Reputation: 21
SSL on cloud storage with custom domain
I uploaded my SSL certificate to GAE. The form is not displaying one of the sub-domains "images.floridata.com" that is in the certificate. The other sub-domains that are mapped to ghs.googlehosted.com are present as checkboxes that can be clicked to active the SSL for that sub-domains. But images.floridata.com which is mapped to c.storage.googleapis.com is not.
We use Google's Cloud DNS. Can someone tell me how to enable SSL for this subdomain?
If I don't enable SSL on this subdomain will the user get "mixed content" errors?
My site is a Golang app so in my app.yaml file I have a "secure: always" entry - would this prevent images being delivered via http causing "mixed content" errors.
thanks!
Upvotes: 0
Views: 1307
Answers (2)
Reputation: 21
I fix this problem using Proxy on Nginx, Apache or Similar In my case after 2 weeks testing Firebase and Load Balance I found that solution and work fine to me using HTTPS of my own domain.
https://github.com/presslabs/gs-proxy/blob/master/nginx.conf
Or you can proxy an subfolder using this soltion
upstream gs {
server storage.googleapis.com:443;
keepalive 128;
}
server {
## YOUR CURRENT CONFIG ##
location ~ /cdn/(.*)$ {
proxy_set_header Host storage.googleapis.com;
proxy_pass https://gs/BUCKETNAME/subpath/$1;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_intercept_errors on;
proxy_hide_header alt-svc;
proxy_hide_header X-GUploader-UploadID;
proxy_hide_header alternate-protocol;
proxy_hide_header x-goog-hash;
proxy_hide_header x-goog-generation;
proxy_hide_header x-goog-metageneration;
proxy_hide_header x-goog-stored-content-encoding;
proxy_hide_header x-goog-stored-content-length;
proxy_hide_header x-goog-storage-class;
proxy_hide_header x-xss-protection;
proxy_hide_header accept-ranges;
proxy_hide_header Set-Cookie;
proxy_ignore_headers Set-Cookie;
}
# location / { ... #
}
Depending of your need you must activate Access-Control-Allow-Origin in Cloud Storage.
Proxy is cheap then Load Balance and if you need to SEO is a good choice.
Upvotes: 1
Reputation: 38369
The "c.storage.googleapis.com" DNS redirect feature does not work for HTTPS addresses. It's HTTP-only.
In order to handle custom domains via HTTPS, you'll need to set up Google Cloud Load Balancing, register your SSL certificate with it, and then configure it to be backed by a GCS bucket.
Upvotes: 4
Related Questions
- SSL Error using custom domain with Google App Engine
- Sub domain not listed in Google App Engine while enabling SSL for custom domains
- Adding a SSL App engine with custom subdomain pointing to Google Storage bucket
- Adding SSL support for AppEngine custom domain
- SSL with Google App Engine custom domain
- how to set-up SSL on google app engine (custom domain name )
- SSL not being served for AppEngine custom (sub)domain
- serving another version of google app engine application - custom subdomain SSL
- Google App Engine custom domains, subdomains and SSL
- Google App Engine - how to set up an SSL for Custom Domain