Redirector service - google-app-engine

I’m planning an URL redirector service.
I want to listen for domains added by the users, check the URL for old paths and redirect the visitor to the right ones.
I was thinking about using App Engine (Java), but it seems as I can’t programmatically set customs domains. Is this info right?
Is there any Google Cloud service or set of services that I could use to accomplish what I need?

You are correct that you cannot programatically create custom domains in GAE.
Your best bet is to use a solution that provides an external IP address that isn't shared with other users - you can then accept all traffic and dispatch according to Host header.
You could do this using GCE (with or without LB) or GKE.

Related

GAE custom domain wildcard subdomain issues

Whiles playing around with GAE custom domain setup in hopes of building a multi-tenant application. I noticed that wildcard sub domains don't quit work as documented.
for example, if one configures domain *.dev.example.com *.qa.example.com you would expect dev.example.com to automatically serve default services deployed in appengine, I however noticed that recently I would have to explicitly enter default.dev.example.com. This however is not what has been documented.
Anyone understands why this is now the case? the domains are verified with DNS configuration on Google DNS service. All works as expected, meaning that I can reach all other services on domain, but default service is not automatically been served.
After various attempts, I eventually purchased some Google support time. And the solution to this is that you need to create and map both a wildcard domain and naked domain. Therefore, one will need to have both
*.dev.example.com and dev.example.com
This is of course tedious, the good news is that Google is running alpha testing on API that allows domain mapping to happen automatically, register at here
Soon multi tenancy application deployments will require no manual intervention.

Is it possible to create myapp in GAE, but disable access from myapp.appspot.com?

If I want to deploy anything on Google Apps, I'll have to create an application in Google App Engine, is that right? Is there a way to use FTP like in other web hosting services?
If I have myapp in GAE, and I already let myownsite.com to use this app. But I don't want anyone else to use this app on myapp.appspot.com, how can I do it?
Thanks in advance!
Perhaps not the best solution, but you can use self.request.headers["HOST"] in your handler to see which domain the request was requested to and redirect the user based on that.
You will need to upload your application. There is no FTP access for that as far as I know, but the GAE SDK contains a commandline tool to do that. You can also do it from IDE.
There is always an associated myapp.appspot.com domain with your application, so no one will take it. But you can also use your own domain (but not for SSL!). But you cannot also block access through myapp.appspot.com, but in Java you can create a filter that will redirect all requests to your custom domain. And keep in mind you cannot use naked domains (without www) in GAE.

Secure login on your domain with Google App Engine

We are starting a very large web based service project. We are trying to decide what hosting environment to use. We would really like to use Google App Engine for scalability reasons and to eliminate the need to deal with servers ourselves.
Secure logins/registrations is very important to us, as well as using our own domain. Our target audience is not very computer savvy. For this reason, we don't want to have the users have to sign up with OpenID as this can't be done within our site. We also do not want to force our customers to sign up with Google.
As far as I can see, I am out of luck. I am hoping to have a definite answer to this question. Can I have an encrypted login to our site accessed via our domain, without having to send the customers to another site for the login (OpenID/Google).
Thanks.
The hardest part is getting around the cookie issue. While you can do secure and custom logins against https://yourdomain.appspot.com, you cannot set a cookie there that will work on http://yourdomain.com.
Here is what I propose:
When you need to log the user in, send them to https://yourdomain.appspot.com. If they enter the credentials properly, create a one-time token and place it either in the datastore or in memcache. Give it a lifetime of a few seconds.
Then redirect the user back to http://yourdomain.com/authenticate?token=mytoken (obviously substitute the names as appropriate), check to make sure that the token is valid and has not expired, and if all is clear, set the appropriate cookies and expire the token.
I think that'd work just fine. Hope it helps!
As of June 27, 2012, App Engine supports SSL for custom domains.
http://googleappengine.blogspot.com/2012/06/google-app-engine-170-released-at.html
There is nothing stopping you from creating your own authentication/registration mechanism with Google App Engine. The only problem is that Google App Engine currently only supports HTTPS via https://yourid.appspot.com and not your Google Apps Domain (i.e. https://www.foobar.com). However, this is on the product roadmap for future support (SSL for third-party domains). Note, also on the product roadmap is built-in support for OAuth & OpenID.
Update: Another option may be to use a proxy server (like Apache with mod_proxy) and map your domain to the proxy server and then the proxy server can proxy the HTTP and HTTPS requests to Google App Engine. The requests could be proxied to the appspot.com domain behind the scenes. I haven't actually done this, but I believe it should work. However, this would give you a single point of failure at the proxy server which basically defeats the purpose of Google App Engine's high-availability and scalability. This would definitely just be a short-term solution until Google supports SSL for third-party domains or OpenID.
Depending on whether your threat model can accept a non-encrypted link on the "last hop" to GAE, you can use a proxy to handle SSL from the browser. Here's a HOWTO I wrote up on using CloudFlare to get always-on SSL:
http://blorn.com/post/20185054195/ssl-for-your-domain-on-google-app-engine
This isn't structurally any different than the way SSL from Google will work, it's just that Google-provided SSL will terminate within G's network rather than just outside it. If you're trying to protect against Firesheep, CloudFlare (or any other SSL proxy) will do fine. If you're worried about snoops on the trunk connection between CF and Google, you may want a more sophisticated solution.

Redirecting domain (not google apps) to appengine

I'm building a application that supports different domains. A small CMS that supports different domains.
But what I can't figure out is how to redirect other domains that's outside google apps. I have a domain at google apps, that work's perfectly.
When I create a cname that points at either my appid.appspot.com or www.appsdomain.com it just goes to google.com.
What do I need to do so the other domains point to my appengine application.
..fredrik
You can't just use a cname because google needs to know how to direct the requests through their infrastructure to your app.
You should follow the instructions here: http://code.google.com/appengine/docs/domain.html to set up your name with their infrastructure so that requests to the cname get routed correctly.
Update: You do not have to move your domain to google, only inform them of the names you are going to set up cnames to point to them.
You can do that without a cname.
You need to set up a redirection mechanism of your second domain name. You can do that either by telling your registrar to redirect that url to your Google Apps url (that's how I do it with my registrar, name.com), or you could set up a small [php] script on a server you manage that would receive the queries on the second domain and issue a 301 redirect to your Google Apps domain.
EDIT: It all depends on what you want to do. If you want your app to live at both urls, then this solution will not work. I wrote this in the idea that you want the second url to redirect to your main url, if that's not what you want to do, then issuing redirects won't do the trick.

Many Custom Domains for AppEngine Instance

For our e-commerce service running on AppEngine we would like to offer the option for customers to run the stores on their custom domains (eg: www.mystore.com instead of www.enstore.com/mystore).
From a user perspective, I'd like them to enter the domain name they want to use in their preference screen and tell them how to configure their dns.
I know how you normally add domains to an AppEngine instance (through Google Apps) but I'm not sure you can automate that. And even if that's possible they would be all (hundreds) listed on our google apps page.
Anyone know if this is possible/if there is a good way to do it?
I don't think there is a way to add domains "programatically" to an AppEngine instance. Apparently, domains can only be added by using the Google Apps method that you described. This is confirmed in this SO post: How do i get foo.somedomain.com get handled by myapp.appspot.com/foo on appengine
The only options that pop to mind are the following:
HTTP Redirection
Many DNS providers support HTTP Redirection. In this case, your clients would be able to set up mystore.com and www.mystore.com to redirect to www.enstore.com/mystore. There are some obvious disadvantages with this method that might not be acceptable. First of all, with 301 and 302 redirects, the users will still be forwarded to the registered AppEngine URL: www.enstore.com/mystore, and it will show in their browser. In addition, choosing between a 301 and 302 redirect can make SEO tricky, since you'd have to get into how search engines behave with these redirects. For example most search engines will not use the original URL as a source for keywords when you use a 301 redirect.
In addition to 301 and 302 redirects, some DNS providers (like DNS Made Easy) also provide what they call a "masked hidden-iframe redirect". The page will render inside a hidden iframe, so the URL does not change in the user's browsers. However this makes SEO even more tricky, and it will not allow users to bookmark internal pages, or to reference them easily.
As you can see, this option is less than ideal, but it is one option to consider in some situations. Also note that at the moment, HTTP Redirection using 301 redirects is the suggested workaround for the Naked Domain Issue 777 on the AppEngine issue tracker.
Reverse Proxy
Another option could be to set up a small server somewhere else, like a small Amazon EC2 Instance, and set up a simple reverse proxy. You would be able to set this up very easily, just by using Apache and mod_proxy (or various other alternatives). This would allow you to ask your clients to set up a normal A Record pointing to this instance, while the Apache HTTP server would be acting as a proxy to your AppEngine.
The fundamental configuration directive to set up a reverse proxy in mod_proxy is the ProxyPass. You would typically set it up with one line like these for each VirtualHost (for each client domain):
ProxyPass / http://www.enmystore.com/mystore/
The configuration of the remote proxy could be easily handled by your back-end software.
This is a neater solution which gives you plenty of control - but there are obviously some costs for these benefits. First of all, there is the expense to host the reverse proxy. You would also be adding another point of failure, so you have to add this to your high-availability plan. In addition, if you are serving some pages through SSL it can become quite complicated.
Another option is to have each customer sign up for google apps, and then add your appengine app to their app. That way they can manage the url. They will need to use a cname for this, so urls will be limited to something like 'store.customer.com' You will have to support the multitenancy off of the host-header, but that isn't hard to do given that you already have a way to support multitenancy already. You might want to do the setup for the first couple of clients yourself so you can document the easiest way to set it up.
The rietveld code review app does this as you can add it to your google apps domain. See http://code.google.com/p/rietveld/wiki/CodeReviewHelp#Using_Code_Reviews_with_Google_Apps for more detail.
The preferred option is probably to offer your solution through the Google Solutions Marketplace: http://www.google.com/enterprise/enterprise_marketplace/about.html
We did something similar to Daniel Vassallo second proposal.
We created a python app on the Heroku cloud
(there is no limit for connecting custom domains).
This app is using python requests 1.2.0 lib to get the correct page from your app engine application according to the request domain.
all you need to tell your clients is to put your Heroku app url as their CNAME
For naked domains you can always use wwwizer

Resources