I'm running a GAE Standard Env. node/express app.
How can I configure Basic HTTP Authentication?
Is it possible to configure it with app.yaml?
I've read the docs, and did a lot of searching and so far it seems like I'll have to use my Express server to handle it. That seems weird because it requires that I have a server.
What if I wanted to serve a static HTML page? Then the express solution falls apart.
In nginx I can do this:
server {
...
auth_basic "Administrator’s Area";
auth_basic_user_file conf/htpasswd;
}
Is there an equivalent with app.yaml in GAE?
Thanks for your help =)
I think its not possible to do this type of authentication, but you have other options
- google sign in
- oauth
- firebase
* users api is available but not for node standard app engine
If you wanted to serve static html you might store it in Google Cloud Storage and Cloud storage has its own permissions options
Related
I see no way to connect my app engine backends with Cloud CDN. Seems like it's only available when using Compute Engine directly.
No, that is not currently possible. Currently, Google Cloud CDN can be used only to serve content that originates from Cloud Storage buckets, Compute Engine instance groups, and Compute Engine network endpoint groups. I agree that it would make sense to support App Engine Standard, too!
Update
Currently in beta is Serverless NEGs (Network Endpoint Groups) which will allow you to use App Engine behind a HTTP(S) Load balancer and give you all the features provided with that including CDN
Original
Yes, App Engine will serve content via Google Cloud CDN as long as a cacheable response is returned.
Try setting the Cache-Control header to something like max-age=86400, public and ensuring a Set-Cookie header is not sent with the response
I have a static web client SPA serviced by a REST API. I'm trying to figure out the best way to host these apps on Google's Cloud Platform using App Engine to host the API, and Cloud Storage to host the static web client.
If I were doing this from scratch, a simple reverse proxy could manage routing traffic between the API and the client assets. To do the equivalent with GCP, I've looked at the following:
Google's Compute Engine supports content-based load balancing: though no equivalent for App Engine
the API on App Engine could proxy requests to Cloud Storage, though at the expense of unnecessary load on the API service
simply host the API and client on separate domains (App Engine and Cloud Storage respectively), and properly configure cross origin issues
Use Google Cloud Endpoints as a reverse proxy to route traffic appropriately between App Engine and Cloud Storage: haven't fully explored this option, though as of writing, Cloud Endpoints does not support routing to multiple hosts (which is defined only in v3 of the OpenAPI spec).
All of the above have limitations. What i'm trying to do seems fairly conventional, but I'm not sure what the path of least resistance is on GCP.
Google Cloud storage allow you to host a static website :
https://cloud.google.com/storage/docs/hosting-static-website
You don't need to use Endpoint or AppEngine as a reverse proxy
If you need to setup a load balancer based on route or if you need to setup ssl certificates you could use storage bucket as a service backend :
https://cloud.google.com/compute/docs/load-balancing/http/backend-bucket
Let's talk about serving SPA static files from Google App Engine.
The SPAs need to serve many routes to a single index.html, normally called rewrite rules.
App Engine can do that with a proper configured app.yaml handlers section.
For the real files part, you serve the real path:
- url: /assets/
static_dir: path/to/real/files
For these fake routes, serve the entrypoint index.html:
- url: /
static_file: path/to/index.html
upload: path/to/index.html
- url: /.*
static_file: path/to/index.html
upload: path/to/index.html
By this configuration, Google Frontend will serve the static files without hitting your backend.
Here's one Angular application and I deployed to App Engine, as an example:
Other stuff about securing APIs and CORS policies, you can consider using dispatch.yaml to avoid cross domain problem. Or serve from different domain with cloud endpoints (with IAP jwk configured).
As you have rightly observed, there are a number of complications that might come into play with your setup. The Google Cloud Storage is simply a Storage, which might not necessarily manage requests to GAE as well as you desire. Perhaps, using Endpoints would be a more viable solution in this case (considering your listed options), where you can use simple Javascripts to call Endpoints in your GAE applications from your Application Files in Google Cloud Storage. However, that being said, I think the better option is to move your static files into App Engine as described here. This will ease the complication of managing resources between two different technologies
Current App:
Goole App Engine on a custom domain: myapp.com
Google Cloud Storage bucket on a custom subdomain (it uses DNS): images.myapp.com
I have SSL certificate with the images subdomain
My question is: Is possible to have this configuration with SSL?
Things I have tried:
Load balancer. I cannot figure out how to redirect everything that is not /images/* to the GAE (it seems it only works with backends)
dispatch.yaml. I think it only works for the services you deploy
In App Engine Settings I have added images.myapp.com, but as the redirection of images.myapp.com is done at DNS level, the secure layer is lost
Any suggestion or idea is more than welcome.
Thank you!
The limitation comes from the Cloud Storage bucket presented as a website under a custom domain - you can't use SSL with that. From You want your content served through HTTPS:
SSL is not currently supported by the Cloud Storage webservers; thus,
you can only use a CNAME redirect with HTTP and not with HTTPS. If you
wish to serve content through HTTPS from your bucket, we recommend you
use a third-party Content Delivery Network with Cloud Storage.
Alternatively, you can serve your static website content from
Firebase Hosting instead of Google Cloud Storage.
If the content of your site meets the Code and static data storage quota you can serve your website through GAE, as static content (through a google CDN), which can be mapped to a custom domain and use SSL. See:
Serving Static Files
Hosting a static website on Google App Engine
If your content exceeds the mentioned quota then you can still serve it through your app, but dynamically, with your app accessing the content stored on GCS and serving it - more expensive as you'll be using instance hours for it.
We are trying to running an application (a java servlet that connects to guacamole server) on flexible appengine, in our troubleshooting it looks like there is a nginx proxy on the google cloud instance (the instance from which docker image is running).
Is there a way we customize the nginx configuration the google cloud instance to help resolve our issues?
Nope. The proxy is part of our infrastructure that you can't really customize. Can you be a little more specific? What are you trying to do?
I'm developing a Java app in GAE, which offers an API through Google Cloud Endpoints.
Basically it receives requests in the endpoints and uses a number of web services from different providers, stores some data and returns some data through the endpoints...
I understand that my app is conceptually a backend, because it doesn't provide any web page, but only the endpoints, don't you think so?
But there's no way to create only a backend, without being associated to any frontend app, is there? At least Google Plugin for Eclipse only allow you to "Generate App Engine Backend", from an existing app, and moreover this app must be an Android project...
I'm using it as a frontend and there's no problem, but apart from the conceptual issue, I've read that backends are kind of optimized to be backends, with more memory and CPU...
I think you're just confused because the Cloud Endpoints documentation uses the word 'backend' to refer to the entire cloud-hosted server implementation. It doesn't specifically refer to the use of GAE backend instances. Endpoint requests can be served by frontend or backend instances, based on how you set them up and the url being accessed.
From the App Ending docs:
"When an application is called to serve a web request, it must issue a response within 60 seconds"
"App Engine Backends are instances of your application that are exempt from request deadlines and have access to more memory (up to 1GB) and CPU (up to 4.8GHz) than normal instances."
So unless you're requests are doing something crazy, you don't need to use a backend. In the google-plugin-for-eclipse, "generate appengine backend" is talking about creating a backend for your android app... a server for your android app to contact (in this case your android app is the frontend and you're appengine app is the backend). In the example app you can remove the web side (index.html) to the appengine application and you'll have no web frontend. Index.html is using the gapi javascript library to make endpoints calls to your appengine service.