Google App Engine-将HTTP重定向到HTTPS [英] Google App Engine - Redirect HTTP to HTTPS
问题描述
我是App Engine的新手,我正在尝试对其进行设置,以使所有http请求都重定向到https.
我的app.yaml文件如下所示.我有脚本:那里没有脚本,因为如果那里没有脚本,我会遇到一些解析错误,但这不是问题所在.
env: flex
runtime: nodejs
handlers:
- url: /.*
script: None
secure: always
因此,现在,如果我转到http://://mysite.org,它将停留在http版本上,并且在网址栏中仅显示"mysite.net".如果我转到https://://mysite.org,它将显示安全版本.如果我转到google给我的appspot网址,则将http重定向到https版本就可以了. app.yaml中缺少什么吗?这不是在自定义运行时中
使用 helmet ,app.yaml中handlers下handlers下的secure设置在Google App Engine最新版本中被描述.
https://helmetjs.github.io/docs/hsts/
https://expressjs.com/en/advanced/best-practice -security.html
// Forcing HTTPS connections on Gooogle App Engine Flexible Environment sample app.js
'use strict';
const express = require('express');
const helmet = require('helmet');
const app = express();
const port = process.env.PORT || 8080;
app.disable('x-powered-by');
app.enable('trust proxy');
app.use(helmet.hsts({
maxAge: 31536000,
includeSubDomains: true,
preload: true,
setIf: function (req, res) {
return req.secure;
}
}));
app.get('/', (req, res) => {
if (!req.secure) {
res.redirect(301, "https://" + req.headers.host + req.originalUrl);
}
res.status(200).send("hello, world\n").end();
});
app.listen(port, () => {
console.log(`App listening on port ${port}`);
console.log('Press Ctrl+C to quit.');
});
升级到App Engine最新版本
对于App Engine灵活环境,现在不建议使用
handlers下的secure设置.如果需要SSL重定向,则可以更新应用程序代码并使用X-Forwarded-Proto标头重定向http流量.
https://cloud.google.com/appengine/docs /flexible/php/upgrading#appyaml_changes
强制HTTPS连接
出于安全原因,所有应用程序都应鼓励客户端通过https连接.您可以使用Strict-Transport-Security标头来指示浏览器在给定页面或整个域中使用HTTP而不是HTTP来使用https,例如:
Strict-Transport-Security: max-age=31536000; includeSubDomains
https://cloud.google.com /appengine/docs/flexible/php/how-requests-are-handled
HTTPS和转发代理
对于Express.js,请使用信任代理设置
app.set('trust proxy', true);
https://cloud.google.com/appengine/docs /flexible/nodejs/runtime#https_and_forwarding_proxies
I'm new to app engine and I'm trying to set it up so that any http requests get redirected to https.
My app.yaml file looks like this. I have script: None in there because if I don't have it there I get some parsing error, but that's not the problem.
env: flex
runtime: nodejs
handlers:
- url: /.*
script: None
secure: always
So right now, if I go to http :// mysite.org it stays on the http version and just shows 'mysite.net' in the url bar. If I go to https :// mysite.org it shows the secured version. If I go to the appspot url that google gave me, the http redirects to the https version just fine. Is there something I'm missing in the app.yaml? This isnt in a custom runtime
Use helmet, secure setting under handlers in app.yaml is depricated in the Google App Engine Latest Release.
https://helmetjs.github.io/docs/hsts/
https://expressjs.com/en/advanced/best-practice-security.html
// Forcing HTTPS connections on Gooogle App Engine Flexible Environment sample app.js
'use strict';
const express = require('express');
const helmet = require('helmet');
const app = express();
const port = process.env.PORT || 8080;
app.disable('x-powered-by');
app.enable('trust proxy');
app.use(helmet.hsts({
maxAge: 31536000,
includeSubDomains: true,
preload: true,
setIf: function (req, res) {
return req.secure;
}
}));
app.get('/', (req, res) => {
if (!req.secure) {
res.redirect(301, "https://" + req.headers.host + req.originalUrl);
}
res.status(200).send("hello, world\n").end();
});
app.listen(port, () => {
console.log(`App listening on port ${port}`);
console.log('Press Ctrl+C to quit.');
});
Upgrading to the App Engine Latest Release
The
securesetting underhandlersis now deprecated for the App Engine flexible environment. If you need SSL redirection, you can update your application code and use theX-Forwarded-Protoheader to redirecthttptraffic.
https://cloud.google.com/appengine/docs/flexible/php/upgrading#appyaml_changes
Forcing HTTPS connections
For security reasons, all applications should encourage clients to connect over https. You can use the Strict-Transport-Security header to instruct the browser to prefer https over http for a given page or an entire domain, for example:
Strict-Transport-Security: max-age=31536000; includeSubDomains
https://cloud.google.com/appengine/docs/flexible/php/how-requests-are-handled
HTTPS and forwarding proxies
With Express.js, use the trust proxy setting
app.set('trust proxy', true);
https://cloud.google.com/appengine/docs/flexible/nodejs/runtime#https_and_forwarding_proxies
这篇关于Google App Engine-将HTTP重定向到HTTPS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
