Force app on google app engine to use https

Posted on Tue 21 August 2018 in Tutorials • 1 min read

Now it is very important that all websites use the secure HTTPS protocol, especially since google began to warn that the pages are not safe in chrome.

If you are using Google app engine to deploy your website, there is a parameter at app.yaml the force and redirect all traffic to HTTPS

The first thing to do is generate the SSL certificates and then add these parameters to your app.yaml

- url: /.*
  secure: always
  redirect_http_response_code: 301
  script: auto

Keep in mind that if you are using a custom runtime, now it is deprecated, and must delegate the task of redirect to secure protocol to the runtime.

For example, if you are using nginx, running inside a container, you can instruct nginx with this code.

server {
        # Google App Engine expects the runtime to serve HTTP traffic from
        # port 8080.
        listen 8080;
        root /usr/share/nginx/www;
        index index.html index.htm;
        if ($http_x_forwarded_proto != "https") {
            return 301 https://$host$request_uri;