Skip to first unread message
Mayank Bhagya
Jan 1, 2016, 2:39:45 AM1/1/16
to Google App Engine
Hello,
I am using nginx as a reverse proxy in front of my appengine app.
So the client's IP doesn't turn up in the remote_addr of the request that reaches app engine.
Instead, remote_addr has the ip of the machine running nginx.
So lat-lng, country and other headers are not getting populated correctly.
Is there anyway I can tell appengine to use the forwarded IP to compute lat-lng, country etc?
Thanks.
-mayank
Miguel Vitorino
Jan 1, 2016, 2:55:28 PM1/1/16
to Google App Engine
Hi,
I don't have an answer for you, but I am curious to why you need nginx in front of AppEngine.
Miguel
Mayank Bhagya
Jan 2, 2016, 2:52:16 AM1/2/16
to Google App Engine
Hello Miguel,
In our app, users can hook-up their custom domain to their accounts.
Now, appengine has this restriction that one cannot attach a custom domain without google verifying it.
And there is no API to do that verification. It can be done via the UI only.
So the only way to offer custom domain to our users was to attach domains to another machine running a reverse proxy above the GAE application.
Thanks.
Miguel Vitorino
Jan 2, 2016, 2:33:58 PM1/2/16
to Google App Engine
Hi Mayank,
I was not aware that GAE doesn't have an api for domain verification. It is a big limitation. Thanks for sharing!
Miguel
Message has been deleted
Adam (Cloud Platform Support)
Jan 3, 2016, 2:44:12 PM1/3/16
to Google App Engine
You could try forwarding them as extra custom headers, as in this example, and then check for these different headers on App Engine.
Mayank Bhagya
Jan 4, 2016, 2:22:41 AM1/4/16
to Google App Engine
Thanks for the reply Adam.
So my question is if there exists a way to tell GAE to use a particular header for extracting the IP address.
We're already forwarding the IP address as a request header, but Google doesn't derive lat-long, country etc. using the forwarded IP.
It uses the IP of the nginx machine to derive the lat long, country and other data.
So my question is if there exists a way to tell GAE to use a particular header for extracting the IP address.
Barry Hunter
Jan 4, 2016, 6:23:42 AM1/4/16
to google-appengine
Have you tried making sure you are adding a X-Forwarded-For header? despite the X, its pretty standard header for proxies, but often not enabled by default.
--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com.
To post to this group, send email to google-a...@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/e1d78479-2905-4333-941d-342063262ef7%40googlegroups.com.
Adam (Cloud Platform Support)
Jan 8, 2016, 5:08:57 PM1/8/16
to Google App Engine
There's no way to have App Engine look at those headers automatically, but you can still get the data into your application by manually parsing the headers (eg. using request.headers['my-custom-header'] in Python).
Kaan Soral
Jan 10, 2016, 4:48:15 AM1/10/16
to Google App Engine
I'm using Cloudflare and my solution is to manually ping appspot.com directly once and get the lat,lng set as cookies
I'm using a jsonp method and sending the request from the domain
It's not as good, but it's one solution, it's pretty much a generic ip to lat,lng solution/API
Jeff Schnitzer
Jan 10, 2016, 2:38:52 PM1/10/16
to Google App Engine
Please star this issue:
I have to warn you, however, what you are doing (forwarding all traffic through a proxy) is dangerous. Google has some sort of attack detection and prevention system that recognizes malicious traffic patterns and blocks out access from suspect IP addresses. Because all of your traffic will be coming from a single IP address, if an attacker trips this mechanism, Google will block _all_ of your traffic.
This defensive system is totally undocumented, but it does exist - a couple years ago, this resulted in my website being shut down because I was proxying all traffic through CloudFlare. After about half a day of downtime, Google and CF got together and whitelisted the appropriate IP addresses. Running your own private proxy means this is failure case is less likely to happen, but it also means that if it does happen, you alone will have to work through Google's support tiers find someone who understands the issue.
I also run a whitelabeled system with hundreds of domains. The verification system is a huge PITA, especially because verification is tied to google *user accounts* and not the application project (that's right - the GAE "custom domains" panel looks totally different depending on who you are logged in as). However, there is an API for it:
I haven't tried it yet, but if you do, please report back.
Jeff
--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com.
To post to this group, send email to google-a...@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
Mayank Bhagya
Jan 15, 2016, 1:17:06 PM1/15/16
to Google App Engine, je...@infohazard.org
Thanks a lot for the detailed response Jeff.
I will surely look at the API that you suggested.
Reply all
Reply to author
Forward
0 new messages