I have been using the Google App Engine Launcher's "Deploy" button. I realize that the Launcher is going away at the end of July 2020, so I'm trying to learn to use gcloud. My web site has a custom url, www.xxx.org, but "gcloud app deploy" uploads to xxx.appspot.com instead of to www.xxx.org, presumably because "target url" is set to xxx.appspot.com. Can someone please tell me what gcloud command I need to use to change "target url" to www.xxx.org, or some other scheme that would work? I've wandered through lots of gcloud and GAE documentation and web searches without being able to figure out what I need to do.
There is a very good and complete guide about mapping a custom domain to your application in the official documentation. As #DanCornilescu said,it needs to be configured, but it is not necessary to be done before deployment.
Basically, you need to follow the steps from the guide:
1) Verify that you are the owner of your domain through Webmaster
Central
2)Ensure that your domain has been verified, otherwise you will not be able to proceed with the following steps. Note that only verified domains will be displayed.
3)If you need to delegate the ownership of your domain to other users or service accounts, you can add permission through the Webmaster Central page
4)After you verify ownership of your domain, you can map that domain to your App Engine app
5)Add the resource records that you receive to the DNS configuration of your domain registrar
6)Test for success by browsing to your app via its new domain URL, for example www.example.com
In case you need to do more complex mappings for different urls and subdomains you can always write down the routing rules in the dispatch.yaml file and they will be mapped successfully.
Also, to add a bit more of information about the dipatch.yaml file, it will handle the routing in the App as opposed with the app.yaml which will take care of the App's settings. Both .yamls can exist in the same application and can be deployed at the same time by using the following gcloud command:
gcloud app deploy app.yaml dispatch.yaml
The deployment is always done to .appspot.com, the custom domain is automatically updated if it is already configured. If it is not then it needs to be configured (it can be done after the deployment as well).
Related
I have one Node aplication runing on default App Engine service. Its was runing on "urlFromWebSite.appspot.com", and I config it to run in my domain url "customUrl.ai".
I built a second service with Node with name "second-service",and its runing at
"service-two-doturlFromWebSite.appspot.com", but i want to run at "subDomain.customUrl.ai"
I tried dispatch.yaml file with the url that i want for 'second-service';
Stack post 1 talking about dipatch
Stack post 1 talking about dipatch
GCP explanation for dispatch
I have tried Custom domains in App Engine > Settings > Custom domains;
GCP documentation for mapping custom domains
At custom domains I config my subdomain url, and it generates the DNS. ยด
I have question here:
Where should I add this DNS config? At the "customUrl" or should i create a new record set for it?
I have been strugling with it for 2 days already, and could figure it out how to solve it. How should i config this to change my second service's url for a custom subdomain?
When user enters customUrl.ai in a browser, traffic should be routed to Google's servers (for your GAE project). To do that, you configure DNS settings on your domain registrar's end.
When user enters subDomain.customUrl.ai in a browser, traffic should be routed to Google's servers. To do that, you also configure DNS settings on your domain registrar's end.
Both #1 & #2 are done for the same domain on your domain registrar's end (which is GoDaddy in your case). I believe this is what #JohnHanley is referring to. Put another way - just go to GoDaddy, find your domain and create entries corresponding to what GAE has outlined for you. If they are duplicates, GoDaddy will tell you.
I set up a custom domain with App Engine after following the instructions on DNS records:
https://cloud.google.com/appengine/docs/standard/java/mapping-custom-domains
It's working for the default service using URL
http://MY_CUSTOM_DOMAIN but I'm unable to access other services with URLs http://SERVICE_ID.MY_CUSTOM_DOMAIN. Do I need to map a different set of DNS records?
Here's a step-by-step:
Ensure you are a owner of the parent domain in here: https://www.google.com/webmasters/verification/home (e.g for subdomain.example.com you need to own example.com)
If not, ask a friend to add you as an owner.
Create a CNAME record pointing to: ghs.googlehosted.com (in Cloud DNS or wherever).
Note: This will cause downtime, but it is required for App Engine to create an SSL certificate so downtime is unavoidable...
Add custom domain to App Engine
Go to App Engine -> Settings -> Custom Domains
Click on Add a custom domain
Choose the verified parent domain and click Continue
Enter the subdomain (e.g subdomain.example.com) and click Save mappings
Click Done (you already did this last step)
Update App Engine dispatch rules
Run gcloud app describe --project <GOOGLE_CLOUD_PROJECT_ID> and take a look at the current section of dispatchRules
Create dispatch.yaml or dispatch.yml file with your new rule as well as the ones already existing above (note the file format is different from the command output)
dispatch:
- url: <DOMAIN>/* # e.g. subdomain.example.com/*
service: <SERVICE-NAME>
Deploy it using: gcloud app deploy dispatch.yaml --project <GOOGLE_CLOUD_PROJECT_ID>
Check how to use subdomains and how wildcard mapping works in the GCP docs here (actually these are the next steps at the website which you've followed and linked). Make sure that your DNS provider permits wildcards in CNAME host entries, otherwise such mapping will not be possible.
This blog post shows a real-life example of matching subdomains to services with App Engine.
How to restrict access to GAE Flexible site only for all account from my domain in GSuite and eventually other Google accounts that I provide explicitely. AFAIR there where something simillar in Standard GAE version in app.yaml handlers section.
So my scenario:
prodution versions restricted until go-live
dev and stage version restricted permanently
I would like to do this on the IAM level, to reject traffic to the site. But I didn't found anything in docs.
Ok, after rethink the problem and dig deeper in a documentation I found a page about dev environment - https://cloud.google.com/appengine/docs/standard/python/creating-separate-dev-environments.
So my current solution is not to have separate versions like dev, stage and prod and work with them within one project, but to create separate projects for each of environment.
It will also simplify management of DBs - previous I thought about different database in one DB server for particular environment. Now I will have a separate DB instance for it.
Anyway I still have a problem with securing access.
I did it in the same way like in Restrict App Engine access to G Suite accounts on custom domain:
changed Google Authentication to my Google Suite domain
added Custom Domain in my app
added my page domain to my GSuite as a second domain
And I still can connect to my page without auth - even in "Incognito mode" and on others computers and mobiles.
EDIT:
As a workaround I used Django-lockdown module. For the timebeing is more than enough - I have a password, I have a session, I can set it in Middleware or as a decorator for urls.
EDIT 2:
I noticed today a new feature in GAE Flexible - Identity-Aware Proxy.
This is the feature, that I was searching. You can restrict accces by:
Google Account email: user#gmail.com
Google Group: admins#googlegroups.com
Service account: server#example.gserviceaccount.com
Google Apps domain: example.com
I followed the steps detailed here to use a custom domain with google app engine.
I'm the admin of the Google Apps account
I'm the owner of the Google App Engine account
I've added the domain to my Google Apps account through my App Engine account
I see my App Engine app in my Google Apps account
I set the CNAME "test" to point to ghs.googlehosted.com
I added the web address under my Google Apps account and it says "Your users can access my-app-id at: test.mydomain.com
Now when I go to http://test.mydomain.com, it redirects to https://test.mydomain.com and I get an SSL connection error (Unable to make a secure connection to the server.)
I called Google Apps customer support because I have a paid business account, but the customer service guy said that this falls under App Engine support and he was not trained in this issue.
Help!
If you've done everything correctly, you should be able to access your site at http://test.mydomain.com. It sounds from the error you're getting that you're attempting to access it at https://test.mydomain.com (https as opposed to http).
If you want to access your app over SSL at your custom domain, you have more setup to do, as documented here: SSL for a Custom Domain. The steps necessary are many and subject to change; that link is the official source of current information on the matter.
Update: From your updated information, it sounds like you may have secure: always set in your app.yaml, or the Java-configuration equivalent of this setting. It would be helpful if you posted your configuration file.
Also note that it takes several minutes for Google to add a certificate on a domain you recently imported (it may require time for DNS configuration to spread). I personally didn't need to add any secure: configuration, it just worked after some time.
I recall seeing an option on the google app engine admin page that would allow me to duplicate/copy a deployment to a different appid. Was I imagining this? I do have a copy of all the files needed for deployment but I do not currently have access to a computer with admin privileges in order to install the GAE SDK.
Not relevant to this question, but FYI I need to do this simply because there is a major bug that's preventing me from logging in to a particular part of the admin interface and google tech support has failed to resolve the issue, so I'm just trying a workaround.
Copy old settings to new app via the admin console admin>application settings>Duplicate Application Settings. (you'll choose new appid here too)
Then upload a version of your code to the new appId (so you'll need gae sdk or use online sdk devtable).
Then go to datastore admin in the old app, select all the entities and choose "copy to another app" You'll need datastore admin to be enabled on the old app (and new app I think).