I understand that in order to link my domain to my GAE application I need to setup Google Apps according to this.
But Google Apps seems to take control of SMTP and email addresses. I need to have my own SMTP server in GCS, which is working perfectly right now using the static ip like someuser#xx.xx.xx.xx
What I need is to be able to enter my GAE web application thru mydomain.com but at the same time being able to receive anyuser#mydomain.com at my SMTP instance at GCS. Is it possible?
Your email settings are determined by your registrar, not by Google Apps. If you don't want to use Gmail as your mail server, you simply keep your DNS records unchanged, as Xavier correctly suggested.
Related
I am running a flask application on Google App Engine Standard.
I have not found a resource which states that Google App Engine provides a static IP address. I am trying to route my domain name, let's call it 'mydomain.com' to hit the google app engine endpoint, which Goole provides as something similar to https://my-appengine-name.appspot.com/
I have verified the domain with Google and selected it as a custom domain.
If https://my-appengine-name.appspot.com/ was a numerical IP address I could simply route my domain i.e. 'mydomain.com' to the numerical IP address in the A name record. However, as from what I understand app engine has dynamic IP addresses for APP engine and so this is not possible.
What are my options here to route 'mydomain.com' to Google's App Engine domain: 'https://myappenginename.appspot.com/
' then?
In addition of John comment, if you choose the root domain of your service (in the example, my own domain gblaquiere.dev, a list of IPs (and 1 CNAME) is provided and you have to update your registrar with them
If you absolutely want only one IP to register, you can create an HTTPS Load balancer in front of App Engine and create a serverless NEG backend
Although #guillaume posted correctly above I just wanted to reiterate the steps explicitly. Generally someone asking such a question is a newbie to GCloud and it helps to have explicit steps.
At the App engine dashboard click on settings.
From the settings, click on ADD Custom Domain
To add a domain you needed to verify your domain with Google already, either through adding a TXT record or another method offered by Google (if you haven't registered your domain with Google). This verification can happen almost immediately with Registrars like namecheap.com or name.com (as per my experience)
Then go back to this custom domains area in the Google App Engine console and you will be provided with a list of verified domain you can select to route to your App Engine.
Once you have done this Google will provide you with a series of A, AAAA and a CNAMe record which you will need to update at your Registrar, generally in the advanced DNS settings.
This should definitely be sufficient. I think my struggle resulted due to a problem with my deployed app which I misdiagnosed as a problem with the DNS routing. Thanks for the previous responses which assisted me.
I have this problem when forwarding www CNAME to a Google App Engine application. It's not working maybe I am missing something.
Is it possible to forward CNAME to Google App Engine without adding custom domain?
The documentation you linked actually contains the answer to your question: You have to add a custom domain to your app with a wildcard.
And here is the reason why you have to add every domain to your custom domain.
When you create a cname it will always point to ghs.googlehosted.com. My guess is that the servers behind that domain are one huge load balancer, but that's not really important here. What is important is, that before your HTTP request is made the DNS name is resolved to an IP address. The range of IP addresses is the same for all appengine apps, so the server doesn't know that this particular request is intended for your app. However with that IP address a TCP connection is opened to the server. Now you send a request like:
GET / HTTP/1.1
HOST: www.yourcustomdomain.com
The server looks at the HOST part and must decide which app this request should be forwarded to. But it cannot know that if you didn't add your domain to the custom domains of your project. There simply is no information about where to route that request. So the simple answer is:
Yes you must add all your custom domains to your project, but you could use wildcards
No it will not work without that step, because the Google infrastructure houses tons of apps and your app does not have a dedicated IP address by which it could be identified
We have an AppEngine that receives automatic data via email from remote sites and stores it into the datastore. We're using a 3rd Party SMTP host now, and /_ah/mail/ is working properly.
A lot of this data is coming from legacy microcontrollers, PLCs, smart meters and the like. They all have a configuration for email address, SMTP server, SMTP user/pass, From address, and interval.
We'd like to setup postfix on a g1-small Compute Engine instance to handle authenticated direct-SMTP connections for the incoming data, but there are no examples of anyone else doing this. Is it as simple as writing a postfix filter to take the data and POST it over to /_ah/mail on AppEngine?
Alternately, is there an easier way that we're missing? We are converting some of the devices to use POST/PUT where possible, but we have a lot of different devices, and that will take time.
Google App Engine provides an SMTP service for inbound email - messages sent to <anything>#<app_id>.appspotmail.com will be sent to /_ah/mail/<anything>. If your devices only need to send email into your system you could point them directly to GAE's mail servers.
Your suggestion of running a inbound mailserver on GCE and using it to forward to HTTP on your app is also a viable solution, and doesn't require abusing email servers. There are even companies that will do this for you!
We are starting a very large web based service project. We are trying to decide what hosting environment to use. We would really like to use Google App Engine for scalability reasons and to eliminate the need to deal with servers ourselves.
Secure logins/registrations is very important to us, as well as using our own domain. Our target audience is not very computer savvy. For this reason, we don't want to have the users have to sign up with OpenID as this can't be done within our site. We also do not want to force our customers to sign up with Google.
As far as I can see, I am out of luck. I am hoping to have a definite answer to this question. Can I have an encrypted login to our site accessed via our domain, without having to send the customers to another site for the login (OpenID/Google).
Thanks.
The hardest part is getting around the cookie issue. While you can do secure and custom logins against https://yourdomain.appspot.com, you cannot set a cookie there that will work on http://yourdomain.com.
Here is what I propose:
When you need to log the user in, send them to https://yourdomain.appspot.com. If they enter the credentials properly, create a one-time token and place it either in the datastore or in memcache. Give it a lifetime of a few seconds.
Then redirect the user back to http://yourdomain.com/authenticate?token=mytoken (obviously substitute the names as appropriate), check to make sure that the token is valid and has not expired, and if all is clear, set the appropriate cookies and expire the token.
I think that'd work just fine. Hope it helps!
As of June 27, 2012, App Engine supports SSL for custom domains.
http://googleappengine.blogspot.com/2012/06/google-app-engine-170-released-at.html
There is nothing stopping you from creating your own authentication/registration mechanism with Google App Engine. The only problem is that Google App Engine currently only supports HTTPS via https://yourid.appspot.com and not your Google Apps Domain (i.e. https://www.foobar.com). However, this is on the product roadmap for future support (SSL for third-party domains). Note, also on the product roadmap is built-in support for OAuth & OpenID.
Update: Another option may be to use a proxy server (like Apache with mod_proxy) and map your domain to the proxy server and then the proxy server can proxy the HTTP and HTTPS requests to Google App Engine. The requests could be proxied to the appspot.com domain behind the scenes. I haven't actually done this, but I believe it should work. However, this would give you a single point of failure at the proxy server which basically defeats the purpose of Google App Engine's high-availability and scalability. This would definitely just be a short-term solution until Google supports SSL for third-party domains or OpenID.
Depending on whether your threat model can accept a non-encrypted link on the "last hop" to GAE, you can use a proxy to handle SSL from the browser. Here's a HOWTO I wrote up on using CloudFlare to get always-on SSL:
http://blorn.com/post/20185054195/ssl-for-your-domain-on-google-app-engine
This isn't structurally any different than the way SSL from Google will work, it's just that Google-provided SSL will terminate within G's network rather than just outside it. If you're trying to protect against Firesheep, CloudFlare (or any other SSL proxy) will do fine. If you're worried about snoops on the trunk connection between CF and Google, you may want a more sophisticated solution.
App Engine only allows you to use these formats for XMPP addresses:
app-id#appspot.com
anything#app-id.appspotchat.com
Is there be a way to configure a custom domain so that it forwards XMPP messages to one of these address formats.
For example, if my domain is called myxmpp.com, I could give that out to users as my application's JID and then forward any user chat messages received there directly to myxmpp#appspot.com (assuming myxmpp is the app-id)?
I'm fairly sure that, to do this, you would need a custom XMPP server serving for your domain. I'm also fairly sure that you'd have to write said server yourself.
This site http://www.prosody.im/doc/dns explains what you need to configure in your DNS to do this.