I'm maintaining a app that is hosted in GAE (appengine),
The app is set up to work with custom domain builder.go-arc.com
(I didn't do the set up - it was done before I got the project).
but when I go to my app in https://appengine.google.com/settings or in https://console.developers.google.com/project/go-arc-builder/appengine/settings/domains/add?authuser=1
I don't see the domain listed under Domain Setup and
Custom domains
My question is: how/where do I configure my domain?
The reason I need this is to configure SSL for the domain.
Unfortunately, custom domains and SSL are set up in different places (for now).
Custom domains ARE configured int the Developer console in the appengine/settings/domains section.
In order to set SSL you need to link you GAE application to a Google Apps Domain and then add the SSL in the Security > SSL for custom domains
Check: https://cloud.google.com/appengine/docs/ssl
Related
I have a GAE app set up to use a custom domain, let's call it mycustomdomain. This naked domain is working fine over HTTP and HTTPS. I also have a service called api, it can be accessed successfully by going to http://api.mycustomdomain.com (custom domain convention).
However, I can't access the api service over HTTPS. I uploaded a SSL for mycustomdomain.com, but I got an error (site can't be reached) for trying to accessing the api service over HTTPS. My question is do I need to purchase the wildcard.mycustomdomain.com SSL in order to access the api service over HTTPS? I don't have much experience dealing with SSL certs and GAE custom domain, so any help would be greatly appreciated. Thank you!
Edit: updated information for GCP Console configurations.
My app setup in the Console contains the following:
Services: default, api
Custom domain setup: mycustomdomain.com
SSL uploaded: ultrahdlivewallpaper.com (NOT the wildcard version), api.ultrahdlivewallpaper.com (unable to be enabled for custom domain, none matching)
More detail: The problem is when I map both ultrahdlivewallpapers.com and api.ultrahdlivewallpapers.com, they are both mapped to the default service. I want api. to point to the API service. If I only map ultrahdlivewallpapers.com, that allows me to access api service at the api subdomain, but then the api SSL can't be applied to api. subdomain because it's not listed as a subdomain.
07/24/17 Update: I believe this is a limitation with the App Engine Settings after trying out several scenarios via GAE Console. We have a custom domain set up for ultrahdlivewallpapers.com and enabled the SSL cert for this domain. The domain is pointing to the default service. We have a second service set up called API. Google's routing rules for any service set up is via HTTP:// service-id.custom-domain, which in our case is api.ultrahdlivewallpapers.com. However, when I upload the SSL for the api subdomain, Console couldn't find matching domains because the api subdomain is not specified via the Console. Now if I set up api.ultrahdlivewallpapers.com as a custom domain, I'm able to enable the SSL for api subdomain. Problem then becomes api subdomain is now pointing to the default service instead of the api service. If I remove the api mapping, I'm able to browse to the api service again, but no HTTPS! I don't believe there is a way to get this set up correctly without a wildcard SSL enabled for all subdomains. Please let me know if I'm missing anything. I have tried everything I can think of via the Console. Thanks.
You don't necessarily need a "wildcard" cert, per se. But, you do need to get a cert that covers all the subdomains. For example:
mycustomdomain.com
www.mycustomdomain.com
api.mycustomdomain.com
It's a standard solution, and not difficult to do. Certbot (Let's Encrypt) makes it easy.
If you choose to get a wildcard certificate installation is pretty straight forward:
You upload the certificate in the developer console (in App Engine -> Settings -> SSL Certificates -> Upload a new certificate). May require a bit of effort, see also Google App Engine SSL with Let's Encrypt "could not be inserted".
Once it's visible in the certificate table you can click on its name and you'll end up in the certificate edit screen where you can select which custom (sub)domains it applies to (from the list of all custom domains mapped in the app), looks like this:
Note: these are the corresponding custom domain mappings:
If you have another app (under the same admin account) which is also mapped to subdomains of the same domain you can activate the certificate on it as well in a similar manner (the console automatically shows the certificate in the list when you switch apps, no need to upload it again).
Purchased a domain from Google domains and updated settings of my App engine application to add my domain as a Custom domain.
My App engine App link: http://fooapp.appspot.com. Verified that actual link works.
From console.cloud.google.com ->AppEngine->Settings->Custom Domains
verified custom domain ( foobar.com )
"Point your domain to fooapp" (Step-2)
Configure resources and Done
Even after 48hours (wait period for dns propogation), when I launch http://www.foobar.com or http://foobar.com or http://www.sub.foobar.com, I do not see my app engine site. It redirects to http://www.dnsrsearch.com.
nslookup foobar.com shows "Can't find foobar.com: No answer"
What am I missing?
Below is the summary of listings I see under Custom Domains tab in console.cloud.google.com
Was able to resolve it following steps in Google documentation
I had to add Custom resource records under my custom domain's DNS on http://domains.google.com
I have added two custom domains to Google Developers Console for a Google App Project. One, a naked domain with A and AAA records set on the third party DNS manager as specified by Google. Two, a www domain with a Cname record set on the third party DNS manager, as specified by Google.
The www is serving, but the naked domain is not! The A records ip addresses timeout on my local machine but I get results when using http://tools.pingdom.com/ping/
Obviously you can use more than one custom domain but is there something I'm missing here?
Update: custom naked domain mapping is now supported directly in GAE, see How to use Google app engine with my own naked domain (not subdomain)?.
[Old answer follows]
If it's acceptable for you to use custom domains through Google Apps then you can use the Google Admin console to:
map your naked domain to Google Apps
redirect the naked domain to a certain (sub)domain of your choice
I find several advantages of going this way:
you can change the naked domain redirect without any change in the
GAE apps domain configs
the direct domain mapping of GAE apps (without using Google Apps) is
still very young, documentation is far from exhaustive
you can use SSL with your custom domains, according to the docs:
"To add Secure Sockets Layer (SSL) encryption (i.e., an HTTPS
address) to your App Engine app, you must use the SSL service
provided with Google Apps".
we have following situation:
we have an application on Google App Engine (GAE)
we want to be able to access this application from 3 different custom URLs through HTTPS. (let's say a.com, b.com, c.com)
we have Unified communiction (UC/SAN) SSL certificate for those three domains
for accessing GAE applications through custom HTTPS URLs, GAE requires to have Google Apps for Work account.
only primary domains of Goole Apps for Work accounts can be used for accessing GAE applications through custom domains over HTTPS. link
so we've created 3 Google Apps for Work accounts
now when I log in to admin.google.com for a.com and try to upload our SSL UC/SAN certificate covering our 3 domains, I get a message "The SSL certificate references subdomain outside of managed domain.". I infer that it comes from requirement
All subject names on the host certificate should match or be subdomains of the domains associated with the account in the Google Apps Control Panel.
How can this be resolved ?
Is it possible at all to access one GAE application through multiple custom domains over HTTPS by using one certificate ? Or do we have to get separate certificate for each custom domain?
From Google's docs it looks like they do support SAN [1], however it seems only in the case of subdomains. Since you have a Google Apps for Work account, you have access to technical support (admin.google.com -> Support) and this seems like it would be a good question for them (ie. "Can I use a SAN cert with multiple second-level domains with Google Apps, or is it subdomain only?").
[1] https://cloud.google.com/appengine/docs/ssl
I have an application http://faqs4j.appspot.com. I have purchased a domain called jobs4j.
I added domain using application settings in app engine console and also made necessory
CNAME changes in godaddy DNS managing console.
Now when I type in browser in.jobs4j.com it simply ridirects to http://faqs4j.appspot.com.But
I want my application to be served under sub-domain in.jobs4j.com and not just redirection to
appspot domain. what configuration I am missing?
thanks for your time.
In the application dashboard, under administration / application settings, you have a section titled "Domain setup". In it you can configure domains to be used for this application.
The process will require you to set up a "google apps" account (don't worry, a single-user domain is free), then transfer the domain(s) you want to be managed by Google apps by setting up a CNAME entry in your domain zone file. The instructions show you how to do it. Of course, where the instructions recommend you define your CNAME subdomain as "www", you will want your subdomain to be called "in".
Unfortunately, Google has ended the option to have a free Google Apps account, sigh!
However, we could still point the GAE app from a custom domain (non-Google apps owned).
Step 1 : Go to Application Settings in the GAE dashboard and add a
custom domain. You will be asked to verify the domain during which
Google would basically create a TXT record in your DNS zone file.
Step 2 : Once the 3rd party domain is verified, add the custom domain
for the app (my-gae-app.mydomain.app). It shows instructions
on how to add the CNAME entry for the domain.
Hope this helps!