如何在Google Cloud AppEngine上强制执行https

我正在尝试对所有托管到Google Cloud AppEngine上的应用程序的流量强制使用https。 https可以运行,但是尽管按照将HTTP流量重写为https的说明进行操作,仍然可以使用http访问网站,这会导致问题。</ p>

我已将其添加到app.yaml中: </ p>

 处理程序:
-网址:/.*
脚本:_go_app
安全:始终
redirect_http_response_code:301
</ code> </ pre> \ n

,但似乎没有什么区别。</ p>

我正在使用julienschmidt路由器,然后使用它来处理所有路由:</ p>

  log.Fatal(fmt.Println(http.ListenAndServe(“:8080”,路由器)))
</ code> </ pre>

我已经看过使用http .ListenAndServeTLS,但这需要额外的参数,因此我无法计算出它们在Google AppEngine上下文中的值。</ p>

  log.Fatal(fmt.Println(http  .ListenAndServeTLS(“:8443”,“ cert.pem”,“ key.pem”,路由器)))
</ code> </ pre>

其中“ cert.pem”和“ key.pem”?</ p>

我已阅读到我不需要在我的应用中显式提供TLS,因为AppEngine将 为我自己处理它,所以即使我知道参数是什么,也不确定它对 force </ em> https是否有用。</ p>

http://sapling.appspot.com

https://sapling.appspot.com

http:// sapling .money

https://sapling.money
</ p> \ n

以上所有工作均有效,但我似乎无法将两个http版本都强制使用https。</ p>
</ div>

展开原文

原文

I am trying to force https for all traffic to an app hosted on Google Cloud AppEngine. https works, but despite following the instructions for rewriting http traffic to https, it's still possible to access the site with http, which causes problems.

I have added this to the app.yaml:

handlers:
  - url: /.*
    script: _go_app
    secure: always
    redirect_http_response_code: 301

but it doesn't seem to make any difference.

I am using the julienschmidt router and then this to handle all routes:

log.Fatal(fmt.Println(http.ListenAndServe(":8080", router)))

I have looked at using http.ListenAndServeTLS but this takes extra parameters and I can't work out what the values of those should be in the Google AppEngine context.

log.Fatal(fmt.Println(http.ListenAndServeTLS(":8443", "cert.pem", "key.pem", router)))

Where are "cert.pem" and "key.pem"?

I've read that I don't need to explicitly serve TLS in my app, because AppEngine will handle it for me, so even if I knew what the parameters were, I'm not sure it would help in forcing https.

http://sapling.appspot.com
https://sapling.appspot.com
http://sapling.money
https://sapling.money

All of the above work, but I don't seem able to force either of the http versions to https.

dsv73806
dsv73806 谢谢。这可能会有所帮助,但我仍然不知道http.ListenAndServeTLS()中的参数值应该是什么。即,如果我使用的是GoogleApp引擎的SSL证书,它们在哪里?路径是什么?
大约一年之前 回复

3个回答



您正确地将 secure:always </ code>元素包括在 app.yaml ,因为这将为您的应用处理程序强制使用HTTPS。 </ p>

但是,我相信以下“用于保护您的应用程序”的App Engine文档找到了此处可能对您有用。 如该链接所示,您只需将每个资源之间的句点替换为 -dot-</ code>,即可将HTTP URL转换为HTTPS。 您可能会看到下面提供的示例。 </ p>

  http:// [SERVICE_ID]。[MY_PROJECT_ID] .appspot.com 
https:// [SERVICE_ID] -dot- [MY_PROJECT_ID] .appspot.com
</ code> </ pre>

有关HTTPS URL和资源定位的其他信息,您可能会看到如何路由请求此处。 </ p>

希望有帮助!</ p>
</ div>

展开原文

原文

You are correct for including the secure: always element in your app.yaml as this will force HTTPS for your app's handlers.

However, I believe the following App Engine Documentation for "Securing Your App" found here may be of some use to you. As indicated in that link, you can convert HTTP URLs to HTTPS by simply replacing the periods between each resource with a -dot- instead. You may see the example provided below.

   http://[SERVICE_ID].[MY_PROJECT_ID].appspot.com
   https://[SERVICE_ID]-dot-[MY_PROJECT_ID].appspot.com 

For additional information about HTTPS URLs and resource targeting you may see how requests are routed here.

Hope this helps!

doufangmu9087
doufangmu9087 谢谢,但是我没有使用任何子域或服务ID,因此除非看不到什么,否则我看不出有什么帮助?
大约一年之前 回复



对于特定页面或整个域,您可以使用Strict-Transport-Security标头指示浏览器在HTTP上优先使用HTTP而非HTTP 在文档中进行了概述。 为了向您的应用添加 HTTP Strict-Transport-Security标头(HSTS) ,则必须在应用程序的代码中实现标头,而不是在应用程序的配置文件(app.yaml或appengine-web.xml)中实现标头。</ p>

启用HSTS预加载也是一个好主意 如果您使用Google的HSTS 预加载列表注册了应用程序。 Firefox和Chrome永远不会通过非安全连接加载您的网站。</ p>
</ div>

展开原文

原文

You can use the Strict-Transport-Security header to instruct the browser to prefer https over http for a given page or an entire domain as outlined in this document. In order to add HTTP Strict-Transport-Security headers (HSTS) to your app, you must implement the headers within your app's code, not within your app's config file (app.yaml or appengine-web.xml).

It is also a good idea to enable HSTS preloading if you register your application with Google's HSTS preload list. Firefox and Chrome will never load your site over a non-secure connection.

dovt85093
dovt85093 您使用的是App Engine标准版还是Flex版,哪个版本?
大约一年之前 回复



如果您使用的是 secure:always </ code>处理程序,并且请求未自动重定向,那么您就是 可能使用App Engine Flex? </ p>

App Engine Flex不支持处理程序,您可以在Flexible app.yaml 文档。 </ p>

相反,您可以检入代码是否通过HTTP或HTTP发送请求并进行重定向。 这是通过 App Engine特定标头< / a> X-Forwarded-Proto </ code>。</ p>

在您的端配置了实现,并且有简短的段落。</ p>

您还可以查看类似的Stack帖子 具有相同的答案 1 </ p>

我希望这会有所帮助!</ p>
</ div>

展开原文

原文

If you are using the secure:always handler and the requests are not being automatically redirected, then you are probably using App Engine Flex?

App Engine Flex does not support handlers, you can see this in the Flexible app.yaml documentation.

Instead, you can check in your code if a request was sent via HTTP or HTTPs and redirect. This is done with the App Engine specific header X-Forwarded-Proto.

The implementation is configured on your end and there is a brief paragraph on the subject.

You can also view similar Stack posts with the same answers 1

I hope this helps!

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问