How to Force SSL on a Static Site using Google App Engine Flexible
2,594 views
Skip to first unread message
Dos Branding
Feb 9, 2018, 6:18:25 PM2/9/18
to Google App Engine
I am currently using Google App Engine to host a static site on Flexible Environment
I have created app.yaml file but no luck yet. What is the right way to force the site to https?
I have also reviewed Stack Overflow https://stackoverflow.com/questions/48024061/google-app-engine-redirect-http-to-https?noredirect=1&lq=1 but no response yet.
How should the handlers page show, in the app.yaml file for a simple site?
Also what should I put in the script file?
My handlers code
I have created app.yaml file but no luck yet. What is the right way to force the site to https?
I have also reviewed Stack Overflow https://stackoverflow.com/questions/48024061/google-app-engine-redirect-http-to-https?noredirect=1&lq=1 but no response yet.
How should the handlers page show, in the app.yaml file for a simple site?
Also what should I put in the script file?
My handlers code
handlers:
- url: /.*
script: *.html
secure: always
Kenworth (Google Cloud Platform)
Feb 9, 2018, 10:06:01 PM2/9/18
to Google App Engine
The 'secure: always' configuration settings has already been deprecated for GAE Flex. You can use the 'X-Forwarded-Proto' header to redirect http traffic. These are also discussed in further detail on this StackOverflow thread.
Dos Branding
Feb 12, 2018, 12:48:17 PM2/12/18
to Google App Engine
Hi Kenworth, please post documentation showing how to implement this in https://cloud.google.com/php/docs. Thank You.
Les Vogel
Feb 12, 2018, 2:00:42 PM2/12/18
to Google App Engine
If all you are doing is hosting a static site, you might wish to consider using Firebase https://firebase.google.com/docs/hosting/ or on App Engine standard https://cloud.google.com/appengine/docs/standard/php/getting-started/hosting-a-static-website
Les
On Mon, Feb 12, 2018 at 9:16 AM, Dos Branding <in...@dosbranding.com> wrote:
Hi Kenworth, please post documentation showing how to implement this in https://cloud.google.com/php/docs. Thank You.
--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscribe@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/94f2e864-b834-4619-8496-891ab178a149%40googlegroups.com.
 |
|
Dos Branding
Feb 12, 2018, 10:58:09 PM2/12/18
to Google App Engine
Hi Les, Kenworth, where should I place the following code?
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Kenworth (Google Cloud Platform)
Feb 13, 2018, 9:58:31 PM2/13/18
to Google App Engine
Hi Dos,
1- As Les mentioned, the best option to host an SSL static site is to use Firebase, GAE Standard, or additionally use Cloud Storage.
2- "Strict-Transport-Security" in PHP usually look like this:
2- "Strict-Transport-Security" in PHP usually look like this:
<?php
//Tell browser site it should only be loaded over https
header("Strict-Transport-Security:max-age=31536000");
?>Dos Branding
Feb 27, 2018, 2:43:48 PM2/27/18
to Google App Engine
Hi Kenworth, I tried placing the code as requested but I got the following error.
How do I fix it.
Warning - cannot modify header information - headers already sent by output
How do I fix it.
Warning - cannot modify header information - headers already sent by output
Reply all
Reply to author
Forward
0 new messages