App Engine and naked/apex domains
270 views
Skip to first unread message
Dan
Apr 10, 2014, 2:04:26 PM4/10/14
to google-a...@googlegroups.com
I know this comes up all the time but can someone give me an example of how they have made their naked domain work with App Engine? I posted this question on StackOverflow. Note that I don't want to redirect from mydomain.com to www.mydomain.com, I want to serve from mydomain.com.
Its clearly not possible to use Google Apps custom domains as they only work with sub domains. Therefore I thought a reverse proxy would work and I see some people mention CloudFlare. Seeing as they just released their CNAME flattening service specifically for naked domains I thought I might have some success. This doesn't seem to work either - I don't know why. I have set up the entry as so 'myapp.appspot.com CNAME mydomain.com' but with no success.
If you have made naked domains work with GAE, how did you do it?
Barry Hunter
Apr 10, 2014, 2:30:53 PM4/10/14
to google-appengine
That doesnt work on its own, because CloudFlare's proxy will send the HTTP Host header, still set to mydomain.com back to the origin (AppEngine) - in that situation, AppEngine has no way of knowing what appid, is meant to serve the domain.
If you have made naked domains work with GAE, how did you do it?
You need a proxy, capable of rewriting the http host header. There are commerical services that offer this.
I've done it previously using Varnish on a small VPS. quite easy to setup if have some basic linux knowledge.
And I do know edgecast CDN does offer http header rewriting, but not tried it with AppEngine.
People using CloudFlare with AppEngine, I think is using the SSL option, where the Flexible SSL option may well offer host header rewriting (because it reterminates SSL) - so using the SSL option, even if you dont strictly need SSL, might work.
Dan
Apr 10, 2014, 3:31:40 PM4/10/14
to google-a...@googlegroups.com
Thanks for the info. Interesting that naked domains may work with CloudFlare's Flexible SSL option.
Can anyone confirm this? I don't want to spend $20 for their pro plan just to find out it does not work. CloudFlare's support has not been that great. The support guy still thinks it should all just work even without SSL turned on and advised me to 'check my settings on GAE'...
PK
Apr 10, 2014, 5:44:04 PM4/10/14
to google-a...@googlegroups.com, Dan
I have read in this list that others have gotten this to work. However, I have not pursued it because the state of the art of this integration means that traffic from CloudFlare Data Center(s) to Google Data Center(s) will be unencrypted and this does not pass my end to end security standards.
--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com.
To post to this group, send email to google-a...@googlegroups.com.
Visit this group at http://groups.google.com/group/google-appengine.
For more options, visit https://groups.google.com/d/optout.
Jeff Schnitzer
Apr 10, 2014, 6:39:20 PM4/10/14
to Google App Engine
Unless CF provides some way of rewriting the Host: header, it won't
work because ultimately Google will reject the naked domain request. A
long time ago CF actually provided this ability, but then they removed
it for reasons I do not understand. You can always ask to bring it
back.
We use CF for SSL (see
http://blorn.com/post/20185054195/ssl-for-your-domain-on-google-app-engine),
but we wouldn't try this trick with naked domains even if it worked -
you'd be permanently dependent on CF. I like being able to yank them
out of the pipeline if necessary.
Jeff
work because ultimately Google will reject the naked domain request. A
long time ago CF actually provided this ability, but then they removed
it for reasons I do not understand. You can always ask to bring it
back.
We use CF for SSL (see
http://blorn.com/post/20185054195/ssl-for-your-domain-on-google-app-engine),
but we wouldn't try this trick with naked domains even if it worked -
you'd be permanently dependent on CF. I like being able to yank them
out of the pipeline if necessary.
Jeff
Dan
Apr 11, 2014, 5:59:24 AM4/11/14
to google-a...@googlegroups.com, je...@infohazard.org
Thanks for all the information. I especially like the blog post by Jeff. I also found this on StackOverflow which seems useful.
Having said all that, I raised this question of naked domains again on StackOverflow and someone pointed out that there is a new settings page at https://console.developers.google.com/project that allows you to link naked domains to App Engine! I am trying it out now and will report back. I bet it just redirects naked http domains like the original functionality though.
Dan
Apr 11, 2014, 6:21:22 AM4/11/14
to google-a...@googlegroups.com, je...@infohazard.org
The new Custom Domains settings page in Google Console does just map redirect naked domains to subdomains as with previous functionality. :-(
husayt
Apr 11, 2014, 11:36:00 AM4/11/14
to google-a...@googlegroups.com, je...@infohazard.org
This new google cloud DNS , might be interesting:
but I have not looked into it.
Barry Hunter
Apr 11, 2014, 11:40:46 AM4/11/14
to google-appengine, je...@infohazard.org
On 11 April 2014 16:36, husayt <hus...@gmail.com> wrote:
This new google cloud DNS , might be interesting:but I have not looked into it.
It doesnt help directly. It doesnt support ALIAS records nor particular intergration with AppEngine.
... it it offers no additional features beyond what would get at any other DNS provider. Its just useful if want to handle everything via Google.
The new domain mapping feature just found, does indeed look like it will sort it :) Could use it with couldflare, with cloud-dns, or what ever dns provider you want.
Dan
Apr 11, 2014, 11:56:06 AM4/11/14
to google-a...@googlegroups.com, je...@infohazard.org
I raised this issue because I saw Google released their Cloud DNS service and CloudFlare released there CNAME flattening service.
Also CloudFlare just confirmed that the Flexible SSL option on their Pro Plan will also not work with GAE naked domains.
I guess I am stuck as I really don't want to run a reverse proxy on a VPS somewhere.
Barry Hunter
Apr 11, 2014, 12:16:36 PM4/11/14
to google-appengine, je...@infohazard.org
On 11 April 2014 16:56, Dan <uvic...@gmail.com> wrote:
I raised this issue because I saw Google released their Cloud DNS service and CloudFlare released there CNAME flattening service.I was also VERY hopeful about the new Google Console App Engine domain mapping feature. Unfortunately, for me, it just redirects naked domains to subdomains which is not what I want.
Are you sure about that?
When I looked at the control panel, you can set a mapping from the naken domain to Appengine.
For a redirect to work, it would have to tell you to setup the DNS for the naked domain, AND the DNS for whatever subdomain it redirects to.
In fact I just tried it, with a spare domain I had already verified with Google. I added it in the cloud control panel, then did a request
# GET http://216.239.32.21/ -HHost:geograph.co.uk -usedS
... I get the content from a AppEngine App (geodatastore).
No Redirect, no where else have setup a mapping from this domain to appengine. Note however also this mapping doesnt exist in DNS either (I'm just using it for testing purposes. . )
Maybe you are getting the redirect, because you have previouslly set it up in the Google Apps control panel? So its still managing the redirect, if so need to delete that so that the new cloud control panel can configure what happens with the domain.
Also CloudFlare just confirmed that the Flexible SSL option on their Pro Plan will also not work with GAE naked domains.I guess I am stuck as I really don't want to run a reverse proxy on a VPS somewhere.
On Friday, April 11, 2014 4:40:46 PM UTC+1, barryhunter wrote:On 11 April 2014 16:36, husayt <hus...@gmail.com> wrote:This new google cloud DNS , might be interesting:but I have not looked into it.It doesnt help directly. It doesnt support ALIAS records nor particular intergration with AppEngine.... it it offers no additional features beyond what would get at any other DNS provider. Its just useful if want to handle everything via Google.The new domain mapping feature just found, does indeed look like it will sort it :) Could use it with couldflare, with cloud-dns, or what ever dns provider you want.
--
Dan
Apr 11, 2014, 3:54:24 PM4/11/14
to google-a...@googlegroups.com, je...@infohazard.org
Amazing! It works! You can now serve naked domains with App Engine!
Barry, you are correct I did have my naked domain mapped to www in Google Apps. However I removed the mapping prior to trying the new Google Console Custom Domain Settings. I just assumed Google did something stupid like by default redirect naked domains to www.
In the end what I needed to do was completely disassociate my App Engine app and my Google Apps account. Once I did this it all started to work. Hooray, this is a feature we have all been waiting for since 2009! Thanks Google I really appreciate the return of naked domain serving.
Dan
Apr 11, 2014, 4:08:17 PM4/11/14
to google-a...@googlegroups.com, je...@infohazard.org
I should add that I guess this also means you don't need a Google Apps account for custom domains anymore! Another thing we have all been waiting for.
husayt
Apr 12, 2014, 2:45:14 AM4/12/14
to google-a...@googlegroups.com, je...@infohazard.org
Dan, I am glad to hear you managed to get this working.
Did you do it through google console or some other place? It will very useful if you could share what steps we need to take for this.
Thanks.
Barry Hunter
Apr 12, 2014, 8:15:11 AM4/12/14
to google-appengine
The steps are noted in the linked stackoverflow answer :)
Reply all
Reply to author
Forward
0 new messages