my App Engine account
I see my App Engine app in my Google Apps account
I set the CNAME "test" to point to ghs.googlehosted.com
I added the web address under my Google Apps account and it says "Your users can access my-app-id at: test.mydomain.com
Now when I go to http://test.mydomain.com, it redirects to https://test.mydomain.com and I get an SSL connection error (Unable to make a secure connection to the server.)
I called Google Apps customer support because I have a paid business account, but the customer service guy said that this falls under App Engine support and he was not trained in this issue.
Help!
If you've done everything correctly, you should be able to access your site at http://test.mydomain.com. It sounds from the error you're getting that you're attempting to access it at https://test.mydomain.com (https as opposed to http).
If you want to access your app over SSL at your custom domain, you have more setup to do, as documented here: SSL for a Custom Domain. The steps necessary are many and subject to change; that link is the official source of current information on the matter.
Update: From your updated information, it sounds like you may have secure: always set in your app.yaml, or the Java-configuration equivalent of this setting. It would be helpful if you posted your configuration file.
Also note that it takes several minutes for Google to add a certificate on a domain you recently imported (it may require time for DNS configuration to spread). I personally didn't need to add any secure: configuration, it just worked after some time.
We have added a custom domain to our appengine app. We followed the instructions when we made our changes, but apparently something went wrong and we can't find the way to fix it.
In our google apps appengine tab, the main URL specified is https://appid.appspot.com. That means, however, that all traffic from the domain mappings will be sent to the https url, and of course this won't work. I don't know how this https url ended up there as in the app engine admin console, the app url is http://appid.appspot.com.
We haven't find the way to change this url. We have tried to disable this app in google apps but it didn't work, it stays there.
in your app.ymal
-secure: optional
for more details:
http://code.google.com/appengine/docs/python/config/appconfig.html
scroll to Secure URLs