I have a PHP application on Google App Engine.
Currently, I have a promoted version (production) and it is automatically pointed to my custom domain with SSL certificate.
Then I have another version that has its own .yaml file and I create a version on the same GAE but it is not promoted and also I named it "pre-release" so I can identify from the other versions and it not get overwritten or confuse it with other versions.
The link of this version is: http://pre-release-dot-xxxxx.uc.r.appspot.com/
My question is how can I provide an SSL to this address or can I add this URL to my DNS domain i.e. using a subdomain.
I tried in different ways and still getting HTTP URL and not able to obtain an HTTPS: URL.
Some of the authorization depends on having a SSL and I am not able to use this version for testing.
Related
This page (https://cloud.google.com/appengine/docs/standard/nodejs/mapping-custom-domains) states:
Using subdomains
If you set up a wildcard subdomain mapping for your custom domain, then your application serves requests for any matching subdomain.
If the user browses a domain that matches an application version name or service name, the application serves that version.
If the user browses a domain that matches a service name, the application serves that service.
Also, this page (https://cloud.google.com/appengine/docs/standard/java/how-requests-are-routed) states:
Sends a request to an available instance of a specific version in the default service:
https://[VERSION_ID]-dot-[MY_PROJECT_ID].appspot.com
http://[VERSION_ID].[MY_CUSTOM_DOMAIN]
I have the following services for my App Engine project:
and following versions for this service:
"1" is the default version. "test1" is a test version.
Yet when I enter https://test1.mycustomdomain.com into a browser, it serves the default version, not the "test1" version.
If I enter https://test99.mycustomdomain.com into a browser, I see an error page because this version does not exist (as expected).
The URL, https://test1-dot-MY_PROJECT_ID.appspot.com/ works as expected (i.e. serves the "test1" version).
These are my configured domains:
How do I get App Engine to route a request to the correct version?
Any domain directly mapped to your app will serve the default service. If test1.mycustomdomain.com is mapped as a custom domain, it will always serve 1 (default).
To serve named GAE versions with a custom domain, you'll need to map the domain with the wildcard (*.mycustomdomain.com) and remove the other mapped subdomains that are conflicting with your versions. An example of working mapped domains would be:
mycustomdomain.com
www.mycustomdomain.com
*.mycustomdomain.com
With that setup, test1.mycustomdomain.com should serve the correct version, test1.
Edit
Regarding wildcard mapping and HTTPS
The GCP documentation about wildcard mapping states that:
Note: Wildcard mappings are not supported for managed SSL certificates.
This can lead to believe that wildcard mapping doesn't support HTTPS. The documentation is referring to the managed certificates that GAE provides. App Engine does support SSL certificates for wildcards if you use your own SSL certificates:
Some App Engine features use special subdomains. For example, an application can use subdomains to address application services, or to address different versions of your application. To use these with SSL, it makes sense to set up a SAN or wildcard certificate. Wildcard certificates only support one level of subdomain.
What is the correct way to map a custom domain to Google App Engine project?
I've added the custom domain, set up all the DNS records etc. and it is working! But how do I enforce HTTPS only? (Like the custom domain generated does)
From reading around many posts I have seen secure: always in a handler which I have tried, but doesn't seem to work (saw some comments that it doesn't work on flex environments?)
So how can I correctly map my domain to a flex php environment being HTTPS only?! Seems such a simple thing to want to be able to do!
While being somewhat related to a custom domain (for example the SSL certificate used by HTTPS being tied to the domain) the HTTPS-only behaviour is not really an attribute of the custom domain mapping operation, it's just a behaviour of the app itself (regardless of being mapped to a custom domain or not).
For standard environment GAE apps part of the HTTPS-only behaviour is an automatic http -> https redirection performed by the GAE infra on behalf of the app if secure: always is set in the app.yaml configuration file.
But that configuration has, indeed, been deprecated for the flexible environment GAE apps. The PHP-specific deprecation note can be found at app.yaml changes:
Secure handlers
The secure setting under handlers is now deprecated for the App
Engine flexible environment. If you need SSL redirection, you can
update your application code and use the X-Forwarded-Proto header to
redirect http traffic. You can also use the HTTP Strict Transport
Security response header.
You'll also note that there is no mentioning of secure (or handlers for that matter) in the app.yaml Configuration File doc.
So you need to take care of the http -> https redirection inside your app code (or the framework you use for it, if any and if it has such capability), possibly following the suggestions from the above quote. I can't really help with details on this as I'm not a PHP user.
I am trying to add an SSL Certificate to my Virtual Machine Instance on Google Compute Engine I created the key file and generated a CSR File, which I copied into GoDaddy to request a SSL Certificate.
I copied what they sent me and pasted it into a file name example.csr
I then ran this line in the instance:
gcloud compute ssl-certificates create certificate1 --certificate example.csr --private-key example.key
When I list my ssl-certificates I get:
NAME CREATION_TIMESTAMP
certificate1 2017-03-08T09:21:04.166-08:00
But I can't figure out why my webapp is not secure yet. When I go into my url it still says not secure.
EDIT
Source: SSL Certificates, Compute Engine Documentation
Although I've never used Google Compute Engine, I believe (after reading the documentation you linked) that you've just added the certificate, but you still need to configure it:
To use HTTPS or SSL load balancing, you must create an SslCertificate resource that can be used by your target proxy.
Note: SslCertificate resources are used only with load balancing
proxies such as a target HTTPS proxy or target SSL proxy. See that
documentation for when and how to use SslCertificate resources.
SslCertificate resources are not used on individual instances. On an
instance, install the normal SSL certificate as described in your
application documentation.
I suggest reading the links provided by the docs (above), depending of what you want to do (use a HTTPS proxy, SSL proxy or individual instance).
Short Answer:
We can't do that yet.
Medium Length Answer:
I had to actually install the SSL certificate directly on my application.
I have an App Engine App at http://1.lyfekit.appspot.com/ and I want to use the custom domain http:// www. lyfekit .com/
I verified the domain and added it to app engine app settings. I added the CNAME record www pointing to ghs.googlehosted .com
BUT, http:// www. lyfekit .com/ is going to https: //lyfekit .com/ and is giving me an SSL error. I do not need https. I simply want http.
The way I understand, if I am not using https, I do not need to configure a Google Apps Account for the domain.
HTTPS is a protocol. It's totally separate from a domain name.
Somewhere in your app.yaml or web.xml file you have specified that you want a connection to be secure. App Engine follows your instructions and tries to use HTTPS protocol instead of HTTP protocol. Remove these instructions, and App Engine will stop using HTTPS
I'm not sure what you have done but the default module for your app (the one which your domain is mapped to) can be seen here:
http://lyfekit.appspot.com
and as you can see it redirects to https (because it will have secured:always set in the app.yaml file).
With your original URL you are specifying a particular version of your app (version 1) but as you can see by accessing the main appspot domain that version is not set as the default version.
I was able to configure SSL for .pl to serve my appengine app over https.
My application always require https. For testing purposes I would like to be able to serve another version of my app (one that I have already uploaded). However, going to <app version>.<my domain name>.pl doesn't seem to work (I was able to do this before enabling SSL).
I purchased another SSL cert, for www.<app version>.<my domain name>.pl and configured it similarly how I configured the SSL cert for the naked domain. The problem is that under assigning urls it says "no matching urls" and doesn't allow me to enter a url.
EDIT: Turns out I can sort of achieve this by going to my apps https://..appspot.com if I disregard browser warning. Works for testing purposes fine to my mind.
To the extend I understand your question, you might be suffering from WWW and NON-WWW issue. You have configured your certificate for www...pl which should be configured on ..pl
Still it is not cleared. I can help you more accurately if you can elaborate your question.