How to give public access to gCloud App Engine

Question

I just deployed an App Engine application with phpMyAdmin connected to a Cloud SQL database. Everything is working fine when I am the one using it.

I would like to share this application to my students but I could not figure out how to give them access to the https ressource. https://-dot-.ue.r.appspot.com/index.php I tried the following:

Disable IAP: Students see an "Your client does not have permission to get URL /"

Enable IAP with allUsers: Viewer: Students see a page with "you don't have permission.. contact administrator"

Enable IAP with "allAuthenticated User Viewer": Same error

Enable IAP with "IAP-secured Web App User" role: Same Error

I'm really lost about giving access. I thought by default my App Engine is available for all google users?

What am I missing here?

Thanks!

App.yaml:

service: phpmyadmin
runtime: php55
api_version: 1
handlers:
- url: /(.+\.(ico|jpg|png|gif))$
  static_files: \1
  upload: (.+\.(ico|jpg|png|gif))$
  application_readable: true
- url: /(.+\.(htm|html|css|js))$
  static_files: \1
  upload: (.+\.(htm|html|css|js))$
  application_readable: true
- url: /(.+\.php)$
  script: \1
  login: admin
- url: /.*
  script: index.php
  login: admin

config.inc.php:

<?php


$cfg['blowfish_secret'] = '<my-secret>'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

/*
 * Servers configuration
 */
$i = 0;

// Change this to use the project and instance that you've created.
$host = '/cloudsql/<my-app>:europe-west1:<my-db>';
$type = 'socket';

/*
* First server
*/
$i++;
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'cookie';
/* Server parameters */
$cfg['Servers'][$i]['socket'] = $host;
$cfg['Servers'][$i]['connect_type'] = $type;
$cfg['Servers'][$i]['compress'] = false;
/* Select mysql if your server does not have mysqli */
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['AllowNoPassword'] = true;
/*
 * End of servers configuration
 */
$cfg['TempDir'] =  "/tmp/";

/*
 * Directories for saving/loading files from server
 */
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';

/*
* Other settings
*/
$cfg['PmaNoRelation_DisableWarning'] = true;
$cfg['ExecTimeLimit'] = 60;
$cfg['CheckConfigurationPermissions'] = false;

Answer 1

After checking the files you shared, I noticed the following:

Regarding your app.yaml, the login option determines whether the URL handler requires that the user is signed in. When the login is set to "Admin" the user needs to be logged in and the user needs to be an administrator. You can either remove the login fully or set the login to “optional”. The "optional" option does not require the user to be signed in to access the URL.

On the other hand, regarding the config.inc.php file, this could be caused by the phpMyAdmin deployment. So, please change these lines

$cfg['blowfish_secret'] = ' < my-secret > ';

$cfg['Servers'][$i]['auth_type'] = 'cookie';

To the following:

$cfg['blowfish_secret'] = '';
$cfg['Servers'][$i]['auth_type'] ='http';

Once the file has been changed and saved, please proceed in redeploying your phpMyAdmin using the gcloud command “gcloud app deploy --version=new” and then try to access again.