我正在尝试使用 Cloudflare for Saas 配置我的 Google App Engine 实例,更准确地说是 Cloudflare 的 < href="https://developers.cloudflare.com/ssl/ssl-for-saas/" rel="nofollow noreferrer">SSL for SaaS 产品。目标是我可以向客户提供一个“自定义域”(也称为“虚荣域”),这样他们就不会访问 dashboard.mywebsite.com,而是访问 app.customerwebsite.com。
配置部分
为了确保我的 App Engine 实例能够正确地在 dashboard.mywebsite.com 上提供内容,我进行了以下操作:
在 Google Cloud 端:
- 我已经配置了自定义域
仪表板.mywebsite.com。
- 我已让 Google 管理 SSL 配置(无自定义密钥/证书)
runtime: nodejs14
env_variables:
NODE_ENV: 'production'
basic_scaling:
max_instances: 10
idle_timeout: 5m
在 Cloudflare 端:
- 我已更新DNS 记录以便
dashboard.mywebsite.com 工作正常,
- 我已在 Full 模式下配置了 SSL(同时我也尝试过 Flexible 模式 -两者都有效)
我等了几个小时,确认 dashboard.mywebsite.com 能够正确解析并提供我的内容(来自 Google App Engine)。
接下来,自定义域
根据 Cloudflare 文档,我有注册后备源(即 dashboard.website.com),然后配置自定义主机名(例如 app.customerwebsite.com)。我做到了。
现在,根据再次查看 Cloudflare 文档,我的客户必须创建 CNAME 记录。我对我的域名做了这样的操作:
app.customerwebsite.com CNAME dashboard.mycompany.com
这个问题
我又等了几个小时。然后,当我在浏览器中打开 app.customerwebsite.com 时,它会显示 Google 404 错误页面,而不是我的仪表板。这让我认为 Cloudflare 成功地将流量“重定向”到 Google,但 App Engine 拒绝为其提供服务。可能是因为它不知道 app.customerwebsite.com?
有什么想法会有帮助吗?
I'm trying to configure my Google App Engine instance with Cloudflare for Saas, and more precisely Cloudflare's SSL for SaaS offering. The objective being that I can provide to my customer a "custom domain" (also known as "vanity domain"), such that they don't go to dashboard.mywebsite.com, but instead app.customerwebsite.com.
Configuration part
To make sure that my App Engine instance is correctly serving content on dashboard.mywebsite.com, I've made the following:
On Google Cloud side:
- I've configured the custom domain
dashboard.mywebsite.com.
- I've let Google manage the SSL configuration (no custom key/certificate)
- Here is my
app.yaml configuration file:
runtime: nodejs14
env_variables:
NODE_ENV: 'production'
basic_scaling:
max_instances: 10
idle_timeout: 5m
On Cloudflare side:
- I've updated the DNS records so that
dashboard.mywebsite.com is perfectly working
- I've configured the SSL on the Full mode (while I've tried with Flexible as well - both work)
I waited for a few hours and I confirm that dashboard.mywebsite.com resolves correctly and serves my content (from Google App Engine).
Next, custom domains
According to Cloudflare documentation, I had to register the fallback origin (i.e. dashboard.website.com) and then configure a custom hostname (e.g. app.customerwebsite.com). Which I did.
Now, according to Cloudflare documentation again, my customer has to create a CNAME record. Which I did with a domain of mine:
app.customerwebsite.com CNAME dashboard.mycompany.com
The issue
I waited a few hours again. Then, when I open app.customerwebsite.com in my browser, it shows a Google 404 error page instead of my dashboard. Which makes me think that Cloudflare successfully "redirects" the traffic to Google, but App Engine refuses to serve it. Probably because it doesn't know app.customerwebsite.com?
Any thoughts that would help?
发布评论
评论(1)
正如您注意到的那样,问题与Cloudflare无关,而与App Engine无关。配置的问题是,当App Engine收到请求时,基于
host标题,它将请求转发到正确的实例。App Engine允许您映射Google先前已验证的任何自定义域。但是,在您的情况下,这意味着您必须在应用程序引擎实例上注册客户的每个自定义域。太麻烦了(甚至可能)。
您需要做的是以下内容:
dashboard cname ghs.googlehosted.comdashboard a your_ip_addressGoogle的文档提供了有关如何。通过更改一些设置,它可以与应用引擎一起使用。作为额外的帮助,以下是加载平衡器的配置详细信息,它使我们能够通过Google Cloud向客户提供虚荣域/自定义域:
再次,加载平衡器在这里负责映射您的IP地址收到的所有请求(无论
host标题如何)直接到您的应用引擎实例。作为最佳实践,将
dispatch.yaml文件推向您的实例可能很有用:告诉应用引擎将所有请求发送到
>默认服务。它有点像通配符虚拟主机在Apache服务器上。As you noticed, the issue is not related to Cloudflare, but App Engine. The problem with your configuration is that, when App Engine receives a request, based on the
Hostheader, it forwards the request to the right instance.App Engine lets you map any custom domains that has been previously validated by Google. But in your situation, that would mean you have to register each custom domain of your customers on your App Engine instance. That's too cumbersome (if even possible).
What you need to do instead is the following:
dashboard CNAME ghs.googlehosted.comtodashboard A YOUR_IP_ADDRESSGoogle's documentation has a great guide on how to setup a load balancer with Cloud Run. By changing a few settings it works great with App Engine. As an extra help, below is the configuration details of our load balancer that allows us to provide vanity domains / custom domains to our customers through Google Cloud:
Again, the load balancer is here responsible to map all requests received by your IP address (no matter the
Hostheader) straight to your App Engine instance.As a best practice, it might be useful to push a
dispatch.yamlfile to your instance:Which tells App Engine to send all requests to the
defaultservice. It works a bit like a wildcard virtual hosts on an Apache server.