I Bought a new domain through Google Domains and tried to connect it to my AppEngine project. But all I see is a warning symbol that says DNS records could not be found. Certificate activation will retry automatically. when on the SSL security step. I have followed the instructions at https://support.google.com/domains/answer/6009957?hl=en and it does not work. I have also tried to follow Google App Engine SSL error "DNS records could not be found" even though custom domain is working with no results. I need to be able to use this domain in AppEngine.
Related
I'm trying to configure my Google App Engine instance with Cloudflare for Saas, and more precisely Cloudflare's SSL for SaaS offering. The objective being that I can provide to my customer a "custom domain" (also known as "vanity domain"), such that they don't go to dashboard.mywebsite.com, but instead app.customerwebsite.com.
Configuration part
To make sure that my App Engine instance is correctly serving content on dashboard.mywebsite.com, I've made the following:
On Google Cloud side:
I've configured the custom domain dashboard.mywebsite.com.
I've let Google manage the SSL configuration (no custom key/certificate)
Here is my app.yaml configuration file:
runtime: nodejs14
env_variables:
NODE_ENV: 'production'
basic_scaling:
max_instances: 10
idle_timeout: 5m
On Cloudflare side:
I've updated the DNS records so that dashboard.mywebsite.com is perfectly working
I've configured the SSL on the Full mode (while I've tried with Flexible as well - both work)
I waited for a few hours and I confirm that dashboard.mywebsite.com resolves correctly and serves my content (from Google App Engine).
Next, custom domains
According to Cloudflare documentation, I had to register the fallback origin (i.e. dashboard.website.com) and then configure a custom hostname (e.g. app.customerwebsite.com). Which I did.
Now, according to Cloudflare documentation again, my customer has to create a CNAME record. Which I did with a domain of mine:
app.customerwebsite.com CNAME dashboard.mycompany.com
The issue
I waited a few hours again. Then, when I open app.customerwebsite.com in my browser, it shows a Google 404 error page instead of my dashboard. Which makes me think that Cloudflare successfully "redirects" the traffic to Google, but App Engine refuses to serve it. Probably because it doesn't know app.customerwebsite.com?
Any thoughts that would help?
As you noticed, the issue is not related to Cloudflare, but App Engine. The problem with your configuration is that, when App Engine receives a request, based on the Host header, it forwards the request to the right instance.
App Engine lets you map any custom domains that has been previously validated by Google. But in your situation, that would mean you have to register each custom domain of your customers on your App Engine instance. That's too cumbersome (if even possible).
What you need to do instead is the following:
enable a static IP address with Google Cloud
change your DNS record from dashboard CNAME ghs.googlehosted.com to dashboard A YOUR_IP_ADDRESS
configure a Google Cloud Load Balancer to map requests received on that IP address to your App Engine instance.
Google's documentation has a great guide on how to setup a load balancer with Cloud Run. By changing a few settings it works great with App Engine. As an extra help, below is the configuration details of our load balancer that allows us to provide vanity domains / custom domains to our customers through Google Cloud:
Again, the load balancer is here responsible to map all requests received by your IP address (no matter the Host header) straight to your App Engine instance.
As a best practice, it might be useful to push a dispatch.yaml file to your instance:
dispatch:
- url: '*/*'
service: default
Which tells App Engine to send all requests to the default service. It works a bit like a wildcard virtual hosts on an Apache server.
I am trying to figure out whether to use Google App Engine or other available PaaS. During my research, I am trying to figure out if a particular website using google app engine or not - Is there any known method to figure this out ?
Sorry for the basic question, but appreciate any help. Thanks.
You can recognize a GAE-based site based on the server's domain:
*.appspot.com - default domain of standard GAE apps
*.appspot-preview.com - default domain of newer flex GAE apps
custom domains mapped to ghs.google.com or ghs.googlehosted.com. See step 5 in the Adding a custom domain for your application procedure and how does ghs.google.com work?. Note that I'm unsure if this doesn't also apply to other Google products, not only to GAE.
There may be other such domains as well.
You can also check the Server header in the responses coming from the site. From Headers added or replaced:
Server
Set to Google Frontend. The development server sets this to
Development/x, where x is the version number.
ping the domain and if you have something with ghs.googlehosted.com:
PING ghs.googlehosted.com (216.58.213.147): 56 data bytes
It's a GAE application. You can also check the headers in requests from your browser's dev tools.
Does anyone know if it is going to be possible anytime soon to setup SSL for a custom domain without a Google App account directly from the Google cloud developers console? Signing up for yet another Google account is bordering on making me insane.
I have setup a custom domain via the Google cloud developers console for my app project, and this is serving as a naked url...no problem.
Then I tried to setup a Google App account with an existing account linked to my Google App Engine project as an owner, but it didn't like it. So I setup a new one (deleted now) and re-verified the custom domain, which then stopped the serving of the custom domain. I then deleted the Google App account and it started serving the custom domain again. I have no idea why, what or how...
I have purchased an SSL certificate from Comodo, not yet activated, and all I want to do is set it up without giving myself an emotional hernia, I get enough of those from coding! And, yes, read the docs, but you know, they suck! A step by step idiots example would be great!
Does anyone have a guide other than a google doc on how to setup SSL for a custom domain including activating the SSL cert etc. etc.
Thanks one and all
Ok, I have discovered that Google are moving the SSL setup to their developers cloud console at the end of August 2015. So I shall wait until then to see what that process is like and then decide to go with it or perhaps use Cloudflare or some other alternative if there is one.
See https://code.google.com/p/googleappengine/issues/detail?id=777
We have added support for custom domains for App Engine from the
Google Developers Console, meaning you can now associate a custom
domain without first associating that domain with Google Apps.
To access the feature, visit https://console.developers.google.com/
and you will find the option to add a custom domain under App Engine >
Settings.
NOTE: Currently we do not support SSL on custom domains created
through this method (although we expect to rectify this in a future
release). In the meantime, we continue to support SSL (via VIP or SNI)
for custom domains that are created through Google Apps, and we
continue to provide free HTTPS for all *.appspot.com domains.
I created a topic which I subscribe to using a push endpoint. The endpoint is a simple AppEngine web service. The Google PubSub documentation states that endpoints must be secured by HTTPS.
I am not receiving any traffic to the push endpoint. The AppEngine web service shows no requests. I've verified through the Google PubSub dashboard that messages are being published on the topic successfully. The dashboard shows unreachable_ssl_error for push subscriptions. Why is Google PubSub reporting this error?
When I try to access the SSL AppEngine endpoint via a browser I receive an SSL cert error also. Is this normal for AppEngine sites?
As documented at https://cloud.google.com/appengine/kb/general#https , SSL is supported on App Engine, but in a somewhat peculiar way.
Specifically, and I quote...:
Note: After April 2013 Google does not issue SSL certificates for
double-wildcard domains hosted at appspot.com (i.e. *.*.appspot.com).
If you rely on such URLs for HTTPS access to your application, change
any application logic to use "-dot-" instead of ".". For example, to
access version v1 of application myapp use
https://v1-dot-myapp.appspot.com.
Also look at the previous paragraph at this same URL about the need for secure in app.yaml and a link to language-specific instructions on exactly how to configure things, e.g https://cloud.google.com/appengine/docs/python/config/appconfig#Python_app_yaml_Secure_URLs if you're programming in Python.
The documentation for Google App Engine Federated IDs states:
WARNING: at the time of this writing, OpenID is not supported if your app runs in secure mode using HTTPS.
I am just checking to see if this is still the case. The bug seems to be related to Issue 3586, which remains unresolved.
There is a similar question, but it has not been updated in two years: Secure remote_api in app engine with OpenID.
If I understand correctly, this issues means that one cannot use OpenIDs with Google App Engine if your app requires SSL. Do I understand correctly? Are there any workarounds (e.g. Janrain's RPX)?