How to force SSL in NodeJs/Angular App Google App Engine

I want to launch a web application on Google App Engine.

It is a NodeJs/Angular App with frontend and backend which I deployed as separate services following this guide: https://medium.com/@rgoyard/how-to-deploy-a-single-page-application-and-its-backend-to-google-app-engine-353ff93bd38c using client.yml for deploying the frontend, api.yml for the backend and dispatch.yml for routing all request to /api to the backend service.

I also added a custom subdomain to the app and have the SSL certificates managed by google.

Now the only thing left to do is to force SSL, so when I visit http://subdomain.domain.com I automatically get redirected to https://subdomain.domain.de. On the standard appspot domain created by google everything works fine.

Now I tried so many ways to solve this, that I don't know wether the app is running in a standard or flex environment, so tried everything I found.

The docs say for the standard environment you should use secure: always in app.yml like in this question Google App Engine - Redirect HTTP to HTTPS. It didn't work and this is how I configured it:

runtime: python27
api_version: 1
threadsafe: true
service: default
handlers:
  - url: /
    static_files: immocheck/index.html
    upload: immocheck/index.html
  - url: /
    static_dir: immocheck
  - url: /.*
    secure: always
    redirect_http_response_code: 301
    script: auto

Then I tried configuring nginx-app.conf following this answer https://stackoverflow.com/a/49370832/14021965 but it didn't work:

set $test "";

if ($http_x_forwarded_proto = 'http') {
    set $test "http";
}

if ($test = 'http') {
    return 301 https://$host$request_uri;
}

And then I thought maybe I'm on a flexible environment even though I thought I was on standard. So I found something about using the helmet package in the docs and followed this very detailed answer implementing it: https://stackoverflow.com/a/51689825/14021965

Unfortunately that didn't work either and now I would appreciate your help.

Thanks in advance

2 answers

  • answered 2020-09-24 20:49 GAEfan

    Your first / handler matches, and never gets to the secure: always directive. Try:

    handlers:
      - url: /
        static_files: immocheck/index.html
        upload: immocheck/index.html
        secure: always
    
      - url: /  # <-- this url will never get hit, as it already matched above, so try this:
    
      - url: /(.*\.(html|gif|png|jpg|js|css))$
        static_files: immocheck/\1
        upload: immocheck/.*\.(html|gif|png|jpg|js|css)$
        secure: always
    
      - url: /.*
        redirect_http_response_code: 301
        script: auto   
        secure: always
    

  • answered 2020-09-25 07:52 tzovourn

    You mention that you wrote a NodeJS/Angular App but from the yaml file I see that the app is in Python 2.7. In order to define the proper runtime, please change your runtime element with:

    runtime: nodejs12
    

    Here you may find all the necessary information about the yaml configuration file and its elements.

    You also mentioned:

    I don't know whether the app is running in a standard or flex environment.

    When you don't define the env element, the app is deployed on App Engine Standard. You may confirm this by navigating through the:

    1. Navigation Menu > App Engine > Version
    2. Checking under the "Environment" tab of the current version.

    To redirect all the connections of your custom domain to use HTTPS, you will have to set up SSL certificates and then set the Strict-Transport-Security header in your responses. Please keep in mind that you may chooce between Google Managed or using your own certificates.

    I would also suggest you looking the Node.js Quickstart for App Engine Standard, and taking a look at the How-to-Guides, in order to get more insight on how to set up your environment and design your application.