How to redirect all HTTP traffic to HTTPS in Flex Custom env?

[Sergey Shekyan]

Cannot really figure out how redirect all HTTP traffic to HTTPS with 301 redirect. 

It is a node app with a Java dependency. 

In app.yaml added 

```

handlers:

- url: /.*

  script: ignored

  secure: always

  redirect_http_response_code: 301

```

but nothing really changes.

[Sergey Shekyan]

Answer to myself: handlers are not supported in custom flex environment. Using koa-sslify solved my problem.

[Nicholas (Google Cloud Support)]

You are correct.  secure handlers have been deprecated for the App Engine flexible environment.  The current recommendation is to use the Strict-Transport-Security response header.  Clients should then know to use HTTPS for future requests.  I'd also recommend redirecting the initial request to HTTPS as well with a 302 or 301 to ensure no insecure content is sent.

Note that the Google Cloud Load Balancer terminates all HTTPS connection and forward traffic to your application over HTTP.  The X-Forwarded-Proto request header should be consulted to determine if the original request was over HTTP or HTTPS.  It seems like the library you linked, koa-sslify, has an option to respect this header: trustProtoHeader.  I've not tested it myself but would be worth trying if using that middleware.