I am using the node runtime and flexible environment.
I would like to set custom HTTP response headers at the web server level (nginx). They should be present when testing the app before deployment.
Is this possible on GAE?
If you want to set custom response headers in App Engine Flex with node.js you have to set it in the code.
Example: response.setHeader('Content-Type', 'text/html');
Node.js documentation for reference.
Related
I'm running a GAE Standard Env. node/express app.
How can I configure Basic HTTP Authentication?
Is it possible to configure it with app.yaml?
I've read the docs, and did a lot of searching and so far it seems like I'll have to use my Express server to handle it. That seems weird because it requires that I have a server.
What if I wanted to serve a static HTML page? Then the express solution falls apart.
In nginx I can do this:
server {
...
auth_basic "Administrator’s Area";
auth_basic_user_file conf/htpasswd;
}
Is there an equivalent with app.yaml in GAE?
Thanks for your help =)
I think its not possible to do this type of authentication, but you have other options
- google sign in
- oauth
- firebase
* users api is available but not for node standard app engine
If you wanted to serve static html you might store it in Google Cloud Storage and Cloud storage has its own permissions options
I will create an API using Google App Engine (on golang).
API endpoint I will create publishes HTTP request.
The problem is that HTTP request in this endpoint cannot be keep-alive.
Why?
Is it possible to use keep-alive?
Sample source code is following.
https://github.com/suzuito/gae-example
I am new to Google App Engine services. I have a Java Maven project with one module running on app engine flex and other on app engine standard. I am using JWT authentication for App Engine Flex APIs. I want to make a post request from App Engine Standard to App Engine Flex. What should be the best way to authenticate the service?
Also, I have a cron service hitting a particular URL I am using for some backend stuff. How can I authenticate that the request has came from Cron service only?
For checking if the job is coming from the Cron service (assuming you are using the requests module):
is_cron = request.headers.get('X-Appengine-Cron', False)
if not is_cron:
return 'Bad Request', 400
If you are using another module, you just have to check the header from the cron job to make sure it is 'X-Appengine-Cron'
Source: https://cloud.google.com/appengine/docs/standard/python/config/cronref#cron_requests
Is it possible to make Google App Engine services only available on a Google Cloud internal network, and if so, how? I have some microservices that shouldn't be publicly available (for use by other services only).
I know you can configure firewalls, however:
The app engine firewalls apply to all services
I have no idea what IP range to allow for app engine services with the VPC, since app engine works with domains only, and doesn't specify what range it uses.
If you're using standard environment services you might be able to use the app ID to validate requests in such services. From Asserting identity to other App Engine apps:
If you want to determine the identity of the App Engine app that is
making a request to your App Engine app, you can use the request
header X-Appengine-Inbound-Appid. This header is added to the
request by the URLFetch service and is not user modifiable, so it
safely indicates the requesting application's ID, if present.
In order for this header to be added to the request, the app making
the request must tell the URLFetch service to not follow redirects.
That is, it must set the fetch follow_redirects parameter to
False. App Engine will then automatically add the header to the HTTP
response.
In your application handler, you can check the incoming ID by reading
the X-Appengine-Inbound-Appid header and comparing it to a list of
IDs allowed to make requests.
**Note:** The **X-Appengine-Inbound-Appid** header is only set if the call
is made to the **appspot.com** domain. If the app has a custom domain,
this header will not be set.
If however you're using the flex environment this approach doesn't work, see App Engine Flexible + App Identity (Python)
Using authentication with the app's own service account could be another thing to look at for the flex environment - but I didn't try it yet. See Service Account for the App Engine Flexible Environment.
Is there any open source app I can upload to Google App Engine, that proxies all requests (including POST and cookies) to a hostname that I choose?
Here you can find a guide and the source code to set up a GAE proxy based on Mirrorr, an open-source web caching project by Brett Slatkin.
Here is a list of other proxy projects.