We're having trouble verifying our domain for our Google App Engine application.
We have a domain registered with Hostek, where our name servers are currently:
ns-cloud-c1.googledomains.com
ns-cloud-c2.googledomains.com
ns-cloud-c3.googledomains.com
ns-cloud-c4.googledomains.com
I created a DNS zone in Google Cloud and added the TXT record with the value given to me by Google App Engine, but when click "Verify" on the Google side, I get the error
Verification failed for cbcdashboard.com using the DNS TXT record method (less than a minute ago). We couldn't find the verification token in your domain's TXT records. You might need to wait a few minutes before Google sees your changes to the TXT records.
Below that, if I click "Show found DNS TXT records", I see
google-site-verification=<the token I was given>
It seems to see the value, but to not think it's correct. I tried adding it with and without quotes. Any ideas?
I just did a dig and got this:
"google-site-verification=PDmOnhweMP0C1aXpkNh-4kG-Mlhg3o22viWjGm_gn3U"
So it seems like that it's a propagation issue. When you make changes to DNS it does not spread out on the DNS for a while. If you try again to verify does it now work?
Related
For several years I had custom domain working for my app on google apps. A year ago they changed the way data is stored forcing me to move to a different application name. Since then I have been unable to map the custom domain to my new google app.
Google developers console shows that I have added the 4 A records and the 4 AAAA records they ask for
I also added a CName record and when I ping www.erlandanderson.com it shows ghs,googlehosted.com
When I hit the naked domain I get ERR_NAME_NOT_RESOLVED. When I hit the domain prefixed with www I get a 404 error.
the site can be accessed as http://erland-anderson2.appspot.com/ and it works.
Any bright ideas
You should make sure your domain is 'verified domain' with web-master tools. Then, you need to map both IPv4 and IPv6 addresses because parts of AppEngine is running on IPv6 and you cannot control it. Last comes the CNAME mapping of your app URI to ghs.googlehosted.com Once these three things are correct, you will be able to access your app over a custom domain.
i just took a look at your dns records (erlandanderson.com i presume). These are my findings:
You have a cname set up for your www subdomain, so that should work as long as you have "www.erlandanderson.com" setup as domain in your developers console
I cannot see the A or AAAA records on your bare domain
I see that you have the A and AAAA records for the wildcard (*) in your dns settings. Meaning everything except www (since it has a different config) is correctly configured. Note that there is a difference between *.youdomain.com and yourdomain.com. If you want to configure the latter you usually leave the subdomain part empty or put an '#' instead. So....
You need to add the A and AAAA records for the # entry in your dns configuration.
I am using the Gmail API to put messages into a Google Apps email account. I use
the OAuth 2.0 authentication protocol with a service account. This is more or
less working fine. One of our customers has asked us to put messages
directly into a Google Vault. I don't see a Vault API, but I did find this
information related to the "insert" method (which is what we use to add
messages to a normal account):
parameter "deleted" (boolean): Mark the email as permanently deleted
(not TRASH) and only visible in Google Apps Vault to a Vault administrator.
Only used for Google Apps for Work accounts.
When I do this, some messages are accepted, but frequently I get http error
500 in response to the POST. The error text says "Backend Error". I thought
the pattern was that the first time the message was posted, it would work,
but the second time would generate the error. Therefore I was thinking it
was a duplicate check issue. However I now see some examples of messages
that fail immediately. The POST url looks like this:
https://www.googleapis.com/upload/gmail/v1/users/user#domain.com/messages?uploadType=multipart&internalDateSource=dateHeader&deleted=true&access_token=ABC...
As I mentioned, the same message to the same url (without deleted=true) will
always work. Any ideas what is causing the error?
Was just fighting this issue myself. Apparently the error has something to do if the message is compatible with the Google vault retention policies:
If I turn on a default policy of "Retain everything" then I've been able to get the messages to import correctly. HTH!
I'm using the import api method and the backendError seems to be related to filters/policies. For example we asked Google to reject messages with xls and macros and we get the error on mail with that kind of attachment
Hello to everybody after all correct configurations as I followed at the "Documentation of Google Cloud Storage - Configuring a Bucket as a Static Website" my bucket it work as a website but the problem is about the prefix WWW in fact when I visit the bucket http://www.pieropretti.net I can see the content of the public bucket, but if I visit (from the browser Chromium version 42.0.2281.0 (64-bit) and same problem from the browser FirefoxESR 31.4.0 (Tor Browser 4.0.3) without the prefix WWW I receive the error server not found. This is the screenshot of the domain name DNS configuration in the picture here http://tinyurl.com/ncoc9y5
"www.pieropretti.net" and "pieropretti.net" are different domain names, and thus also correspond with different buckets. If you want to serve content from "pieropretti.net", you will need to create a bucket named exactly "pieropretti.net" in the same way you created the "www.pieropretti.net" bucket.
From what I can see, the DNS setting for "pieropretti.net." doesn't seem to have a CNAME, despite what your panel is telling you. Perhaps it just hasn't propagated to me yet.
From DNS records I notice that you are on OVH, if it is you can use the OVH Redirection Technology to redirect from naked to WWW.
If you are on other maintainers don't worry all offers service like OVH for redirect the naked to the www.
For top-level domain name we can't add CNAME, we can add A record, so I goto my Terminal and ping c.storage.googleapi.com to get the IP address, then I use the IP address to add into the A record, it works for me, just not sure whether it's an appropriate way to do it this way or not, but it just works for me.
I'm trying to use the "Copy to another app" feature of AppEngine and keep getting an error:
Fetch to http://datastore-admin.moo.appspot.com/_ah/remote_api failed with status 302
This is for a Java app but I followed the instructions on setting up a default Python runtime.
I'm 95% sure it's an authentication issue and the call to remote_api is redirecting to the Google login page. Both apps use Google Apps as the authentication mechanism. I've also tried copying to and from a third app we have which uses Google Accounts for authentication.
Notes:
The user account I log in with is an Owner on all three apps. It's a Google Apps account (if that wasn't obvious).
I have a gmail account this is an Owner on all three apps as well. When I log in to the admin console with it, I don't see the datastore admin console at all when I click it.
I'm able to use the remote_api just fine from the command-line after I enter my details
Tried with both the Python remote_api built-in and the Java one.
I've found similar questions/blog posts about this, one of which required logging in from a browser, then manually submitting the ACSID cookie you get after that's done. Can't do that here, obviously.
OK, I think I got this working.
I'll refer to the two appIDs as "source" and "dest".
To enable datastore admin (as you know) you need to upload a Python project with the app.yaml and appengine_config.py files as described in the docs.
Either I misread the docs or there is an error. The "appID" inthe .yaml should be the app ID you are uploading to to enable DS admin.
The other appID in the appengine_config file, specifically this line:
remoteapi_CUSTOM_ENVIRONMENT_AUTHENTICATION = (
'HTTP_X_APPENGINE_INBOUND_APPID', ['appID'])
Should be the appID of the "source", ID the app id of where the data is coming from in the DS copy operation.
I think this line is what allows the source appID to be authenticated as having permissions to write to the "dest" app ID.
So, I changed that .py, uploaded again to my "dest" app ID. To be sure I made this dummy python app as default and left it as that.
Then on the source app ID I tried the DS copy again, and all the copy jobs were kicked off OK - so it seems to have fixed it.
One of my clients uses Trend Micro InterScan Messaging Security to protect their internal mail services.
Suddenly InterScan decided to filter out all messages coming from Google App Engine.
Unfortunately they haven't been able to whitelist the sender address as each e-mail gets a different one. For example, *3ckihSOVMMHlZHSL.JSMMHlZHSL.JS*#apphosting.bounces.google.com, with everything before the # being variable.
Update I'm including this screenshot of how Interscan sees the incoming e-mail. Notice that all senders are different:
If I look into the e-mail headers, the apphosting domain appears inside the Return-Path field:
Return-Path: <36kSiSwYIBh0883XL3E7.5EH883XL3E7.5E#apphosting.bounces.google.com>
The "From" field looks ok. It says what I set it to say, but the spam filter only looks at the Return-Path.
My client sysadmin doesn't want to whitelist the whole apphosting domain, as it wouldn't be only whitelisting my application.
How could I bypass this e-mail filters if I can't get an unique sender?
Thanks,
You can't change the return-path header of mail sent by App Engine. The way I see it, you have two options:
Whitelist everything from App Engine. Spam from App Engine is not a big problem, because it's expensive to send in the huge numbers spammers need, and we're constantly monitoring for spamming and shutting spammers down.
Whitelist based on the X-Google-Appengine-App-Id header, which will be set to the app ID of your app.
I am not well versed in spam filters, but it seems to me that if it can only whitelist based on one field, it is pretty lame. Unfortunately that does not help you. If this is an important client, and they absolutely refuse to budge, I see two possible paths forward:
Do some research into interscan to see if you can give the client some pointers (tactfully) on how to configure it to whitelist in such a way that your mail can get through, but only your mail.
Maintain a server outside app engine specifically for the purpose of sending emails. You can build a super simple web app that just sends out emails, and call it from within your app engine app.