问题
I have a site on Google Domains (www.example.com) and it's hosted with Gcloud. I followed the instructions listed here to set up SSL and https: https://cloud.google.com/appengine/docs/standard/python/securing-custom-domains-with-ssl
Basically, I just ran gcloud beta app domain-mappings update example.com --certificate-management='AUTOMATIC'
Now I can indeed access https://example.com and https://www.example.com. But I can access the unsecure http version of those domains as well.
How can I set up my Google Domain to always use https? If someone types http://example.com, I want it to go to the https site instead.
Records: My naked domain (example.com) has 4 A records and 4 AAAA records.
My www.example.com domain has 1 CNAME record with alias=www.
回答1:
Have you tried setting secure: always
in your handlers in your app.yaml
?
handlers:
- url: /youraccount/.*
script: accounts.app
login: required
secure: always
always
Requests for a URL that match this handler that do not use HTTPS are automatically redirected to the HTTPS URL with the same path. Query parameters are preserved for the redirect
https://cloud.google.com/appengine/docs/standard/python/config/appref#handlers_element
回答2:
Not sure what backend language you are using, but you can brute-force to ssl by checking the request header then redirecting. Example:
if request.environ.get('HTTPS') == 'off':
return redirect('https://www.example.com' + request.environ.get('PATH_INFO'), 301)
回答3:
secure: always
still works in all standard environments, but the secure option has been deprecated in all flexible environments, see documentation here or here for Node.js.
If you need this feature in your current environment, the suggested solutions require changes to your application code. Either use the custom HTTP header X-Forwarded-Proto
to redirect the HTTP traffic to HTTPS, or use the HTTP Strict Transport Security response header.
回答4:
Alex's answer (see comments) put me on the right path.
First meteor add gadicohen:headers
to add headers
info.
In my router logic (Iron Router on Meteor) in a before hook, I check if the x-forwarded-proto
is http
. If so, replace http
with https
and go to that URL instead. I make sure I'm not on localhost too, so that I can develop the site
Router.onBeforeAction(function () {
<some other logic>
// Redirect http to https
if (headers.get('x-forwarded-host') !== "localhost:3000") {
if (headers.get('x-forwarded-proto') === "http") {
window.location = window.location.href.replace('http', 'https')
}
}
});
来源:https://stackoverflow.com/questions/48752601/how-to-enforce-https-traffic-to-google-app-engine-with-custom-domain