应用引擎中的自定义域SSL
[英]custom domain SSL in app engine
问题描述
My application has the following urls: 
我的应用程序具有以下网址:
- client-1.myapp.appspot.com client-1.myapp.appspot.com
- client-2.myapp.appspot.com client-2.myapp.appspot.com
I want to use a custom subdomains: 我想使用自定义子域:
- client-1.myapp.com client-1.myapp.com
- client-2.myapp.com client-2.myapp.com
To do this: 去做这个:
- I added a txt record to myapp.com and verified my domain. 我向myapp.com添加了txt记录,并验证了我的域。
- Then I added a cname record for *.myapp.com to ghs.googlehosted.com. 然后,我为ghs.googlehosted.com添加了* .myapp.com的cname记录。
This works great, when client-3 comes along I dont even need to set anything up (except in my code). 这很好用,当client-3出现时,我什至不需要进行任何设置(代码中除外)。 However, a client will eventually want to use their own domain instead of mine. 但是,客户最终将希望使用自己的域而不是我的域。
For Example: 例如:
- sub.client-1-website.com sub.client-1-website.com
- client-2-website.org client-2-website.org
If my app was in a normal lamp stack they could just do a cname record for sub.client-1-website.com to client-1.myapp.com (or client-2-website.org to client-2.myapp.com). 如果我的应用程序位于正常的灯泡堆中,则只需为sub.client-1-website.com到client-1.myapp.com(或client-2-website.org到client-2.myapp)做一个cname记录。 com)。 My app would then have a vhost that points that to the correct location. 然后,我的应用程序将具有一个虚拟主机,将其指向正确的位置。
In app engine if that's all they did it would lead to a 404 page. 在应用引擎中,如果仅此而已,它将导致404页面。 I must go into my add dashboard, verify the domain as mine, add it as one of my custom domains, then they can cname sub.client-1-website.com to client-1.myapp.com (or ghs.googlehosted.com.). 我必须进入添加仪表板,将域验证为我的域,将其添加为我的自定义域之一,然后它们才能将sub.client-1-website.com命名为client-1.myapp.com(或ghs.googlehosted)。 com。)。
This means my clients must add and keep a google-verification txt record in their dns. 这意味着我的客户必须在其dns中添加并保留google-verification txt记录。
Is it possible to have app engine route the request based on the domain they were cnamed to? App Engine是否可以根据它们被命名为的域来路由请求? sub.client-1-website.com -cname-> client-1.myapp.com -cname-> client-1.myapp.appspot.com So app engine would route based on client-1.myapp.appspot.com I have a feeling the answer is no. sub.client-1-website.com -cname-> client-1.myapp.com -cname-> client-1.myapp.appspot.com因此,应用引擎将基于client-1.myapp.appspot.com进行路由感觉答案是否定的。 This would be due to a limitation of how cnames work (not some a limitation in app engine). 这可能是由于cname的工作方式受到限制(而不是app引擎的某些限制)。 Is that correct? 那是对的吗?
At the end of the day this isn't a deal breaker. 归根结底,这不是交易破坏者。 Its just one extra step for me and my client. 对我和我的客户而言,这只是额外的一步。 However, things get super hairy when we add SSL into the mix. 但是,当我们将SSL添加到组合中时,事情变得异常繁琐。
I know how to set up SSL for *.myapp.com though Google Apps. 我知道如何通过Google Apps为* .myapp.com设置SSL。 It is annoying that I have to go through Google Apps, but not a deal breaking because only I need to do that. 我必须经历Google Apps,但这并没有中断交易,这很令人讨厌,因为只有我需要这样做。
However, if my client wants to use their own domain (sub.client-1-website.com and client-2-website.org) they too would need to go though Google Apps to have SSL work wouldn't they? 但是,如果我的客户想要使用自己的域(sub.client-1-website.com和client-2-website.org),他们也需要通过Google Apps才能使用SSL,不是吗?
Is there another way for my clients to be able to add SSL? 我的客户可以通过另一种方式添加SSL吗?
1 个解决方案
解决方案1
0 2015-10-06 20:52:42
As of September 2015, AppEngine SSL is no longer based on Google Apps. 自2015年9月起,AppEngine SSL不再基于Google Apps。 Through the appengine console, you can add client-1-website.com as a custom domain, verify ownership of it, and then add an SSL certificate for that domain. 通过appengine控制台,您可以将client-1-website.com添加为自定义域,验证其所有权,然后为该域添加SSL证书。
I think you'll find the original domain name in the request headers but I haven't checked. 我认为您会在请求标头中找到原始域名,但我没有检查。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.