Adding a SSL App engine with custom subdomain pointing to Google Storage bucket

2
votes

Current App:

  • Goole App Engine on a custom domain: myapp.com
  • Google Cloud Storage bucket on a custom subdomain (it uses DNS): images.myapp.com
  • I have SSL certificate with the images subdomain

My question is: Is possible to have this configuration with SSL?

Things I have tried:

  • Load balancer. I cannot figure out how to redirect everything that is not /images/* to the GAE (it seems it only works with backends)
  • dispatch.yaml. I think it only works for the services you deploy
  • In App Engine Settings I have added images.myapp.com, but as the redirection of images.myapp.com is done at DNS level, the secure layer is lost

Any suggestion or idea is more than welcome.

Thank you!

1
google-app-enginesslgoogle-cloud-storagegoogle-app-engine-python

1 Answers

2
votes

The limitation comes from the Cloud Storage bucket presented as a website under a custom domain - you can't use SSL with that. From You want your content served through HTTPS:

SSL is not currently supported by the Cloud Storage webservers; thus, you can only use a CNAME redirect with HTTP and not with HTTPS. If you wish to serve content through HTTPS from your bucket, we recommend you use a third-party Content Delivery Network with Cloud Storage. Alternatively, you can serve your static website content from Firebase Hosting instead of Google Cloud Storage.

If the content of your site meets the Code and static data storage quota you can serve your website through GAE, as static content (through a google CDN), which can be mapped to a custom domain and use SSL. See:

If your content exceeds the mentioned quota then you can still serve it through your app, but dynamically, with your app accessing the content stored on GCS and serving it - more expensive as you'll be using instance hours for it.