I have developed a website and deployed it via Google App Engine. But when I open the website with full url let's say "https://www.website.com" it opens but when I type "website.com" in url section of the browser it doesn't opens and says the site is not secure. How can I resolve this?
It looks like a couple of things are happening
If you just type in 'website.com', the browser will try to open 'http://website.com' (note there is no subdomain -www i.e. you are using the naked domain) unless you have done a redirection to 'www' in which case, you will get 'http://www.website.com'
If you have specified 'secure' always in your 'app.yaml' file, then GAE will redirect the 'http' to 'https'
It seems like
a) You have specified 'secure always' in your app.yaml file
b) You are not redirecting naked domain to sub-domain
c) You have mapped the sub domain, 'www' to your GAE appspot domain. You have not mapped the naked domain
Solution
Map both naked and subdomain (www) of your custom domain to your appspot.com urls
Enable SSL for both mappings
The browser will give you a not secure message but it will also allow you to "proceed with risk".
For example, take a look at this image:
chrome screenshot ssl warning
Click on Advanced >> Proceed to website name (unsafe). This will take you to the website.
Basically, the original problem is that your website is not redirecting to https when someone lands on the http page.
Follow this tutorial here to do so:
https://cloud.google.com/appengine/docs/standard/nodejs/application-security
Edit 1
I have just read your question again. I think your website does redirect from http to https but the problem is that the SSL certificate attached to this website is invalid. You need to have a good SSL certificate; one which has not expired.
Related
I have a GAE app set up to use a custom domain, let's call it mycustomdomain. This naked domain is working fine over HTTP and HTTPS. I also have a service called api, it can be accessed successfully by going to http://api.mycustomdomain.com (custom domain convention).
However, I can't access the api service over HTTPS. I uploaded a SSL for mycustomdomain.com, but I got an error (site can't be reached) for trying to accessing the api service over HTTPS. My question is do I need to purchase the wildcard.mycustomdomain.com SSL in order to access the api service over HTTPS? I don't have much experience dealing with SSL certs and GAE custom domain, so any help would be greatly appreciated. Thank you!
Edit: updated information for GCP Console configurations.
My app setup in the Console contains the following:
Services: default, api
Custom domain setup: mycustomdomain.com
SSL uploaded: ultrahdlivewallpaper.com (NOT the wildcard version), api.ultrahdlivewallpaper.com (unable to be enabled for custom domain, none matching)
More detail: The problem is when I map both ultrahdlivewallpapers.com and api.ultrahdlivewallpapers.com, they are both mapped to the default service. I want api. to point to the API service. If I only map ultrahdlivewallpapers.com, that allows me to access api service at the api subdomain, but then the api SSL can't be applied to api. subdomain because it's not listed as a subdomain.
07/24/17 Update: I believe this is a limitation with the App Engine Settings after trying out several scenarios via GAE Console. We have a custom domain set up for ultrahdlivewallpapers.com and enabled the SSL cert for this domain. The domain is pointing to the default service. We have a second service set up called API. Google's routing rules for any service set up is via HTTP:// service-id.custom-domain, which in our case is api.ultrahdlivewallpapers.com. However, when I upload the SSL for the api subdomain, Console couldn't find matching domains because the api subdomain is not specified via the Console. Now if I set up api.ultrahdlivewallpapers.com as a custom domain, I'm able to enable the SSL for api subdomain. Problem then becomes api subdomain is now pointing to the default service instead of the api service. If I remove the api mapping, I'm able to browse to the api service again, but no HTTPS! I don't believe there is a way to get this set up correctly without a wildcard SSL enabled for all subdomains. Please let me know if I'm missing anything. I have tried everything I can think of via the Console. Thanks.
You don't necessarily need a "wildcard" cert, per se. But, you do need to get a cert that covers all the subdomains. For example:
mycustomdomain.com
www.mycustomdomain.com
api.mycustomdomain.com
It's a standard solution, and not difficult to do. Certbot (Let's Encrypt) makes it easy.
If you choose to get a wildcard certificate installation is pretty straight forward:
You upload the certificate in the developer console (in App Engine -> Settings -> SSL Certificates -> Upload a new certificate). May require a bit of effort, see also Google App Engine SSL with Let's Encrypt "could not be inserted".
Once it's visible in the certificate table you can click on its name and you'll end up in the certificate edit screen where you can select which custom (sub)domains it applies to (from the list of all custom domains mapped in the app), looks like this:
Note: these are the corresponding custom domain mappings:
If you have another app (under the same admin account) which is also mapped to subdomains of the same domain you can activate the certificate on it as well in a similar manner (the console automatically shows the certificate in the list when you switch apps, no need to upload it again).
I have the following scenario:
Website is hosted in AppEngine and we want to force it to always load in https. (we use secure:always in app.yaml)
Domain is managed in Google Apps. We have uploaded SNI certificate and all looks good
In Google Apps we set the redirect of the naked domain to the www version of it
The following URLs all work:
http:// website.com (redirects to https:// www.website.com)
http:// www.website.com (redirects to https:// www.website.com)
https:// www.website.com (the URL of the app)
However this URL does not redirect and gives an error:
https:// website.com
Is this a bug or is this a settings issue?
As it is right now, SSL for naked domains does not work directly and this is an expected behavior. This is being tracked as issue 10802. Also, have a look at this question, where they found a workaround to use Naked domains and SSL through Google Apps. An alternative solution is proposed here.
I recently purchased a domain with Yahoo Domains for my GAE app. Where I managed to get the domain mapped into my GAE account.
Now, since GAE does not support naked domains, I just placed the CNAME for www to point to Google App Engine.
Everything works fine now, i.e. my app can be accessed through http://www.my-example-domain.com
The problem is with naked domain (with Yahoo), I am trying to forward the naked domain http://my-example-domain.com to http://www.my-example-domain.com however, the domain manager is complaining that the forward is not possible.
What could be the problem that forward is not possible? Also, is there a way to solve this in GAE management console, since Yahoo domain manager seems to not able to handle this.
Hi Please try to do the following changes from your Google Apps Admin Console.
Go to this URL for Domain Management Settings in Google Apps Console.
Under the Domain Management. Click on change redirect and add www.example.com. Also check the attached screenshot for the same.
Also follow the instructions provided in the URL change A record below change redirect url.
After making these changes you will see the URL will get redirected automatically.
i have domain name yaarineed.com. I have added SSL for this domain name(which is not installed correctly, pardon me for this). When i go to the naked domain in Mozilla it try to redirects to https://www.yaarineed.com. but in chrome it doesn't get redirected to https://www.yaarineed.com util i give www.yaarineed.com.
Please suggest me how to achieve this for chrome.
I have a GAE app and I have already been able to redirect appidentifier.appspot.com to my own domain's www subdomain and the naked domain. For example, if I owned foo.appspot.com and foo.com, then entering in www.foo.com or foo.com into the browser will render the contents of foo.appspot.com successfully. I configured all this using Google Apps on the Google side of things and NameCheap on the registrar side of things.
Now, I have made a new, non-default version of my GAE app. Let's call it dev.foo.appspot.com. How do I set up a URL forward (or what-not) so that I can access this GAE version by simply entering dev.foo.com into my browser?
What you are looking for to do is possible if you set up a wildcard subdomain mapping. This is well documented in the final section of Using a Custom Domain.