0

I have an app engine website up, and I'm trying to require https and redirect all traffic to https. However, the only traffic that gets redirected to https is the domain www.hotplate.com, and not anything else, even variations such as hotplate.com, www.hotplate.com/deck, etc. I am able to access the https of these urls manually though. Below is my app.yaml. I checked to make sure there are SSL Certificates and there seems to be. Any help is much appreciated. Thank you.

runtime: nodejs env: flex

handlers: - url: .* secure: always redirect_http_response_code: 301 script: auto

automatic_scaling: min_num_instances: 1 cpu_utilization: target_utilization: 0.9

resources: cpu: .1 memory_gb: 0.9 disk_size_gb: 10

Andy Prevalsky
  • 1
  • 2

2 Answers2

0

You probably need to update url element as follows:...

handlers:
- url: /.*
  script: auto
  secure: always
  redirect_http_response_code: 301
Parth Mehta
  • 1,869
  • 5
  • 15
  • This answer is for App Engine Standard. Does not apply to App Engine Flexible. – John Hanley Dec 04 '19 at 19:44
  • I think you are right, what I suggested was for App Engine Standard assuming it would apply to Flexible as well. Apologies. Reading through the following post it appears that it currently is not possible to do this for App Engine Flexible: See this post for further information https://stackoverflow.com/questions/33878825/how-to-permanently-redirect-http-and-www-urls-to-https – Parth Mehta Dec 04 '19 at 19:59
  • It is certainly possible, just not via app.yaml. Refer to my answer. – John Hanley Dec 04 '19 at 20:38
0

For App Engine Flexible, you need to detect that the user has arrived using HTTP and redirect the user to HTTPS.

This section in your configuration is for App Engine Standard and is not support by App Engine Flexible:

secure: always
redirect_http_response_code: 301

There are many methods to do so directly with reactjs and manually. You also need to consider whether your application is Internet facing or sites behind a load balancer.

If your application sites behind a load balancer then you need to process the X-Forwarded-Proto protocol header to determine which protocol (HTTP/HTTPS) the user connected to the load balancer with.

The exact method depends on your architecture and source code which is not provided in your question.

For example, this snippet will process the X-Forwarded-Proto HTTP header, which means that your application must be behind a load balancer or proxy:

  if (req.headers['x-forwarded-proto'] != 'https') {
    res.redirect(status, 'https://' + req.hostname + req.originalUrl);
  }

Here is another snippet:

app.use(function(request, response){
  if(!request.secure){
    response.redirect("https://" + request.headers.host + request.url);
  }
});
John Hanley
  • 74,467
  • 6
  • 95
  • 159