How do I activate SSL on a custom domain in Google AppEngine? - google-app-engine

I am able to serve my AppEngine site thru a custom (http) domain, but can not see the "SSL" subtab in the "Domain Settings".
What's wrong?

SSL for Custom Domains isn't launched yet. However as the observant may have noticed (docs, admin console, 1.7.0 release notes), the launch is imminent. Stay tuned for the blog post.

Not sure, but the reason might be - you must have an App Engine application with billing enabled that has cleared at least one billing charge.

Have you configured your app to use a custom domain? The subtab won't appear until you do.
https://developers.google.com/appengine/docs/domain

Related

How do I use my Google App with my a custom domain?

I've looked at previous questions enter link description here, but they use the GSuite Administrator to make changes, while my app uses GCloud. The domain registrar is separate since Google domains don't work in my country.
I mainly followed this guide to setting up my Zones and updating the name servers. I've configured the
https://cloud.google.com/dns/docs/update-name-servers
The question I linked to earlier recommended setting up a www. subdomain, but it used Authenticator. I'm not sure how to do this in a zone. I set up all the records properly in my domain registrar.
Here are the settings:
When I load the site itself (There's no actual HTTP response code):
And when I try the www. subdomain
I'm sure there's a step I'm missing, but this is my first site with GCloud. So I'm not very familiar with the process.
I think where is your missing step.
When you ask Google to use your domain, Google will expose HTTPS endpoint. HTTPS requires a certificate, and Google will generate it for you. However, before doing this, Google has to be sure that the domain belong to you.
You have to prove to google that you own your domain. For this, go to this page, log in and add a property (your website URL). Follow the instruction and be sure that your property has been validated.
Then, wait some minutes (hours?) the time that the certificates are generated and deployed.

Why is there more latency when accessing an App Engine service with a custom domain?

I've added a custom domain to an App Engine project. The TTFB of requests to that project's service on the *.appspot.com domain is under 15ms. Accessing the service via the custom domain, however, takes about 80ms. What can I do to fix this?
According to someone who works at Google, if you set up a custom domain for an App Engine project hosted in Japan, requests are then routed via Taiwan, which increases latency. I haven't heard an explanation of why they do that, but regardless, GCP has known about this issue for about three years and don't seem to think it's a big problem https://issuetracker.google.com/issues/64458939
Point mentioned in the documentation on mapping custom domain with app engine
Using custom domains might add noticeable latency to responses that
App Engine sends to your app's users in some regions. The regions are
as follows:
us-west2
us-east4
northamerica-northeast1
southamerica-east1
europe-west2
europe-west3
asia-south1
asia-northeast1
australia-southeast1
Link - https://cloud.google.com/appengine/docs/standard/python3/mapping-custom-domains

How do I enable SSL for custom domains on appengine?

How do I activate SSL for custom domains on Google Appengine?
The instructions I have read, at https://developers.google.com/appengine/docs/ssl or https://support.google.com/a/answer/2644334?hl=en , seem to refer to an old version of the admin console for Google Apps.
I looked at https://support.google.com/a/answer/2644334?hl=en , but on the current console, if I do Security > Advanced Settings > Set up SSO, there is no place where it asks for the AppEngine Application ID.
I looked at https://developers.google.com/appengine/docs/ssl . It directs me to go to the Admin Console of my App domain, and to find a Domain Settings tab and then go to the SSL subtab. There is no Domain Settings tab, however, and the "Domains" tab only allows me to add domains (without http / https mention).
So, how do I setup SSL for my appengine app that uses a custom domain?
Note: this question has been asked already on StackOverflow, some years ago, but the google dashboards have changed since then, and the information I could find is no longer relevant.
Ok, so that other people can avoid wasting as much time as I did.
When you go to the admin console for your domain, you need to click on Security, but NOT on Advanced settings. Rather, pay attention to the small "Show more" below the other options. If you click that, "SSL for Custom Domains" will magically appear.
No thanks to Google for this horrible user interface.
Hallelujah to Luca. I've wasted a day on this. I had already added the custom domain in the GAE app engine console and was getting the cryptic "We are unable to process your request at this time. Please try again later. (Error #1000)" message.
I wasn't able to assign the certificate to my custom domain. The custom domain wouldn't show in the list in the GAE Security Settings (custom domain) until after removing the custom domain from the GAE console.
AppEngine Introducing managed SSL for Google App Engine for customs domains and it will be got activated automatically, for already added domains please remove it and add once again
More Information-
https://cloudplatform.googleblog.com/2017/09/introducing-managed-SSL-for-Google-App-Engine.html
https://cloud.google.com/appengine/docs/standard/python/securing-custom-domains-with-ssl

SSL Error using custom domain with Google App Engine

I followed the steps detailed here to use a custom domain with google app engine.
I'm the admin of the Google Apps account
I'm the owner of the Google App Engine account
I've added the domain to my Google Apps account through my App Engine account
I see my App Engine app in my Google Apps account
I set the CNAME "test" to point to ghs.googlehosted.com
I added the web address under my Google Apps account and it says "Your users can access my-app-id at: test.mydomain.com
Now when I go to http://test.mydomain.com, it redirects to https://test.mydomain.com and I get an SSL connection error (Unable to make a secure connection to the server.)
I called Google Apps customer support because I have a paid business account, but the customer service guy said that this falls under App Engine support and he was not trained in this issue.
Help!
If you've done everything correctly, you should be able to access your site at http://test.mydomain.com. It sounds from the error you're getting that you're attempting to access it at https://test.mydomain.com (https as opposed to http).
If you want to access your app over SSL at your custom domain, you have more setup to do, as documented here: SSL for a Custom Domain. The steps necessary are many and subject to change; that link is the official source of current information on the matter.
Update: From your updated information, it sounds like you may have secure: always set in your app.yaml, or the Java-configuration equivalent of this setting. It would be helpful if you posted your configuration file.
Also note that it takes several minutes for Google to add a certificate on a domain you recently imported (it may require time for DNS configuration to spread). I personally didn't need to add any secure: configuration, it just worked after some time.

How to use Google App Engine with my own naked domain (not subdomain)?

After hours of reading about and experimenting with DNS records I can access my Google App Engine app via these URLs:
myappid.appspot.com
www.myappid.myowndomain.example
What does not work:
myowndomain.example
www.myowndomain.example
I want to be able to serve my app directly off my domain and not a subdomain. I've seen apps that do this. Is there any way to do this without a URL redirect?
[Update April 2016] This answer is now outdated, custom naked domain mapping is supported, see Lawrence Mok's answer.
I have figured it out!
First off: it is impossible to link something like mydomain.example with your appspot app. This is considered a naked domain, which is not supported by Google App Engine (anymore). Strictly speaking, the answer to my question has to be "impossible". Read on...
All you can do is add subdomains pointing to your app, e.g myappid.mydomain.example. The key to get your top level domain linked to your app is to realize that www is a subdomain like any other!
myappid.mydomain.example is treated exactly the same as www.mydomain.example!
Here are the steps:
Go to appengine.google.com, open your app
Administration > Versions > Add Domain... (your domain has to be linked to your Google Apps account, follow the steps to do that including the domain verification.)
Go to www.google.com/a/yourdomain.example
Dashboard > your app should be listed here. Click on it.
myappid settings page > Web address > Add new URL
Simply enter www and click Add
Using your domain hosting provider's web interface, add a CNAME for www for your domain and point to ghs.googlehosted.com
Now you have www.mydomain.example linked to your app.
I wished this would have been more obvious in the documentation.
[update 2015-09-28] Now Google lets you add custom domains (including naked domains) and setup SSL without the need of Google Apps. For details refer to here: https://cloud.google.com/appengine/docs/using-custom-domains-and-ssl?hl=en
I just discovered today (as of 2014-04-11) a new custom domain settings page is available from Google Developers Console:
1. Go to https://console.developers.google.com/project
2. Click on your project
3. On the left click "App Engine"
4. Click "Settings"
There you go! You can configure custom domain without the need of Google App account!
[Update April 2016] This answer is now outdated, custom naked domain mapping is supported, see Lawrence Mok's answer.
See http://www.google.com/support/a/bin/answer.py?hl=en&answer=91077 for the details. Once you have signed up for Google Apps for Your Domain:
# Sign in to the Google App Engine admin console.
# Go to Administration > Versions
# Click the 'Add Domain...' button under Domain Setup.
# Enter your domain name in the 'Domain Name:' field
# Click 'Add Domain'. You will be directed to the Google Apps administrator console to complete the process.
# Log in to the Google Apps control panel with your administrator account.
# Accept the terms and specify the access URL you'd like to provide for your application.
# Click 'Accept
You can't use a naked domain, though, such as whatever.example (but www.whatever.example does work), because:
Due to recent changes, Google App Engine no longer supports mapping
your app to a naked domain. If your domain registrar supports URL
redirects, you can redirect from http://yourdomain.example to your app,
which can be served from domains like http://www.yourdomain.example or
http://appid.yourdomain.example.
as specified at http://www.google.com/support/a/bin/answer.py?answer=91080
If like me you have seen this message while trying to add 'www' as a subdomain inorder to get your own domain working:
'Already used, please remove previous
mapping first . '
The above process mentioned in other answers has changed slightly if you are using Google Apps for your domain.
You must now do this as well:
Google Apps -> Service Settings -> Sites. Click 'Web address mapping' and remove the 'www' mapping which has been added by default to Sites.
Then you can add the 'www' subdomain for your App engine app
see this link:
http://groups.google.com/group/google-appengine/web/deleting-existing-www-mapping-from-google-apps
Another solution which is given by Google is URL forwarding: http://www.google.com/support/a/bin/answer.py?hl=en-in&answer=61057
Google does offer naked domain redirection.
Login to your google apps account and select "manage this domain"
Navigate to Domain settings
Within Domain Setings, navigate to Domain names
There's a link that says "change the A record". Clicking that will give you the destination IPs for the A records you need to create.
Google does not provide an IP for us to set A record. If it would we could use naked domains.
There is another option, by setting A record to foreign web server's IP and that server could make an HTTP redirect from e.g domain.example to www.domain.example (check out GiDNS)
For App Engine in 2019, googles has made it easier to set up a custom domain.
Google App Engine -> Settings -> Custom Domains
Verify your domain
Select Your Domain Name Registra
Reminder: Use TXT Record with the value Google provides without a existing CNAME record, otherwise TXT Record will be override
Follow the steps on the page, which includes the configuration of your subdomain, CNAME Record, A Record, AAAA Record, and you'll be good to go.
Just managed to sort this finally after hours. The www subdomain was pointing to Sites, but the front end wasn't showing me that.
After taking the plunge and setting the CNAME to gwh.google.com, and enabling / disabling Sites a couple of times (see the comment from Rodrigo Moraes on http://groups.google.com/group/google-appengine/web/deleting-existing-www-mapping-from-google-apps) I was able to set the Sites address to use the www subdomain.
I was then able to change it away from using the www subdomain, at which point the appengine app allowed me to specify the www subdomain.
That is one dirty fix - basically turning on and off Sites until it works!
When you go to "Application Settings -> Add Domain" It will ask to select login account, probably you are already on gmail account so it will show gmail account as well, but you should use Google Apps account where you have mapped your custom domain.
You can redirect forward or mask your domain name in godaddy but I don't know about other hosting sites.Have a look on this link
Here is a tutorial from Google about mapping your App on custom domain: https://cloud.google.com/appengine/docs/domain?hl=FR
It should be the latest update. But please note these 2 things:
1- You may not find you App in the new developer console, then the only workaround for that is download your source code, create a new app from the new developer console and deploy it.
2- You find your App on the developer console, but under the Compute menu you may not find the App Engine Settings as mentioned in the tutorial, then you have to proceed the same as i explained in the first point (create another application)
I hope this helps !
You can create a custom domain (including naked domain) for your App Engine and you can also set up self managed SSL certificates there.
To use a custom domain, map the domain to your app, then update your DNS records. You can map a naked domain, such as example.com or a subdomain, such as subdomain.example.com. You can also use wildcards to map subdomains.
The steps to map custom domain to your application are following -
In Console,go to the Application settings tab of the App Engine Settings page
-->If you need to enable G Suite authentication then click Edit to modify the Google Accounts API Referrer-->In the Google Authentication drop-down menu, select G Suite domain, then add your domain such as example.com in the empty field.
Go to the Custom Domains tab of the App Engine Settings page--> Click on add custom Domain-->If your Domain is already verified then select it from the drop down menu-->click Continue.
If you haven't verified your domain yet, follow the steps below:
a) Select Verify a new domain from the drop-down menu.
b) Enter your naked domain name (such as "example.com") and click Verify.
c) Enter information in the Webmaster Central window that appears.
d) After you complete the steps in Webmaster Central, return to the Add a new
custom domain page in the Google Cloud Console.
In the Point your domain to (project-ID) section, specify the domain and subdomains that you want to map.We recommend mapping the naked domain and the www subdomain-->click Save mapping.
Sign in to your domain registrar web site and update your DNS records.
Please refer to the following link for detailed description of required steps -
https://cloud.google.com/appengine/docs/standard/python/mapping-custom-domains
You must try like this, Application Settings > Add Domain...

Resources