0

I spent considerable time and figured out most parts but I am stuck at the last piece. I have a GAE java web application with domain from Namesilo, I enabled https by enabling managed security and now I am able to access the domain with https:// and http://.

Like all applications on net today and for SEO boost, I would like to make https default option for my domain/application.

I have tried doing 301 permanent forwarding in Namesilo to https://. However that is overriding the CNAME and A records in Namesilo and also, the forwarding to https is not working. I am not able to find much material on the net about this.

Can anyone please help or provide pointers on how to make https default for GAE java app with Namesilo domain.

Karthik
  • 345
  • 1
  • 4
  • 15

2 Answers2

1

In the standard environment you can use the <ssl-enabled> config option in the appengine-web.xml file to require HTTPS, which causes an automatic redirection. From Syntax:

<ssl-enabled>

Optional. By default, any user can access any URL using either HTTP or HTTPS. You can configure an app to require HTTPS for certain URLs in the deployment descriptor. See Deployment Descriptor: Secure URLs.

Dan Cornilescu
  • 39,470
  • 12
  • 57
  • 97
  • thank you, I will try this. Is this independent of setting in domain provider (Namesilo). Do I still need permanent forwarding in Namesilo setup along with this. – Karthik Nov 24 '18 at 17:39
  • As long as both http and https work fine the domain settings no longer matter from this perspective, the config applies to `appspot.com` as well. The domain/ssl setting only matter to get https working. – Dan Cornilescu Nov 24 '18 at 17:43
  • I did this in app-engine-web.xml and redeployed. It works if I directly access appname.appspot.com but when I use domainName.com it is not redirecting to https, am I missing anything else. – Karthik Nov 24 '18 at 18:01
  • Is `domainName.com` a naked domain or a host/subdomain? Does it resolve to `ghs.google.com`? – Dan Cornilescu Nov 24 '18 at 18:18
  • Dan, domainName.com is a naked domain, but I have entries for both www and naked domain. In my namesilo dns records, I have added 4 A and 4 AAAA records along with TXT record for domain verification and www CNAME ghs.googlehosted.com value. In GAE java console, under custom domains, I see entries for both domainName.com and www.domainName.com and SSL security is enabled for both. In appengine-web.xml I added true. These are the settings I have so far – Karthik Nov 24 '18 at 18:37
  • 1
    Dan, you pointed me in the right direction. In addition to marking ssl-enabled to true, I had to set the security-constraint in web.xml also as below from one of the other StackOverflow answers (https://stackoverflow.com/questions/5367974/https-only-in-google-app-engine) - HTTPS redirect /* CONFIDENTIAL – Karthik Nov 24 '18 at 20:57
  • You should add that as an answer, comments may get lost. – Dan Cornilescu Nov 24 '18 at 23:23
  • Dan, adding as answer below as per your suggestion. – Karthik Nov 25 '18 at 03:55
1

Dan had pointed me in the right direction. In addition to marking ssl-enabled to true, I had to set the security-constraint in web.xml also as below from one of the other StackOverflow answers (stackoverflow.com/questions/5367974/…) 

 <security-constraint>
   <web-resource-collection>
      <web-resource-name>HTTPS redirect</web-resource-name>
      <url-pattern>/*</url-pattern>
   </web-resource-collection>
   <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
   </user-data-constraint>
</security-constraint>
Karthik
  • 345
  • 1
  • 4
  • 15