I am wondering if there is an example of a static site running on google app engine which includes protected pages (that can only be accessed with authentication/authorization). I have in mind something that might be similar to what mod_auth_openidc supports for the Apache web server.
If not, what might be the preferred way to go about such.
The only built in authorization would be methods supported in your app.yaml (or equivalent) such as admin, login, none. Meaning an admin of your google cloud project, a valid google account, or public. There is no way to perform additional checks in a purely static site.
Related
In the past when I've created a client-side web app using a framework like React, I can create a browser build and push it to a static hosting platform like AWS S3.
For Google Cloud Platform, it seems like the go-to approach is to deploy it to App Engine. If I'm understanding correctly, GAE is a combination of storage and compute resources.
Why can't I simply host the JavaScript app as prepared by webpack?
Google Cloud Storage (GCS) would be the way to go to host your static website on Google Cloud Platform (GCP). Notice that in order to use GCS you'll need to have a domain as well as a GCP project. The documentation is very straightforward on how to achieve this. Here you can find some examples and other useful information.
You could also host your static website on Google App Engine (GAE). But in this case you'll need to cleverly build your app.yaml file in order to manage your URL handlers, as well as structuring your project in a particular way. Simply uploading the JS app as prepared by webpack won't work. You can find all the useful information here in order to use GAE to host your static website.
I am writing a web application using Google App Engine, and to promote it (and give more information about it), I will also have a web site. For ease of deployments, it makes sense to have the web site separate from the application itself. I would like to be able to make changes to the web site independent of the application. I would think that making a change to the web site would NOT mean a re-deployment of the application.
I would like to have a domain, and for the purpose of this question, let's call it www.example.com.
App Engine allows for multi-tenancy, and it makes sense to use sub-domains. For this question, let's assume www.org1.example.com / www.org2.example.com, etc.
Given this scenario, how is this done in the enterprise world on GAE? Do companies:
have the web site and application all as one?
use their hosting provider to redirect sub-domain requests to their application?
have completely separate domains for the web site and application?
something else?
Thanks in advance,
If you want to be able to independently deploy the web app and the web site they need to be at least in separate GAE services/modules, which offer complete code isolation.
Yes, it's not a problem to have the separate services mapped under different subdomains of the same domain. I'm not very sure if it'd work with the sub-domain split you proposed and with wildcard SSL certificates. From App Engine support for SSL certificates:
Wildcard certificates only support one level of subdomain.
So I didn't even try such subdomains. But I am using a wildcard certificate like *.example.com with subdomains like these, each mapped to a different service:
www-org1.example.com
www-org2.example.com
I'm also using a dispatch.yaml file to route each domain to the respective service.
Now about the multi-tenancy, I'm unsure if it's what you actually need, because it's offering just data isolation, not code isolation. You still need to address code isolation if you want to deploy them independently. From About multitenancy:
Multitenancy is the name given to a software architecture in which one instance of an application, running on a remote server, serves
many client organizations (also known as tenants).
I have been trying to find a solution to accessing a datastore in one project from a different google app engine project. I went through the tutorial on accessing a datastore from a different project's compute engine, however, this is not what I am looking for. What is required here is accessing a datastore on one project from a different app engine project. Has anyone done this successfully? Any ideas?
Cheers
As #Patrice says, this is possible by using the Remote API for Java (or for Python), which lets you access different App Engine services from any other application, as stated in the documentation.
For a more specific information on how to access the Datastore remotely with the Remote API, please take a look at this article from the documentation that explains step by step all the procedure.
Please, take into account that if your Google account is configured to use 2-Step Verification, you will need an App Password that authorizes the app to access your account resources.
there is actually an API that lets you make calls to App Engine services from anywhere, even from another App, as long as the credentials are ok, it's called the "remote API"
I have a domain I bought (via godaddy.com) - let's call it xyz.com
I have an gae app - let's call it xyzweb.appspot.com
I added a masked redirect at godaddy dns management console and now xyz.com gets redirected to xyzweb.appspot.com (even though the address bar shows xyz.com)
This stops working well in some cases like when I give a direct url redirect like href='/static/url/tohelppage.html' or when I attempt to redirect for OAuth authorization. So I read other posts on what I need to do and the most referred one was https://developers.google.com/appengine/docs/domain.
Based on that page it appears that it is necessary to sign up for a new Google Apps account with the new domain name?
So I Have to pay for Google Apps separately beyond what I am paying for Google AppEngine?
And also manage a separate apps domain and its services? I already have google apps domains and this seems more overhead to run a small app on gae.
Could you please help me understand if I've understood this right? And if there is a way to avoid the additional overhead of an extra google apps account?
The way that I do this, is I set up a basic google apps account (which is free), and I link the GAE app to my google apps account. Then you can set google apps to alias "www" to the appengine app, and now your appengine app works on www.yourdomain.tld
It's explained more here, which I know you already looked at, but it explains it well. Try reading it again.
I am considering developing a platform in GAE.
for this to work I would like to be able to have run the same app engine instance run several 'sister' sites. This would be something similar to the way that the stack exchange sites work, so each 'sister' site would have its own users, data and theme (but may potentially be configured slightly differently - think different plugins used), but essentially would have the same function & format.
I would like to know if it would be possible to have each sister site have its own (customer defined) url, which would use the same app engine instance, and the app engine instance would be configured (by setting the site id and valid plugins for that site) depending on the url which was used to access it.
Yes, this is entirely possible. As Fox32 points out, you can use namespaces to separate different datasets. For domains, App Engine supports wildcard mappings, so you can map *.yoursite.com to your app. If you want to add custom TLDs, either you or your customers will need to create a Google Apps account for them, or add the domain as an alias on an existing Apps account, and associate it with the App Engine app - this doesn't require that they be admins of your app to do so.
You can use namespaces, to separate different websites, for many api methods. Take a look at the GAE documentation about it.
The Namespaces API is integrated with Google Apps, allowing you to use your Google Apps domain as the current namespace. Because Google Apps lets you deploy your app to any domain that you own, you can easily set unique namespaces for all domains linked to your Google Apps account.