Fixed
Status Update
Comments
jm...@google.com <jm...@google.com> #2
- App Engine instances in the Standard environment [1] do not have public static IP addresses, and are completely protected by the main Google Front-end server. Requests to your application first hit the Google Front-end, then the front-end performs the SSL security checks according to your uploaded certificate [2], and then forwards the request to your App Engine instances using their internal IPs. Therefore no reverse-proxy is required.
- If you are using the App Engine Flexible, App Engine automatically loads Nginx proxy in front of every App Engine Flexible instance pre-configured, so you do not have to set this up at all. All you have to do is follow the guide to uploading your SSL cert [3], and requests will be vetted by the Google Front-end just like the Standard environment above. Therefore no added reverse-proxy is required.
- Note that the Public Issue Tracker is reserved for reporting Google-end issues and feature requests. For further general product discussions it is recommended to post your topics on the supported Google Discussion Groups [4].
**Edited answer to remove mention of Flex Static IPs as the Flex GCE instances are no longer individually configurable.
[1]https://cloud.google.com/appengine/docs/standard/
[2]https://cloud.google.com/appengine/docs/standard/python/securing-custom-domains-with-ssl
[3]https://cloud.google.com/appengine/docs/flexible/python/securing-custom-domains-with-ssl
[4]https://cloud.google.com/support/docs/groups
- If you are using the App Engine Flexible, App Engine automatically loads Nginx proxy in front of every App Engine Flexible instance pre-configured, so you do not have to set this up at all. All you have to do is follow the guide to uploading your SSL cert [3], and requests will be vetted by the Google Front-end just like the Standard environment above. Therefore no added reverse-proxy is required.
- Note that the Public Issue Tracker is reserved for reporting Google-end issues and feature requests. For further general product discussions it is recommended to post your topics on the supported Google Discussion Groups [4].
**Edited answer to remove mention of Flex Static IPs as the Flex GCE instances are no longer individually configurable.
[1]
[2]
[3]
[4]
mo...@gmail.com <mo...@gmail.com> #3
- If you are using the App Engine Flexible environment [3], you are able to have static IPs for your instances as they use Compute Engine VMs
That's not true, you can't have static IP for GAE Flex
That's not true, you can't have static IP for GAE Flex
Description
I am running my app on Google App engine and I have linked my domain which I bought from GoDaddy to the app engine along with the SSL which I have also bought from GoDaddy.
I read it on many sites that running server on port 80 without Reverse Proxy can cause you major security issues. But I can't see which of these issues are they talking about. Also as I am running my app on port 5555 i even tried to ping my domain and the IP was 216.239.XX.21 where X possible values can be (32, 34, 36 and 38) which is same for all other App Engine server. So I think that as if any hacker/malicious user tries to do something malicious to my app then in order to do that he/she have to know my IP which App Engine is hiding by default.
So, I want to know as App Engine is already hiding my IP so do I have to use any Reverse Proxy Server like Nginx on my App Engine or not ??
Also if I need to use Reverse Proxy then I saw these two posts nginx-as-reverse-proxy-for-google-app-engine-application and using-nginx-as-a-reverse-proxy-for-speedy-app-engine-development/.
Where in First Post it is not recommended to use Reverse Proxy whereas in Second Post it is recommended to use Reverse Proxy. Thats'y i am confused which would be better approach.
Please Help Me Guys.