Naked https (SSL) domain?

[Thomas Wiradikusuma]

Hi guys,

I'm using GAE's official SSL SNI support in my app. Opening https://www.temanmudik.com is fine. But opening https://temanmudik.com (naked domain) gives warning (in Chrome) that essentially says, "Hey, the cert is not for temanmudik.com, it's Google's". Non-SSL (http://temanmudik.com) properly redirects to www. My appid is "neytap".

So I got creative, I logged in to enom (from Google Apps) then removed all A mappings (@ -> google IPs) and replaced them with one URL Redirect (@ -> http://www.temanmudik.com). Non-SSL naked domain is still working, but now Chrome gives me "This webpage is not available. Google Chrome's connection attempt to temanmudik.com was rejected. The website may be down, or your network may not be properly configured." when I try to access https://temanmudik.com.

Anyone know how to properly redirect naked https domain in GAE? I notice there is similar question in this forum (https://groups.google.com/forum/?fromgroups#!newtopic/google-appengine/google-appengine/A-8I1X9vouk), but it's 2009 and uses unofficial SSL support.

[Drake]

Talk to the Apps For Domains guys.  If you get a good answer share it with the list. Currently I think this is the biggest limitation of GAE/GAFD.  You pretty much have to have a redirect server out in the world that 301s all your naked requests to the www domain.

 

That is a sucky solution. (it is also sub optimal if you want short domain names)

 

 

--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/BtUQJeGPVCcJ.
To post to this group, send email to google-a...@googlegroups.com.
To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.

[Waleed Abdulla]

Anyone know if VIP solves the problem and allows naked domains? 

Based on my quick reading of the documentation, it says that virtual IPs might change, but it doesn't say if that happens only when changing VIP settings or if it could happen at any time!

Waleed

[Bryce Cutt]

Waleed, VIP does not solve this issue. You get the same SSL cert warning. They imply that the IP could change at any time so I would not rely on it being the same for multiple requests.

Thomas, If you just want a redirect you could set up a VPS that does the redirect for you and uses either your cert or a different free one (startssl.com) so that any requests to it over SSL don't give a cert warning. A server running Apache with an .htaccess file doing the redirect would be enough for this. Unfortunately it will cost you a monthly fee to keep the VPS running. Maybe there is a business opportunity there for someone to set up a service that does exactly this redirect. I think wwwizer only works for non-SSL redirects.

If you want to host your site on a naked domain then I think you have to use a reverse proxy on your own VPS for now. Careful with this path though as you would be adding a single point of failure in front of your app unless you load balance across multiple reverse proxies (which will probably cost a lot).

- Bryce

[Steve Verbeek]

You basically need to have a separate server be able to handle the root (naked) domain and serve up a SSL certificate. A lot of services, such as Google App Engine do not do this for you, so you need something else capable of doing it.

You could also use https://redirectssl.com it has free redirects up to a certain amount.

Disclaimer: I am the developer behind the service, I understand self promotion is wrong and that is not my intention, this thread has been referenced a lot by people and I want to offer a modern alternative.

[Mary (Google Cloud Support)]

Hello Thomas, 

You can use a “naked” domain rather than the default address that App Engine provided for your app by updating the DNS records as shown here[1]. 

 

[1] https://cloud.google.com/appengine/docs/standard/python/mapping-custom-domains?hl=en