Moving from Firebase hosting to GAE

93 views
Skip to first unread message

lutfi...@gmail.com

unread,
Jul 21, 2017, 12:45:33 PM7/21/17
to Google App Engine
Hi everyone,

I have web app hosted on Firebase hosting under the domain `mydomain.com`. I want to move `mydomain.com` to GAE and rename original to `service.mydomain.com`.

I wonder if there would be any problem with SSL certificates? How should the transfer be handled?




Anastasios Hatzis

unread,
Jul 21, 2017, 1:51:07 PM7/21/17
to Google App Engine
Hi,

I had a similar issue (not Firebase), so some points I remember:

I assume you want to re-use the same SSL certificate you already use for your Firebase app (which should cover the naked domain "mydomain.com" and "service.mydomain.com"). And I assume you have no wildcard certificate "*.mydomain.com", only for "mydomain.com" and "service.mydomain.com".

  1. First you should prepare your GAE app for the custom domain and SSL (detailed docs here)
    1. By default your app will be hosted under something like "myproject.appspot.com".
    2. If not already done, verify domain ownership for "service.mydomain.com" and "mydomain.com" in Webmaster Central.
    3. In Cloud Console of your GAE app project, you can add a custom sub-domain, that is not in use currently, e.g. "service.mydomain.com" (if it's a wildcard certificate, you can choose an arbitrary subdomain instead). IMPORTANT: Do not use "mydomain.com" in this stage. If completed, traffic to the naked domain would be immediately directed to your app, away from your Firebase app.
    4. When you updated the DNS settings for "service.mydomain.com", upload your SSL certificate and map it to your sub-domain "service.mydomain.com"
    5.  Visit "https://service.mydomain.com" to test if you are directed to your GAE app and if traffic is secured by your SSL certificate as expected
    6. Now you have confirmed that your SSL certificate is supported on GAE, and you are familiar with the work-flow
    7. Recommended: in Stackdriver Monitoring add uptime-checks (to "mydomain.com") and incident policies (at least 4xx errors?) for your GAE app
  2. Optional: Change DNS records of "mydomain.com" and "service.mydomain.com" to shorter TTL
    AFAIR, default Time-to-live (TTL) for DNS is typically 24 hours. If your users would notice the switch between Firebase and GAE hosting, or if they cannot use both apps interchangeably, I recommend to set TTL to much shorter values early enough, e.g. to 15 minutes. Example: If TTL now is 24 hours, you should reduce it at least 24 hours before your migration, else clients may get stale resolution and still get connected to the Firebase app. You can reduce the TTL step by step, until close to the point where you migrate, e.g. from 24 hours, to 6 hours, to 1 hour, to 15 minutes.
  3. Migrate your app
    1. remove "service.mydomain.com" from your GAE app (no harm done, since you only used it for testing your GAE setup so far)
    2. add "service.mydomain.com" to your Firebase app
    3. If Firebase app is accessible under "service.mydomain.com", you are ready to actually migrate
    4. Real migration starts here! > add "mydomain.com" to your GAE app, update your DNS records if needed, and map the certificate to the naked domain; thanks to the shorter TTL, your DNS change should propagate quickly to new clients
    5. Verify if "mydomain.com" traffic is directed correctly to GAE
    6. Keep an eye on your GAE monitoring;
    7. if something goes terribly wrong: stop migration & roll-back by removing "mydomain.com" from GAE app
    8. if everything is fine: after your current TTL (e.g. 15 minutes) has passed, not earlier than that, remove "mydomain.com" from Firebase app
  4. Optional: Revert the TTL values of your DNS records (if needed)
  5. Celebrate! 
Better safe than sorry: aside from the domain and certificate mapping, there is a lot more to consider (data migration, replacement of service accounts and keys, etc.) but I guess you already covered that.

Hope that gave you some ideas for your migration. Good luck.
Ani

Lütfi ALTIN

unread,
Jul 23, 2017, 9:12:07 AM7/23/17
to google-a...@googlegroups.com
Thank you for such detailed answer.

The issue was that I thought if I change the SSL certificate browsers may warn certificate has changed and not allow users to reach mydomain.com

Since I don’t have access to SSL certificate issued by Firebase I couldn’t find a solution. But later I learned that a site can be issued by multiple SSL certificates. So I created new SSL certificate and server application GAE application with new SSL certificate and no problem.

As you said bigger problem was migration.




HATZIS Edelstahlbearbeitung GmbH
Hojen 2
87490 Haldenwang (Allgäu)
Germany

Handelsregister Kempten (Allgäu): HRB 4204
Geschäftsführer: Paulos Hatzis, Charalampos Hatzis
Umsatzsteuer-Identifikationsnummer: DE 128791802

http://www.hatzis.de/

--
You received this message because you are subscribed to a topic in the Google Groups "Google App Engine" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-appengine/ncI3CeEueUY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-appengi...@googlegroups.com.
To post to this group, send email to google-a...@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/1882681f-ec40-4f1a-b012-6b8a61d07a01%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages