Google App Engine custom domain mapped to secure site

Question

I have mapped my custom domain to GAE custom domain mappings. My domain resides at godaddy.com.

The mapping works and it always points to non-secure site, where as a secure site does exist.

I want on typing non secure site it should auto direct to secure site. I tried to use forward mechanism on loads, but somehow it gets in a loop from secure to non-secure.

DNS' & domains does not know anything about "secure" or "insecure" sites, this is something the app/web server has to handle to redirect from HTTP to HTTPS. Since you've not provided any details like if you're using Flex or Standard environment I'm adding some generic info you may find interesting https://cloud.google.com/appengine/docs/standard/nodejs/application-security#https_requests — Puteri, Aug 30 '21 at 01:11
Please provide enough code so others can better understand or reproduce the problem. — Community, Aug 31 '21 at 17:33

score 1 · Answer 1 · answered Sep 01 '21 at 12:04

You can try the following 3 approaches :

To send HTTPS requests with your custom domain, you can use the managed SSL certificates, like mentioned here which says

“By default, HTTPS connections on your custom domain will be enabled automatically using managed SSL certificates”.

To force HTTPS for your app, you can specify the secure: always element for each handler in your app.yaml. Using secure: always redirects all HTTP traffic to an HTTPS URL.

For example:

handlers:
- url: /.*
  script: auto
  secure: always
  redirect_http_response_code: 301

To instruct the browser to prefer https over http for a given page or entire domain, set the Strict-Transport-Security header in your responses. Add the header to your app's static file and directory handlers.

For example:

Strict-Transport-Security: max-age=31536000; includeSubDomains

Google App Engine custom domain mapped to secure site

1 Answers1