I did pore through other similar questions and found answers. I am still having a situation that is not answered and I am not able to comment on those posts to seek clarifications. Thus this new question.
Let me explain my situation...
I have a GCP Project and enabled AppEngine on the same.
I have setup 3 services: 'default', 'api' and 'ui'.
I have deployed apps on all the 3 services and they are all being served through their appspot urls without any issues.
Now I want to setup routing using own domain, purchased from GoDaddy. The schema looks like the following:
www.my-domain.com -> 'default'
rest.app.my-domain.com -> 'api'
ui.app.my-domain.com -> 'ui'
I have the dispatch.yaml to setup the routing rules and I can see the same properly defined in the 'Services' screen. No problems there... The problem is in defining the custom domain mappings for these services.
For the 'default' service, it was easy. GAE identified GoDaddy and requested A & AAAA records for managed security. And then CNAME 'www' pointing to 'ghs.googlehosted.com'. Done and all went well.
Now, for the other services, GAE is asking for the same set of A, AAAA and CNAME records.
Here is the problem. I cannot setup multiple CNAME records pointing to the same value ('ghs.googlehosted.com'). The GoDaddy cPanel/DNS Manager Tool does not even allow adding such records. I have spoken to their support and they confirm that their tool is restricted ti ICAAN policies. So multiple CNAME records is out of question.
As a workaround, I setup a sub-domain pointing to googledomains. I setup 'app' as a new Zone in 'Cloud DNS' in m GCP Project. All name servers are placed in master DNS zone in my GoDaddy. This could allow me to create CNAME record for 'app' in googledomains, atleast theoretically. But GAE Project Settings does not recognise the domain. Its forcing me to make the CNAME records in GoDaddy under the master zone. Not sure how Google doesnt understand the ICAAN policies!! So this option walked into a wall too.
Then I read about the wildcard subdomains. GoDaddy documentation describes the support for this but limited to a specific IP (so only A record). However, GAE needs the value 'ghs.googlehosted.com' and that means I must create a CNAME record only. There are many discussions on this; some saying this will not work and others claiming this works.
This is quite literally my last option and I would like to know how to make this work. If there is any other way to get this setup working, it would save me a lot of time and trouble. I am a developer and all this infra work is just such a hog on my productive bandwidth.
Thanking you in advance.
Finally, the way I have resolved this is to define a single wildcard CNAME in GoDaddy pointing to 'ghs.googlehosted.com' and registered all subdomains as new domain names (actually with different names) in googledomains now. The latter is an alternate fail-safety to ensure my clients can connect. I am now waiting for the current subscription to run out and move away from GoDaddy after. Right now, the pricing I pay GoDaddy is too much compared to Google Domains and for the level of support quality from GoDaddy it is really not justified.
So, I've worked on this for some time and I believe that there is something odd here.
I tried this with a go daddy domain and 2 app engine services. So the steps that I followed are explained next:
1) Go to App engine and on settings/custom domains add the custom domains you'd like to have (with the subdomains in this case)
2) On go daddy you need to go to your domain and admin your DNS records on your domain.
3) Add The Cnames registers with your sub domain pointing to ghs.googlehosted.com
4) deploy your dispatch.yaml
The thing that I don't understand is why you say that is impossible to do the step 3 as it has never caused issues when I tried to do this. Could you specify how are you doing the third step in go daddy?
Additionally, I believe that this same information is better explained on this documentation Is just that I don't get why is it failing on your side.
Related
I'm doing a server-side GTM setup. I managed to set up a Google cloud App engine.
I added a custom domain (verified with Google webmaster central, added DNS records etc.).
I can see in the Cloud settings that the custom domain (actually it's a subdomain) is set up, using also Google-managed, auto-renewing SSL.
So, everything looks fine except when I try to access this custom domain (directly or while doing a GTM container preview), I get the connection error in the browser (ERR_CONNECTION_CLOSED).
Since all DNS records looks OK (I have TXT record for the GWC/ownersip verification, 4 A records and 4 AAAA records for Google cloud) I did a tracert where I can see that it gets to the google server (hop 5), but then it gets lost:
The last hop should be the subdomain, but it's a "random" Google server).
It's more than 24 hours from the DNS records change so I don't believe it's a DNS propagation issue (although it still might be of course but the chances are very small). So if anyone has any idea, what could be wrong, I'd be very glad :D
I managed to repeat exactly the same setup with another subdomain (on totally different domain). I had issues with geeting Google-managed certificate - it took the App Engine a really long time to install it. But at the end it worked.
So it looks like the issue is indeed with Google and the certificate. I'll wait and let you know if this was the issue.
Edit (additional explanation): it turns out that the issue is with the client's domain which doesn't allow another CAA (in this case Google or Let's encrypt) to issue a certificate.
You haven't mentioned a CNAME record for the subdomain. You need a DNS record like this for the subdomain to work:
www CNAME ghs.googlehosted.com
I've assumed that www is you subdomain but you would use your subdomain if different.
I've looked at previous questions enter link description here, but they use the GSuite Administrator to make changes, while my app uses GCloud. The domain registrar is separate since Google domains don't work in my country.
I mainly followed this guide to setting up my Zones and updating the name servers. I've configured the
https://cloud.google.com/dns/docs/update-name-servers
The question I linked to earlier recommended setting up a www. subdomain, but it used Authenticator. I'm not sure how to do this in a zone. I set up all the records properly in my domain registrar.
Here are the settings:
When I load the site itself (There's no actual HTTP response code):
And when I try the www. subdomain
I'm sure there's a step I'm missing, but this is my first site with GCloud. So I'm not very familiar with the process.
I think where is your missing step.
When you ask Google to use your domain, Google will expose HTTPS endpoint. HTTPS requires a certificate, and Google will generate it for you. However, before doing this, Google has to be sure that the domain belong to you.
You have to prove to google that you own your domain. For this, go to this page, log in and add a property (your website URL). Follow the instruction and be sure that your property has been validated.
Then, wait some minutes (hours?) the time that the certificates are generated and deployed.
My use case is this: I have a domain that points to a server at IP 1.2.3.4 and I would like a subdomain at the domain to point to my App Engine application i.e.
example.com --> 1.2.3.4
app.example.com --> App Engine application
The naked domain as well as the www subdomain must point to the standalone server.
From what I've found out so far, this doesn't seem possible.
Would anyone be able to confirm if this configuration is indeed not possible?
I might actually have a better solution to this.
You can only verify the subdomain.domain.tld with google.
Then you only will add A and AAAA entries to the DNS, with the alias subdomain.
subdomaid.domain.tld will then be independent from domain.tld
After much testing, I've come to the conclusion that the scenario which I've painted is not feasible. So I settled for www.example.com to point to the web server (1.2.3.4) and app.example.com
When users go to the naked domain example.com, they get redirected to www.example.com
Here's what I did:
Remap the naked domain's A records (4 of them, and 4 AAAA records) back to the IP addresses that App Engine suggested.
Added a redirect of the naked domain to the www subdomain, and
Added an A record for www to point to the web server IP (i.e. 1.2.3.4)
Finally, added a CNAME record for app to point to ghs.googlehosted.com so that app.example.com points to the App Engine application.
There might be another option, but I can't really test it for sure as I can't risk it my app ever fails without me knowing.
So from my empirical testing, I was able to set the domain to external hosting and subdomain to GAE:
point main domain to google.
point subdomain to google
wait for certificates to be issued
remove domain from "custom domains" tab (click on the trash can)
point your domain wherever you want
This worked for me for 4 days, in test env, but I couldn't really risk my app of this kind of failure, so I just used the accepted answer at the end (redirect domain to www)
This is definitely possible, I've done it for the exact same scenario:
In App engine, when you verify your domain, only map the subdomain (mysubdomain.example.com). GCP will prepopulate the naked and www domains. Remove them before proceeding.GCP will then provide the A, AAAA, and CNAME records for you to add to your DNS records.
Go to wherever you manage those (Google Domains, GoDaddy, etc), and add all four A's, all four AAAA's and the CNAME yo your subdomain/host
Eventually, gcp should see it's provided records on the DNS records and should issue certificates for https.
On gcp, adjust the dispatch.yaml file to route things to the service I wanted:
dispatch:
- url: "mysubdomain.example.com/*"
service: myservice
Your service should now be accessible via https://mysubdomain.example.com with a pretty padlock to go with it.
Yes, I can confirm this is possible. In fact, it is the recommended way for handling the microservice architecture on App Engine [0].
In your case specifically, all you have to do is create a CNAME with your DNS registrar pointing to ghs.googlehosted.com.
You then have to first verify your TLD with App Engine and add a specific mapping to your subdomain as described here [1].
Let me know if you have any specific questions with the process.
[0] https://cloud.google.com/appengine/docs/standard/python/microservices-on-app-engine
[1] https://cloud.google.com/appengine/docs/standard/python/console/using-custom-domains-and-ssl
I found out it is possible to verify ownership of the whole url, and use that...
App Engine doesn't need to have the A records on the root domain if
you are only serving from a subdomain. App Engine should work properly
for you with just the one CNAME on subdomain.example.com.
Duplicate of App Engine and Firebase Hosting in One Domain
This is the correct answer and is working as expected.
I have deployed an application on Google App Engine and I want to link a Subdomian to that application.
I currently have a domain that is linked to a "live" site. from Google documentation I understand that i need to set up my domain with Google Apps:
To serve your app on a custom domain, the domain must be set up with Google Apps
(Source)
What exactly that mean?
I've looked in Google documentation and could get a clear idea...
Does that will effected my "live" site in some way?
just to clarify, www.mydomain.com - points a site that i own and i want sub.mydomain.com to point to my Google application.
You need to make a CNAME to forward to your app address.
Let's say your app address is https://yourapp.appspot.com, and you want sub.mydomain.com to forward to it, just do like below:
Please read THIS first, follow the steps until step 5. You'll need to type your mydomain.com in step 3, and type sub in step 5. After these, you'll some steps on how to Chang CNAME record, just follow:
set your host name to sub
Type: CNAME
IP address/host name: ghs.google.com.
Priority status: (whatever just make it's the number)
OK, and you'll visit your app by http://sub.mydomain.com, different hosting providers have different time to set it valid. :)
BTW, it'll not effect your "live" site in any way. As your main site use mydomain.com, and you just need sub.mydomain.com. What GAE said is that, if you want to set mydomain.com to your app, you need to set A type instead of CNAME type in your host. This domain hosting method includes more steps, you'll see GAE's doc that you found, and so it will effect your live site.
This means you have to register your domain with Google Apps here: https://www.google.com/a/cpanel/domain/new
You don't have to have your main website hosted on Google. Just how you arrange things is determined by how you configure your DNS which you will retain control of. Same for email you can have it delivered to Google Apps or not, depending on your DNS MX records.
You need to validate your ownership using webmasters by adding a txt record in you dns records, after that it will appears in the list of domains under App Engine > Settings > Custom domains.
I've been fooling around with the Google App Engine for a few days and I have a little hobby application that I want to write and deploy.
However I'd like to set it up so that users are not directly accessing the app via appspot.com.
Is hosting it through Google Apps and then pointing it at my own domain the only way to go? I looked at that a little bit and it seemed like a pain to implement but maybe I'm just missing something.
My other thought was to write the app-engine piece as a more generic web-service.
Then I could have the user-facing piece be hosted anywhere, written in any language, and have it query the appspot.com url.
Anyone have any luck with the web-service approach?
The reason Google Apps is required is because you need somewhere to a) verify you own the domain (otherwise, you might point it at app engine, then I might hijack it by adding it to my account) and b) set up domain mappings (which subdomains point to which of your appengine apps).
Since this stuff already exists in Apps, it seems silly to duplicate it in AppEngine.
As has been pointed out, it doesn't cost anything, and you do not need to "move" anything to Google. You simple created a cname record with a random name to verify you own the domain, and a cname for the subdomain you wish to point at App Engine. This only takes a few minutes, and once it's done, it's done forever.
Note: If you host your site elsewhere and use webservices, you need to scale the site/frontend. If you host on app engine, you get this for free :-)
I wrote an article on my blog about redirecting *.appspot.com domains to your custom domain to keep your branding:
http://blog.dantup.com/2009/12/redirecting-requests-from-appid-appspot-com-to-a-custom-domain
To do this, I believe you need to be using Google Apps and have a custom domain setup for Google Apps. Then, you deploy your app into your Google Apps domain.
Here is google's official instructions on how to do that:
http://code.google.com/appengine/docs/domain.html
I have used this process for a couple of sites and it is easy and painless, provided you have control on the DNS records for your domain (you should).
OK, we're now at the end of 2017 and things are a lot different regarding App Engine and custom domains. It's easy now!
Go to the app engine dashboard for your app and choose Settings, then go to the Custom Domains tab. From there, choose Add custom domain.
The tricky part is that Google needs to verify that you control the domain, so they ask you to put a TXT record in the DNS for your domain. Once you do that and Google it, you become "verified" as the owner of the domain.
After that, Google will give you a bunch of A and AAAA (for IP6) records to put in your DNS. Once you've done that, you should be good to go.
It can be easily done using request.getRequestURI() method. If the URL doesn't include your domain, just redirect it to the desired URL using
resp.sendRedirect("<your domain>")
Otherwise load a error page using
request.getRequestDispatcher("<error-page>").forward(request, response);