Custom domain issue
msanztru
We have added a custom domain to our appengine app. We followed the
isntructions changed everything but something went wrong and we can't
find the way to fix it. The thing is that in the google apps appengine
tab the main url specified is https://appid.appspot.com. However, and
that means all traffic from the domain mappings will be sent to the
https url, and of course this won't work. I don't know how this https
url ended up there as in the app engine admin console, the app url is
http://appid.appspot.com.
We haven't find the way to change this url. We have tried to disable
this app in google apps but it didn't work, it stays there.
This is quite urgent, so any help will be really appreciated!!
Thanks in advance!
rdodev
Gwyn Howell
Ruben D. Orduz
The problem he is having is that secure connections are only through https://app.appspot.com and not through his custom domain.
> --
> You received this message because you are subscribed to the Google Groups "Google App Engine" group.
> To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/OCpFcT_0ys4J.
>
> To post to this group, send email to google-a...@googlegroups.com.
> To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
Gwyn Howell
On Tuesday, 3 April 2012 12:04:55 UTC+1, Ruben D. Orduz wrote:
The problem he is having is that secure connections are only through https://app.appspot.com and not through his custom domain.
On Apr 3, 2012 6:51 AM, "Gwyn Howell" <gwyn....@appogee.co.uk> wrote:
>
> not sure i fully understand, but if you are finding that all your urls are being directed to https then you may wish to check your app.yaml file for secure: always.
>
> Forgive me if I've misunderstood.
>
>
> On Friday, 16 March 2012 10:03:47 UTC, msanztru wrote:
>>
>> Hello,
>>
>> We have added a custom domain to our appengine app. We followed the
>> isntructions changed everything but something went wrong and we can't
>> find the way to fix it. The thing is that in the google apps appengine
>> tab the main url specified is https://appid.appspot.com. However, and
>> that means all traffic from the domain mappings will be sent to the
>> https url, and of course this won't work. I don't know how this https
>> url ended up there as in the app engine admin console, the app url is
>> http://appid.appspot.com.
>>
>> We haven't find the way to change this url. We have tried to disable
>> this app in google apps but it didn't work, it stays there.
>>
>> This is quite urgent, so any help will be really appreciated!!
>>
>> Thanks in advance!
>
> --
> You received this message because you are subscribed to the Google Groups "Google App Engine" group.
> To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/OCpFcT_0ys4J.
>
> To post to this group, send email to google-appengine@googlegroups.com.
> To unsubscribe from this group, send email to google-appengine+unsubscribe@googlegroups.com.
Jeff Schnitzer
http://blorn.com/post/20185054195/ssl-for-your-domain-on-google-app-engine
(CF is re-investigating whether they can run the last-mile in SSL too)
Jeff
>> > To post to this group, send email to google-a...@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > google-appengi...@googlegroups.com.
>> > For more options, visit this group at
>> > http://groups.google.com/group/google-appengine?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google App Engine" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/google-appengine/-/zBj62V4r1GsJ.
>
> To post to this group, send email to google-a...@googlegroups.com.
> To unsubscribe from this group, send email to
> google-appengi...@googlegroups.com.
Gwyn Howell
>> > To post to this group, send email to google-appengine@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > For more options, visit this group at
>> > http://groups.google.com/group/google-appengine?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google App Engine" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/google-appengine/-/zBj62V4r1GsJ.
>
> To post to this group, send email to google-appengine@googlegroups.com.
> To unsubscribe from this group, send email to
> For more options, visit this group at
> http://groups.google.com/group/google-appengine?hl=en.
>> > To post to this group, send email to google-appengine@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > For more options, visit this group at
>> > http://groups.google.com/group/google-appengine?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google App Engine" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/google-appengine/-/zBj62V4r1GsJ.
>
> To post to this group, send email to google-appengine@googlegroups.com.
> To unsubscribe from this group, send email to
Jeff Schnitzer
the moment). But it doesn't defeat the point - it depends on what
your threat model is.
If you are sending credit card #s to your backend, this link is a
problem - it violates PCI requirements. For other data, it depends on
your level of sensitivity. The probability of someone intercepting
your data goes from "very high" at the browser to much, much lower at
your servers. Even Google's SSL service likely terminates at some
sort of border router and traverses their (private) network
unencrypted.
Anyone in the security business will tell you there is no 100% way to
secure your system, only ways to reduce the risk. I'm sure that
someone out there has real statistics to back this up, but the biggest
threats to data security seem to be compromised machines, first-mile
snooping (FireSheep), poorly secured infrastructure (default
passwords), lost/unsecured laptops and backup tapes, and unscrupulous
employees. Last-mile snooping is not what keeps me up at night.
Then again, if your website is designed to coordinate civil
disobedience in restrictive regimes, I would be a lot more concerned
about the security of that last mile. I might not even consider GAE
an acceptable hosting platform - there are a lot of employees at
Google, and maybe one of them would take a big fat stack of cash (or a
hero's welcome "back home") to sneak out a data dump.
Security must be considered in context.
Jeff
>> >> > google-a...@googlegroups.com.
>> >> > To unsubscribe from this group, send email to
>> >> > google-appengi...@googlegroups.com.
>> >> > For more options, visit this group at
>> >> > http://groups.google.com/group/google-appengine?hl=en.
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Google App Engine" group.
>> > To view this discussion on the web visit
>> > https://groups.google.com/d/msg/google-appengine/-/zBj62V4r1GsJ.
>> >
>> > To post to this group, send email to google-a...@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > google-appengi...@googlegroups.com.
>> >> > google-a...@googlegroups.com.
>> >> > To unsubscribe from this group, send email to
>> >> > google-appengi...@googlegroups.com.
>> >> > For more options, visit this group at
>> >> > http://groups.google.com/group/google-appengine?hl=en.
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Google App Engine" group.
>> > To view this discussion on the web visit
>> > https://groups.google.com/d/msg/google-appengine/-/zBj62V4r1GsJ.
>> >
>> > To post to this group, send email to google-a...@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > google-appengi...@googlegroups.com.
>> > For more options, visit this group at
>> > http://groups.google.com/group/google-appengine?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google App Engine" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/google-appengine/-/ozUMh_dpwQkJ.
>
> To post to this group, send email to google-a...@googlegroups.com.
> To unsubscribe from this group, send email to
> google-appengi...@googlegroups.com.
Gwyn Howell
>> >> > google-appengine@googlegroups.com.
>> >> > To unsubscribe from this group, send email to
>> >> > For more options, visit this group at
>> >> > http://groups.google.com/group/google-appengine?hl=en.
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Google App Engine" group.
>> > To view this discussion on the web visit
>> > https://groups.google.com/d/msg/google-appengine/-/zBj62V4r1GsJ.
>> >
>> > To post to this group, send email to google-appengine@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> >> > google-appengine@googlegroups.com.
>> >> > To unsubscribe from this group, send email to
>> >> > For more options, visit this group at
>> >> > http://groups.google.com/group/google-appengine?hl=en.
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Google App Engine" group.
>> > To view this discussion on the web visit
>> > https://groups.google.com/d/msg/google-appengine/-/zBj62V4r1GsJ.
>> >
>> > To post to this group, send email to google-appengine@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > For more options, visit this group at
>> > http://groups.google.com/group/google-appengine?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google App Engine" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/google-appengine/-/ozUMh_dpwQkJ.
>
> To post to this group, send email to google-appengine@googlegroups.com.
> To unsubscribe from this group, send email to
> For more options, visit this group at
> http://groups.google.com/group/google-appengine?hl=en.
>> >> > google-appengine@googlegroups.com.
>> >> > To unsubscribe from this group, send email to
>> >> > For more options, visit this group at
>> >> > http://groups.google.com/group/google-appengine?hl=en.
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Google App Engine" group.
>> > To view this discussion on the web visit
>> > https://groups.google.com/d/msg/google-appengine/-/zBj62V4r1GsJ.
>> >
>> > To post to this group, send email to google-appengine@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> >> > google-appengine@googlegroups.com.
>> >> > To unsubscribe from this group, send email to
>> >> > For more options, visit this group at
>> >> > http://groups.google.com/group/google-appengine?hl=en.
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Google App Engine" group.
>> > To view this discussion on the web visit
>> > https://groups.google.com/d/msg/google-appengine/-/zBj62V4r1GsJ.
>> >
>> > To post to this group, send email to google-appengine@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > For more options, visit this group at
>> > http://groups.google.com/group/google-appengine?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google App Engine" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/google-appengine/-/ozUMh_dpwQkJ.
>
> To post to this group, send email to google-appengine@googlegroups.com.
> To unsubscribe from this group, send email to
alex
>> > To post to this group, send email to google-appengine@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > For more options, visit this group at
>> > http://groups.google.com/group/google-appengine?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google App Engine" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/google-appengine/-/zBj62V4r1GsJ.
>
> To post to this group, send email to google-appengine@googlegroups.com.
> To unsubscribe from this group, send email to
Ruben D. Orduz
"looking the other way: excuse for Google. It should not be up to the
users to come up with all sorts hoops and work-arounds to solve the
problem. It should be Google the one trying to offer legitimate
solutions. Until they do, my money (although a pittance) will continue
to go to AWS. If and when Google makes it easy (i.e. not jumping
though 10 different hoops between Google Apps and App Engine) to add
custom domains and provide SSL option for them, we'll re-evaluate GAE
as a viable app-hosting platform.
>> >> > google-a...@googlegroups.com.
>> >> > To unsubscribe from this group, send email to
>> >> > google-appengi...@googlegroups.com.
>> >> > For more options, visit this group at
>> >> > http://groups.google.com/group/google-appengine?hl=en.
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Google App Engine" group.
>> > To view this discussion on the web visit
>> > https://groups.google.com/d/msg/google-appengine/-/zBj62V4r1GsJ.
>> >
>> > To post to this group, send email to google-a...@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > google-appengi...@googlegroups.com.
>> > For more options, visit this group at
>> > http://groups.google.com/group/google-appengine?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google App Engine" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/google-appengine/-/WTpwdt02W7kJ.
>
> To post to this group, send email to google-a...@googlegroups.com.
> To unsubscribe from this group, send email to
> google-appengi...@googlegroups.com.
Jeff Schnitzer
> Have you tried this service? I might give it a spin. Any advice?
Yes - I wrote that blog entry. We're happy with it. As I mentioned
in the blog, it's likely we will stick with CloudFlare even if GAE
offers SSL natively:
http://blorn.com/post/20185054195/ssl-for-your-domain-on-google-app-engine
The only situation in which we can imagine having to think about it is
if Google's native solution came in cheaper than $20/mo, and then we
had to decide if CF's other features were worth a premium. Yeah, we
are cheapskates. Since the trial balloon price Google floated in a
public survey posted to this list several months ago was $100/mo for
VIP (not-SNI) SSL, I don't expect to face that decision.
Jeff
Mark Rathwell
Quick question about CF, since you are somewhat familiar. I currently
use nginx on an EC2 instance to handle SSL on a custom domain. Also,
though, this setup allows me to do things like:
redirect all naked domain requests to www
redirect all http requests to https
reverse proxy www.example.com -> app1.appspot.com
reverse proxy api.example.com -> app1.appspot.com/api
reverse proxy other.example.com -> app2.appspot.com
Is this stuff all possible (and straightforward) with CloudFlare? And
is it simple to manage multiple domains from one account?
Thanks in advance for any information you can provide.
- Mark
> --
> You received this message because you are subscribed to the Google Groups "Google App Engine" group.
> To post to this group, send email to google-a...@googlegroups.com.
> To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
Mark Rathwell
>
> Quick question about CF, since you are somewhat familiar. I currently
> use nginx on an EC2 instance to handle SSL on a custom domain. Also,
> though, this setup allows me to do things like:
>
> redirect all naked domain requests to www
> redirect all http requests to https
> reverse proxy www.example.com -> app1.appspot.com
> reverse proxy api.example.com -> app1.appspot.com/api
> reverse proxy other.example.com -> app2.appspot.com
>
I should have also noted, that I understand that all of this setup is
possible solely with GAE and Google Apps, but this setup allows me to
manage it all in one place, as opposed to several. And I was
wondering if the same would be possible with CF.
Jeff Schnitzer
> Jeff,
>
> Quick question about CF, since you are somewhat familiar. I currently
> use nginx on an EC2 instance to handle SSL on a custom domain. Also,
> though, this setup allows me to do things like:
>
> redirect all naked domain requests to www
> redirect all http requests to https
This is easy.
> reverse proxy www.example.com -> app1.appspot.com
> reverse proxy other.example.com -> app2.appspot.com
Effectively yes, although it's not what you describe here. You just
set up www.example.com in CF's dashboard as normal - a CNAME to
ghs.google.com. You can then flip a switch back and forth to enable
or disable the reverse proxy; when on, traffic will route through CF,
when off, traffic will route directly to ghs.google.com.
Note that ghs.google.com and xyz.appspot.com do NOT resolve to the
same ip addresses and have very different behavior. ghs.google.com
will respond to the Host: header for www.example.com. xyz.appspot.com
will only respond to Host: headers for xyz.appspot.com.
The reason SSL on your own domain from CF to xyz.appspot.com doesn't
work is because CF would need to override the Host header and replace
www.example.com with xyz.appspot.com. I know they had this
implemented at one point but then they removed it for reasons that are
not clear to me. I've asked John Roberts about it, maybe this feature
can be revived.
> reverse proxy api.example.com -> app1.appspot.com/api
This does not appear to be allowed. The url forwarding Page Rules all
issue 301 redirects, you can't transparently forward to a different
uri path.
> Is this stuff all possible (and straightforward) with CloudFlare? And
> is it simple to manage multiple domains from one account?
The interface is pleasant to use. You can have lots of domains,
although we are only using CF with one. I don't know how it would be
if you're talking hundreds or thousands where you need batch
operations (ie, some sort of domain soup for managing parking pages).
Jeff
alex
>> >> > google-appengine@googlegroups.com.
>> >> > To unsubscribe from this group, send email to
>> >> > For more options, visit this group at
>> >> > http://groups.google.com/group/google-appengine?hl=en.
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Google App Engine" group.
>> > To view this discussion on the web visit
>> > https://groups.google.com/d/msg/google-appengine/-/zBj62V4r1GsJ.
>> >
>> > To post to this group, send email to google-appengine@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > For more options, visit this group at
>> > http://groups.google.com/group/google-appengine?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google App Engine" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/google-appengine/-/WTpwdt02W7kJ.
>
> To post to this group, send email to google-appengine@googlegroups.com.
> To unsubscribe from this group, send email to