0

When using a custom domain with a Google generated security certificate, how do I get http requests to redirect to the https?

I tried setting the Django property SECURE_SSL_REDIRECT to True in settings, but that didn't work.

Edit: Yes, this question already exists, but the solution only works with Python2.

SOLUTION: For my purposes, the solution was simply to switch from the Appengine Flexible environment to the Appengine Standard environment. I solved my SSL issues with the following app.yaml.

runtime: python37 entrypoint: gunicorn -b :$PORT <django-project-name>.wsgi handlers: - url: /.* secure: always redirect_http_response_code: 301 script: auto beta_settings: cloud_sql_instances: "<project-id>:<region>:<cloud-sql-instance>"
Improve this question

1 Answer 1

Reset to default
3

After a bit of guess and check, I stumbled onto a solution.

Don't use the SECURE_SSL_REDIRECT Django setting. Instead, update your app.yaml to include secure:always, but also ensure that the entrypoint is set, url is set to /.*, and script is set to auto.

Despite Google documentation explicitly saying that the handlers section is deprecated, testing app deploys with and without the handlers section reveal that, as of today, GAE does reference the handlers section of the app.yaml.

Edit: Found this that clearly shows handlers in Python 3.7 app.yaml - https://cloud.google.com/appengine/docs/standard/python3/config/appref#handlers_element

app.yaml

runtime: python env: flex entrypoint: gunicorn -b :$PORT <projectid>.wsgi handlers: - url: /.* secure: always script: auto beta_settings: cloud_sql_instances: "<projectid>:<dbregion>:<dbinstance>" runtime_config: python_version: 3

After having more issues, despite the documentation saying handlers would work, I have switched to the Appengine Standard environment, and it is working perfectly.

runtime: python37 entrypoint: gunicorn -b :$PORT <django-project-name>.wsgi handlers: - url: /.* secure: always redirect_http_response_code: 301 script: auto beta_settings: cloud_sql_instances: "<project-id>:<region>:<cloud-sql-instance>"
Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

handlers aren't (supposed to be) working in flex env, see stackoverflow.com/questions/50654961/….
This is my currently working app.yaml, so I'd say it is working.
You may be doing it from your app, see stackoverflow.com/questions/41944776/… (and that's from a Google guy)
Okay, I see what you're saying, but I completely removed the django setting to redirect to secure. The only change between my working commit and my non-working commit is the handlers: -url: /.* secure: always script: auto
I just commented the handlers section out completely and ran gcloud app deploy. Then on a different machine that I haven't accessed the site on, I checked the appspot URL and the custom domain - both say "Not Secure" in the address bar. I uncommented the handlers section deployed again, checked from a third computer, and both now automatically to to https. With this testing, I'm confident that GAE Python 3 Flex is referencing secure:always from the app.yaml.
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.