GAE Custom Domain Delegation - google-app-engine

I have a Google Application Engine project that is working fine with two Custom Domains pointing at the application. mydomain.com and www.mydomain.com. I want to transfer the domain pointers to another GAE project on a second gmail account, and later transfer them back.
I thought this would be as simple as using www.google.com/webmasters/tools/ to make the second account a second owner of the two domains because they are automatically verified through delegation. This looks to be happening if I use webmaster tools with the second account, I see the sites as I do with the first account.
My plan was then to go into Custom Domains for the first account through https://console.developers.google.com/ and turn off the domains pointing to it and then go to the second account and point the domains to it.
Unfortunately whatever I seem to do I cannot get the other domains to show up in "2. Select the domain ..." I seem to need to verify the domains, even though delegation should be sufficient.
I could verify by hitting the domain registrar with new settings but it seems a pretty heavy approach when all I am trying to do is get Google to move the domain pointers from one GAE application to another.
Also there will be a long hiatus where the domains are pointing at nothing. I suspect this to be either my complete misunderstanding of the Custom Domain approach or a Google/GAE issue.
I suspect a Google/GAE issue because in the second account some of the descriptions of the delegated ownership domain names have http:// at the front and this is not true on the first account.
Any suggestions or help greatly appreciated.

I had this same issue, and I had to call Google Apps for Work (renamed from Business) to cancel the original account that housed the domain so it would show up in my second (new) account.

I have found a workaround/alternative which is to verify the domain names using the sub-domain method. I use 1&1 for my domain names and although it only allows 5 sub-domains I have a spare one I can use. So I have two sub-domains defined, one for each account as per verify settings in webmaster central. I can easily flip the domain pointer between the first and second accounts and back again using https://console.developers.google.com/ . This is partly because the other configuration settings that are necessary when you set up a domain pointer in Custom Domains are always the same for Google, even if the accounts and applications are different. There is no haitus with this method because the flipping takes effect immediately in Google, although the effect in the web world can take a while with caching occurring all over the place.
I could not used the suggested Google Apps/Business solution as I am not using either.
The conclusion I reach is that delegation of domain names is not really much use and best avoided.

Related

Setting up subdomains for different services in appengine

I did pore through other similar questions and found answers. I am still having a situation that is not answered and I am not able to comment on those posts to seek clarifications. Thus this new question.
Let me explain my situation...
I have a GCP Project and enabled AppEngine on the same.
I have setup 3 services: 'default', 'api' and 'ui'.
I have deployed apps on all the 3 services and they are all being served through their appspot urls without any issues.
Now I want to setup routing using own domain, purchased from GoDaddy. The schema looks like the following:
www.my-domain.com -> 'default'
rest.app.my-domain.com -> 'api'
ui.app.my-domain.com -> 'ui'
I have the dispatch.yaml to setup the routing rules and I can see the same properly defined in the 'Services' screen. No problems there... The problem is in defining the custom domain mappings for these services.
For the 'default' service, it was easy. GAE identified GoDaddy and requested A & AAAA records for managed security. And then CNAME 'www' pointing to 'ghs.googlehosted.com'. Done and all went well.
Now, for the other services, GAE is asking for the same set of A, AAAA and CNAME records.
Here is the problem. I cannot setup multiple CNAME records pointing to the same value ('ghs.googlehosted.com'). The GoDaddy cPanel/DNS Manager Tool does not even allow adding such records. I have spoken to their support and they confirm that their tool is restricted ti ICAAN policies. So multiple CNAME records is out of question.
As a workaround, I setup a sub-domain pointing to googledomains. I setup 'app' as a new Zone in 'Cloud DNS' in m GCP Project. All name servers are placed in master DNS zone in my GoDaddy. This could allow me to create CNAME record for 'app' in googledomains, atleast theoretically. But GAE Project Settings does not recognise the domain. Its forcing me to make the CNAME records in GoDaddy under the master zone. Not sure how Google doesnt understand the ICAAN policies!! So this option walked into a wall too.
Then I read about the wildcard subdomains. GoDaddy documentation describes the support for this but limited to a specific IP (so only A record). However, GAE needs the value 'ghs.googlehosted.com' and that means I must create a CNAME record only. There are many discussions on this; some saying this will not work and others claiming this works.
This is quite literally my last option and I would like to know how to make this work. If there is any other way to get this setup working, it would save me a lot of time and trouble. I am a developer and all this infra work is just such a hog on my productive bandwidth.
Thanking you in advance.
Finally, the way I have resolved this is to define a single wildcard CNAME in GoDaddy pointing to 'ghs.googlehosted.com' and registered all subdomains as new domain names (actually with different names) in googledomains now. The latter is an alternate fail-safety to ensure my clients can connect. I am now waiting for the current subscription to run out and move away from GoDaddy after. Right now, the pricing I pay GoDaddy is too much compared to Google Domains and for the level of support quality from GoDaddy it is really not justified.
So, I've worked on this for some time and I believe that there is something odd here.
I tried this with a go daddy domain and 2 app engine services. So the steps that I followed are explained next:
1) Go to App engine and on settings/custom domains add the custom domains you'd like to have (with the subdomains in this case)
2) On go daddy you need to go to your domain and admin your DNS records on your domain.
3) Add The Cnames registers with your sub domain pointing to ghs.googlehosted.com
4) deploy your dispatch.yaml
The thing that I don't understand is why you say that is impossible to do the step 3 as it has never caused issues when I tried to do this. Could you specify how are you doing the third step in go daddy?
Additionally, I believe that this same information is better explained on this documentation Is just that I don't get why is it failing on your side.

How do I use my Google App with my a custom domain?

I've looked at previous questions enter link description here, but they use the GSuite Administrator to make changes, while my app uses GCloud. The domain registrar is separate since Google domains don't work in my country.
I mainly followed this guide to setting up my Zones and updating the name servers. I've configured the
https://cloud.google.com/dns/docs/update-name-servers
The question I linked to earlier recommended setting up a www. subdomain, but it used Authenticator. I'm not sure how to do this in a zone. I set up all the records properly in my domain registrar.
Here are the settings:
When I load the site itself (There's no actual HTTP response code):
And when I try the www. subdomain
I'm sure there's a step I'm missing, but this is my first site with GCloud. So I'm not very familiar with the process.
I think where is your missing step.
When you ask Google to use your domain, Google will expose HTTPS endpoint. HTTPS requires a certificate, and Google will generate it for you. However, before doing this, Google has to be sure that the domain belong to you.
You have to prove to google that you own your domain. For this, go to this page, log in and add a property (your website URL). Follow the instruction and be sure that your property has been validated.
Then, wait some minutes (hours?) the time that the certificates are generated and deployed.

How does DNS domain verification work?

Im reading this google doc on how to hook up app engine to a custom domain (a domain I purchased through a different registrar)
I get to a point where I have to "Supply the domain name ("example.com") and click Verify. This opens up a new tab titled Webmaster Central." and walk through some prompts to prove I own the domain.
After doing this "domain verification is automatically re-confirmed about every 30 days".
What exactly is "domain verification"? Is there like a domain verification protocol that all DNS registrars must support? What communication is happening between google and say godady or AWS (route53)? Is there a special type of DNS record specifically for verification?
I don't understand whats actually happening to prove I own the domain and if this process is standardized or each DNS provider has their own solution/quirks for doing this.
From Verify your site ownership (also accessible via the Webmaster Central help menu):
What is verification?
Verification is the process of proving that you own the site or app
that you claim to own. We need to confirm ownership because once you
are verified for a site or app you have access to its private Google
Search data, and can affect how Google Search crawls it.
No, it's not a standard. Each hosting provider asking for it had their own method/algorithm of doing it.
Google actually has several such optional methods so that you can choose one that best works for your case. They're listed in the Verification methods chapter further down in the above-mentioned doc, together with some explanation of how each of them operates. Not all of them are based on DNS registrar actions.
Also keep in mind that Webmaster Central is used for other sites as well, not only for GAE-based sites - just in case some things might not make sense in a GAE context. This includes sites not even hosted on/using Google infrastructure/services.

GAE custom domain wildcard subdomain issues

Whiles playing around with GAE custom domain setup in hopes of building a multi-tenant application. I noticed that wildcard sub domains don't quit work as documented.
for example, if one configures domain *.dev.example.com *.qa.example.com you would expect dev.example.com to automatically serve default services deployed in appengine, I however noticed that recently I would have to explicitly enter default.dev.example.com. This however is not what has been documented.
Anyone understands why this is now the case? the domains are verified with DNS configuration on Google DNS service. All works as expected, meaning that I can reach all other services on domain, but default service is not automatically been served.
After various attempts, I eventually purchased some Google support time. And the solution to this is that you need to create and map both a wildcard domain and naked domain. Therefore, one will need to have both
*.dev.example.com and dev.example.com
This is of course tedious, the good news is that Google is running alpha testing on API that allows domain mapping to happen automatically, register at here
Soon multi tenancy application deployments will require no manual intervention.

How are people using Google App-Engine apps with their own domains?

I've been fooling around with the Google App Engine for a few days and I have a little hobby application that I want to write and deploy.
However I'd like to set it up so that users are not directly accessing the app via appspot.com.
Is hosting it through Google Apps and then pointing it at my own domain the only way to go? I looked at that a little bit and it seemed like a pain to implement but maybe I'm just missing something.
My other thought was to write the app-engine piece as a more generic web-service.
Then I could have the user-facing piece be hosted anywhere, written in any language, and have it query the appspot.com url.
Anyone have any luck with the web-service approach?
The reason Google Apps is required is because you need somewhere to a) verify you own the domain (otherwise, you might point it at app engine, then I might hijack it by adding it to my account) and b) set up domain mappings (which subdomains point to which of your appengine apps).
Since this stuff already exists in Apps, it seems silly to duplicate it in AppEngine.
As has been pointed out, it doesn't cost anything, and you do not need to "move" anything to Google. You simple created a cname record with a random name to verify you own the domain, and a cname for the subdomain you wish to point at App Engine. This only takes a few minutes, and once it's done, it's done forever.
Note: If you host your site elsewhere and use webservices, you need to scale the site/frontend. If you host on app engine, you get this for free :-)
I wrote an article on my blog about redirecting *.appspot.com domains to your custom domain to keep your branding:
http://blog.dantup.com/2009/12/redirecting-requests-from-appid-appspot-com-to-a-custom-domain
To do this, I believe you need to be using Google Apps and have a custom domain setup for Google Apps. Then, you deploy your app into your Google Apps domain.
Here is google's official instructions on how to do that:
http://code.google.com/appengine/docs/domain.html
I have used this process for a couple of sites and it is easy and painless, provided you have control on the DNS records for your domain (you should).
OK, we're now at the end of 2017 and things are a lot different regarding App Engine and custom domains. It's easy now!
Go to the app engine dashboard for your app and choose Settings, then go to the Custom Domains tab. From there, choose Add custom domain.
The tricky part is that Google needs to verify that you control the domain, so they ask you to put a TXT record in the DNS for your domain. Once you do that and Google it, you become "verified" as the owner of the domain.
After that, Google will give you a bunch of A and AAAA (for IP6) records to put in your DNS. Once you've done that, you should be good to go.
It can be easily done using request.getRequestURI() method. If the URL doesn't include your domain, just redirect it to the desired URL using
resp.sendRedirect("<your domain>")
Otherwise load a error page using
request.getRequestDispatcher("<error-page>").forward(request, response);

Resources