iOS IPv6/IPv4 https requirements for AppEngine

[thstart]

I want to host my backend on Google Cloud and use 

App Engine + datastore as backend. The AppEngine endpoint

would be called with IPv6/IPv4  https POST request.

Currently I have an App on iOS AppStore working as follows:

1) user taps on the map

2) location data is transmitted to my Golang server.

3) data related to location is retrieved from database

4) response is received in the App

I add certificates and my Golang handler is follows:

========

configTc := &tls.Config{

Rand:                     rand.Reader,

Certificates:             []tls.Certificate{certTc},

MinVersion:               tls.VersionTLS12,

PreferServerCipherSuites: true,

CipherSuites: []uint16{

tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, // requiredCipher for hhtp/2

tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,

tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,

tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,

tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,

tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,

tls.TLS_RSA_WITH_AES_256_CBC_SHA,

},

CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},

                srvTc := &http.Server{Addr: addrTc + ":8083", TLSConfig: configTc,

ln4Tc, errTc := net.Listen("tcp4", ":8083")

defer ln4Tc.Close()

if errTc != nil {

fmt.Printf("\n Error:net.Listen(tcp4): %s", errTc)

}

tlsListener4Tc := tls.NewListener(tcpKeepAliveListener{ln4Tc.(*net.TCPListener)}, configTc)

go func() {

srvTc.Serve(tlsListener4Tc)

}()

tlsListener6Tc := tls.NewListener(tcpKeepAliveListener{ln6Tc.(*net.TCPListener)}, configTc)

srvTc.Serve(tlsListener6Tc)

========

What I should do to have the same functionality in AppEngine?

Passing Apple requirements was monumental task and I want to be sure

the new version of the app will pass smoothly.

I attached custom domain to my AppEngine app and as I see

https is from Let's Encrypt. I suppose auto renewals are done 

automatically from Google.

Number one requirement is IPv6/IPv4 support on https.

Can App Engine handle this task smoothly? I suppose there are already apps

on iOS App Store using AppEngine.

Best,

--Constantine

[Katayoon (Cloud Platform Support)]

Hi Constantine,

Here you can find the design patterns about different ways to use Cloud Platform to create backend services. You may use either App Engine & Cloud Endpoints or App Engine Standard/Flexible & Firebase.

Using Cloud Endpoints, you can handle communication with App Engine without writing wrappers, so you can simply make direct API calls from your mobile app.

[thstart]

Hi Katayoon,

Thank you for your response. The documentation does not explains a lot so I did the steps myself.

I did the following - registered a new domain in Google Domains. In Google App Engine I added this domain. Then following the steps reached the point about SSL. And actually Google App Engine supports Let's Encrypt and automated the renewal every 3 months. I added the A, AAA records as required and had it working after 5 mins. The checked with SSLabs and got grade A. 

Then in GoogleCloudPlatform->golfing-samples->endpoints->getting-started:

app.go

func main() {

    r := mux.NewRouter()

    r.Path("/echo").Methods("POST").

        HandlerFunc(echoHandler)

    r.Path("/auth/info/googlejwt").Methods("GET").

        HandlerFunc(authInfoHandler)

    r.Path("/auth/info/googleidtoken").Methods("GET").

        HandlerFunc(authInfoHandler)

    r.Path("/auth/info/firebase").Methods("GET", "OPTIONS").

        Handler(corsHandler(authInfoHandler))

    r.Path("/auth/info/auth0").Methods("GET").

        HandlerFunc(authInfoHandler)

    http.Handle("/", r)

    port := 8080

    if portStr := os.Getenv("PORT"); portStr != "" {

        port, _ = strconv.Atoi(portStr)

    }

    log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", port), nil))

}

So internally I have to use port 8080. The https part is handled for CloudEndpoints.

[Katayoon (Cloud Platform Support)]

As mentioned in the documentation, App Engine can’t provide you with the static IP addresses. If you would like to have IPv4/IPv6 you should look into Cloud Compute Engine solutions for your use-case. As noted in my previous comment, you may use Cloud Endpoints to handle communication with App Engine. A sample application is provided in this link which shows how to call a backend service running on App Engine to create a simple game in Java. if you need a sample in Go, you may send your feature request to the Issue Tracker.

I should note that Google Groups are reserved for general Google Cloud Platform-end product discussions and not for technical questions. For technical questions, I recommend that you post your full detailed question to Stack Overflow.

[thstart]

If I have custom domain pointing to AppEngine I don't need static IP address, correct?

[Josh Moore]

That is, indeed, correct.  Even without a custom domain, you can always call <$project-id>.appspot.com instead as the base of the URL.

--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com.
To post to this group, send email to google-a...@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/f07403b6-85a2-4633-be3b-e99b2a071158%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Josh Moore |

Cloud Solutions Engineer |

josh...@google.com |