I deploy my website to google appengine and I want to take advantage of http/2 (specifically http push) for clients which support it but still serve the bundled version to http/1.x clients.
How can I check the protocol version (using python or even the app.yaml)?
Check the request header for Upgrade or send a 426 upgrade reqd
Related
I have an API running in Google App Engine and I want to introspect HTTP POST body to reject poorly formed calls before it hits my API running in app engine. Is there a way to front an App Engine application whereby I can introspect the URI, the POST body and return a 400 without it actually being processed by my code running in App Engine? Please let me know, thanks.
If you want to inspect HTTP, then you will need to write a proxy application to do so. Neither the Google Cloud Load Balancer nor App Engine support hooking HTTP requests.
Proxies have the MITM (Man In The Middle) problem in that HTTP traffic is often encrypted. You will not be able to inspect that traffic unless your proxy is the endpoint. If you implement your proxy with Apache or Nginx then you can use the ModSecurity project.
Basically, you want to implement a WAF. Google offers Cloud Armor which supports inspecting traffic via Cloud Armor rules.
I can find javax.mail packages in google app engine sdk. Can anyone tell me the purpose of including such packages in google app engine where we already have a dedicated jar ( java mail) for these packages in market.
Control of the environment. When the JavaMail API is provided it allows GAE to control what mail server and javamail providers are used for sending and receiving.
From the Overview of Sockets API for Java:
Sockets are only available for paid apps, and traffic from sockets is billed as outgoing bandwidth.
[snip]
Port 25 (SMTP) is blocked;
The GAE javax.mail API provides email to free GAE accounts where as if you had to include a jar you would have to get a paid GAE account to send or receive email.
goal: make my google cloud app ssl
used a prebuilt solution to launch an instance on google's compute engine. i need to upload ssl cert to accept credit cards & more or less do anything. i cannot find a ui or any way to ssl my app/domain with compute engine.
google's app engine has a ui to upload certs but no way to launch prebuilt solutions or transfer apps from compute engine.
also, of course, the domain is registered using google domains and the app is registered to google cloud platform under same account.
thanks -- matt
You can setup an HTTPS Load Balancer in front of your GCE instances and install an SSL certificate and key there.
https://cloud.google.com/compute/docs/load-balancing/http/
A solution which is built for Google Compute Engine likely won't work as-is on Google App Engine (App Etfite expects that you supply code written as a set of HTTP request handlers, but does not support background tasks, running your own database, etc). Since you're already fairly happy with the pre-built solution you installed, it probably makes more sense to customize that rather than replace your solution with one running on App Engine.
You have two options for getting SSL running:
You could use Layer 3 load-balancing, and install and configure the SSL certificates on your server hosts. For example, you could get a certificate from Let's Encrypt, and use their tool to install the cert if you're running nginx or apache. For other software, you'd need to install the cert manually. This is probably the most portable (to other clouds/local machine) solution, but requires that you secure your SSL certs and maintain that software.
You could create a SslCertificate resource and attach it a Layer-7 load balancer provided by Compute Engine (TargetHttpsProxy). To do this, you would set up HTTP load balancing after uploading your public and private certificate to Google. This solution can take advantage of Google's caching and scaling infrastructure and can support health checks to verify that your application is up, but the details will vary more across different service providers.
I am trying to build a gRPC backend and trying to deploy it on an AppEngine Managed VM. Is HTTP/2 supported? If not, can I simply expose it on a separate port and disable health checks or should I deploy this on compute engine/container engine.
At this point http/2 is not supported by Managed VMs. The best current solution is to run your http/2 server on a different port and specify the port number to forward in app.yaml (doc link).
You can keep health checking active on the default (8080) port if you want as long as you have an http endpoint listening there as well.
i'm using https on appengine. i checked not all request are using https spdy in firefox. Is there any thing that need to configure so that all requests are using spdy ?
?
As long as the file is served over https and by appengine servers, then it will be served over SPDY -- if the browser supports SPDY that is. Can't tell from your screenshot.. but if any of those files come from a different origin (ex, a third party widget), then those files may be served over plain HTTPS if they don't support SPDY.