I was able to configure SSL for .pl to serve my appengine app over https.
My application always require https. For testing purposes I would like to be able to serve another version of my app (one that I have already uploaded). However, going to <app version>.<my domain name>.pl doesn't seem to work (I was able to do this before enabling SSL).
I purchased another SSL cert, for www.<app version>.<my domain name>.pl and configured it similarly how I configured the SSL cert for the naked domain. The problem is that under assigning urls it says "no matching urls" and doesn't allow me to enter a url.
EDIT: Turns out I can sort of achieve this by going to my apps https://..appspot.com if I disregard browser warning. Works for testing purposes fine to my mind.
To the extend I understand your question, you might be suffering from WWW and NON-WWW issue. You have configured your certificate for www...pl which should be configured on ..pl
Still it is not cleared. I can help you more accurately if you can elaborate your question.
Related
I have a website for a client which I am wanting to host on Heroku with a custom domain from https://www.names.co.uk/. https://www.names.co.uk/ has the domain name (example.co.uk) and a GeoTrust QuickSSL Premium Certificate connected to it.
I need the website to work from the following URLS and force HTTPS if someone uses HTTP:
http://www.example.co.uk
https://www.example.co.uk
http://example.co.uk
https://example.co.uk
I understand that names.co.uk does not support using CNAMES (which Heroku provides) on the root domain (example.co.uk) but I cannot figure out what I am doing wrong to prevent it from working.
I am unsure what domain names I need to add in Heroku each of them and whether I need to use the SSL certificate offered by Heroku. I also am unsure as to what I need to provide in names.co.uk in terms of A-NAMES, CNAMES and Web Forwards.
It would be much appreciated if anyone has any advice on how I can configure this properly, if it is even possible to get all these URLS to work with Heroku and Namesco.
Apologies if I haven't explained anything clearly, I'm relatively new to DNS and deployment and cannot seem to solve the issue by following Heroku's or Namesco's documentation.
Thanks in advance
Using Heroku's SSL certificate would make the process easier, so unless you have a reason to use Namecheap's SSL certificate, I recommend going with Heroku.
The Heroku certificate is automatically applied and Heroku automatically forces HTTPS.
It's recommended to use either example.com or www.example.com. Assuming you want to use the www subdomain this is how to proceed:
Redirect from example.com to www.example.com by following Namecheap's documentation on how to create a URL redirect.
Then follow the Heroku documentation to add your custom domain to Heroku:
heroku domains:add www.example.com
Then update your DNS settings. By default your DNS provider is Namecheap. See Namecheap documentation on how to create a CNAME record. Namecheap recommends against setting up a CNAME record for a bare domain, so if you want to use example.com as your preferred domain this step would be slightly different.
And that's it!
Keep in mind that the website will still be available on your Heroku domain: example.herokuapp.com. You may also want to redirect this to your preferred domain.
I have a GAE app and a custom domain registered on enom.com. The app is a static website that's configured by app.yaml.
I'm trying to use LetsEncrypt certs for ssl, so I want to have valid certs for both www.example.com and example.com. I can get the cert for www.example.com working fine.
However the problem is in my naked domain. Whenever a http request goes to http://example.com/, it gets redirected to http://www.example.com/, ok. But, if a http request goes to e.g. http://example.com/a.html, the request is still redirected to http://www.example.com/. So when LE servers come looking for their well-known acme-challenge, it fails because they see index.html.
I guess this isn't a common behavior because no one is mentioning this, not at https://code.google.com/p/googleappengine/issues/detail?id=10802, nor at https://github.com/certbot/certbot/issues/1480.
I've tried to dig into why this is happening, one error I can see is here:
If I select to overwrite, GAE says it "failed to insert mapping"
This whole project was started by another person and he claims he's not aware of example.com being assigned anywhere else. I've looked at his Google Cloud Console and it would seem that he's correct.
Maybe something of interest is that in the Domain page of admin.google.com, naked domain redirect is set up. It redirects example.com to www.example.com. I've not found a way to disable it.
On my dns registrar, I have input the four A records, four AAAA records, and a www for CNAME.
TL;DR: My LetsEncrypt acme-challenge is failing for my naked domain, help!
I started getting the same error in app_engine after I went to Google Apps account and added example.com to redirect to wwww.example.com. After I did this, in app_engine I got "is already mapped" error. And there was no way to undo the redirect in Google Apps, so my guess was that Google Apps had mapped it and so App Engine could not modify it or add it. I had to explain this to Support team, and btw Google Apps support is free to call, so contact them and then get transferred to App Engine support team.
There is no way to fix it yourself, you have to get Google Support on call and explain clearly and they can reset. I was bounced between Google Cloud and Google Suites (Apps) support teams 7 times and after 2 weeks finally resolved, each one blaming the other, until I found a guy who understood this issue and fixed it for me.
We have an App Engine app that hosts an internal HR/intranet system. Some, but not all, of our users are reporting that they get a security warning (see he image below). It looks like the wrong SSL certificate is being served. I install a wildcard cert for our domain in the Google Apps cpanel, but it looks like Google's certificate is being served instead. How do I go about troubleshooting this?
If some but not all users get this warning you might check what is so special about the users which get the warning. Do they use a specific (old?) browser, are they behind some kind of firewall or similar things? It might be that SNI (server name indication) is an issue, but it is really hard to say from the existing information. It is not even clear what the existing certificate should be so that one cannot compare if the host serves both, one with SNI and one without.
Apart from that it I would consider it a bad idea to host an internal HR/intranet system on the public internet.
My domain is hosted by Dreamhost. My app engine app is served by a custom domain, but is a sub-domain: app.example.com. My app is not accessed by a browser, but requests are made from an iOS app.
Now, I've purchased a basic SSL certificate from Dreamhost specifically for the subdomain app.example.com.
Next, I've uploaded the necessary crt and pem files to Google Domain Settings, and everything went ok with that. The domain settings do show that the upload was successful, and I have assigned the CNAME to ghs.googlehosted.com.
At this point, I'm not exactly sure what to do. Am I to expect SSL to just magically be enabled by this point? Because it still doesn't look like it has been.
What's confusing me is this talk about SNI and unique IPs. Dreamhost says, aside from GAE, that I'd need a unique IP to host my certificate. I'm not sure though if that's just a Dreamhost thing, or I really do need that. If so, do I need a unique IP for the subdomain separate from the main domain?
Or is this what SNI takes care of? What exactly should I be doing at this point?
You should understand what SNI is: http://en.wikipedia.org/wiki/Server_Name_Indication
Then you should follow the config docs for SSL on custom domains.
Btw, iOS since v4 supports SNI so you should be OK.
Update: if you want unique IP, then you should use VIP. But this costs extra and is not necessary in your case as iOS supports SNI. VIP is only needed for some older browsers.
I setup a custom domain on GAE using the tutorial at aral balkan to access http;//app.apspot.com at http://app.com. (I can access the app at www.app.com)
The tutorial is pretty old(Sep 2008) and it mentions
Add four Hostnames for the naked
domain (i.e., yourdomain.com without
the www) and have them point to IP
addresses 216.239.32.21,
216.239.34.21, 216.239.36.21, and 216.239.38.21.
I added the required A names to my domain dns, but accessing app.com leads me to a Google 404 page
I have used naked to www redirection on blogger using a similar method(A names provided by Google Blogger Help) and it has worked for me(it still works). However apart from the article at aralbalkan.com, I have not come across an official source which says that naked to www domain redirection using these IPs works for domains on Google Apps(which GAE uses to manage custom domains).
My Question:
Does anybody use a similar method(A names pointing to Google IPs) to resolve www domains from naked domains for custom domains on GAE? If yes, are the IPs different or am I doing it wrong?
The alternate method that I can think of using is, getting a third party host and pointing the A name of app.com to the IP address of that third party host, followed by placing a 301 redirect script to www.app.com on that host.But that will require me to manage another hosting just for naked to www redirection.
If anyone knows of any easier methods to achieve naked to www redirection on custom domains for GAE, please help.
Update:
Thank you for the answers. If it can be of any help, I am using geoscaling.com for DNS. I have an everydns account too. The domain is on namecheap and namecheap offers a freedns option too.
Update 2
Switched back my dns to namecheap. I guess geoscaling.com does not offer a 301 url redirect(correct me if I am wrong), although it's still a great service. Namecheap offers a 301 URL redirect. Should start working in some time.
While it's true Google doesn't officially support naked domains, it is possible to make this work using your registrar's DNS and Domain Forwarding tools.
For example, http://conversionsupport.com is hosted on Google App Engine, and GoDaddy is where the DNS is managed. The naked domain redirects to the http://www.conversionsupport.com subdomain using a domain forwarding rule.
Requests for the naked domain result in a 301 redirect to the www subdomain. Some SEO resources claim that using one subdomain is better for ensuring search engines don't see your site's content as being duplicative. This 301 redirect should help ensure that both naked domain and www subdomain are treated the same.
Here is a resource for Setting up URL Forwarding in GoDaddy. Note that while this is intended for Google Sites, I have confirmed that it does work on Google App Engine apps.
UPDATE:
To clarify, the naked domain itself will redirect to the www subdomain. This means that if your users type http://example.com then they'll be redirected to http://www.example.com as is the case with my original example above.
From what I understand, most Google Apps accounts are partnered with GoDaddy. Here are the Instructions from GoDaddy Support on Domain Forwarding Using a 301 Redirect..
Naked domains are not supported on App Engine. You need to use www-redirects, as you suggest.
Naked domain (e.g. yourdomain.com) support for App Engine can be setup in three steps:
Setup a naked domain redirect to a subdomain of your choice (e.g. redirect mydomain.com -> www.mydomain.com). See the App Engine FAQ, which instructs you to configure the redirect via the Google Apps control panel for your domain.
Configure App Engine to serve traffic for your custom subdomain (e.g. www.yourdomain.com) via the Google Apps control panel.
(Optionally), setup SSL for your custom domain. This step is required if you which to serve https:// traffic, but not required if you only plan on hosting http:// content.
As nick says, naked domains are not supported by app engine.
On your point of easier methods to achieve naked to www redirection on custom domains... Some DNS hosts, (for example, dyndns.com) integrate that ability into their DNS control panel. You may check with your DNS provider to see if that is the case.
With all the changes over time, I wanted to post that GAE (at least at the time of this writing) DOES support naked domains. I have this working for wdydfun.com. Follow the directions as mentioned above by Fred Sauer and it will eventually work. I'd love to provide more detail on those steps, but things seem to change frequently. You'll have to click around a bit to find where to set stuff. With the DNS propagation time that can be a bit frustrating. I recommend running
dig ns <your url>
from the command line to help see what is going on. My "www" domain was resolving to ghs.google.com and my naked domain was resolving to dreamhost where the domain was registered. After filling out the extra "A" records from the google directions, the naked domain eventually started returning different information and it worked. If you are testing this out in a browser, it's worth mentioning that at the time of this writing webkit browsers seem to be pickier than mozilla. My DNS settings:
A 216.239.32.21
A 216.239.34.21
A 216.239.36.21
A 216.239.38.21
TXT google-site-verification=W0rC...fnQ
* CNAME ghs.google.com.
Yours will probably look similar. Unless the directions have changed again. The CNAME value changed since when I first set things up, so if what I'm writing here differs from the directions on Google, trust the directions on Google. HTH.
Naked domain mapping works from the Google Developers Console.
https://code.google.com/p/googleappengine/issues/detail?id=777
We have added support for custom domains for App Engine from the
Google Developers Console, meaning you can now associate a custom
domain without first associating that domain with Google Apps.
To access the feature, visit https://console.developers.google.com/
and you will find the option to add a custom domain under App Engine >
Settings.
NOTE: Currently we do not support SSL on custom domains created
through this method (although we expect to rectify this in a future
release). In the meantime, we continue to support SSL (via VIP or SNI)
for custom domains that are created through Google Apps, and we
continue to provide free HTTPS for all *.appspot.com domains.
Alternatively, you could follow below steps which solves this problem, for sure,
Ping the website you are wanting to forward to, in order to get the
IP address if you don't know it.
"Run"; CMD; "ping yourwebsite.com"
Will display ping data and reply from IP address. Note this address.
Login to Godaddy.com to manage your account or other domain registry
site
Go to DNS Control Modify/Add "A Host"
Under "Host" enter: #
Under "Points To" Enter the IP Address you obtained earlier.
You are done! Site is forwarded without the www prefix when entered into
address bar.
More details and reference :
http://www.techproceed.com/2014/05/custom-domain-setup-on-blogger-with.html