Hello Garth, The stated purpose of your attempt to connect via Cloudflare is: "I can have DDoS protection and SSL". It may be the moment to stress the fact that these features are offered by the App Engine already.
Cloudflare's Flexible SSL mode encrypts traffic from browsers to CloudFlare, but no traffic from CloudFlare to a site's origin server. Quoting from Cloudflare's SSL FAQ <https://support.cloudflare.com/hc/en-us/articles/204144518-SSL-FAQ>: "*What does flex and full SSL mean?* - *Flexible SSL:* - SSL is terminated at the Cloudflare edge servers. Everything between your client and Cloudflare is encrypted, but between Cloudflare and your origin server is not encrypted." More detail from "Using Custom Domains and SSL <https://cloud.google.com/appengine/docs/standard/python/using-custom-domains-and-ssl#app_engine_support_for_ssl_certificates> ": *"App Engine supports the following certificate types:* *Single Domain/Hostname* *Self-signed* *Wildcard* *Subject Alternative Name (SAN) / Multi Domain* *It requires some things of your certificates and keys:* *Private Key and Certificate should be uploaded in PEM format.* *Private Keys must not be encrypted.* *A certificate file can contain at most five certificates; this number includes chained and intermediate certificates.* *All subject names on the host certificate should match or be subdomains of the user's verified domains.* *Private keys must use RSA encryption.* *Maximum allowed key modulus: 2048 bits* *If the host certificate requires an intermediate or chained certificate (as many Certificate Authorities (CAs) issue), you will need to append the intermediate or chained certificates to the end of the public certificate file.* *Some App Engine features use special subdomains. For example, an application can use subdomains to address application services, or to address different versions of your application. To use these with SSL, it makes sense to set up a SAN or wildcard certificate. Wildcard certificates only support one level of subdomain."* In your SAN or wildcard certificate you should take care of the mygame.xyz and www.mygame.xyz. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/8c346415-047d-44fc-871a-48795f740f50%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
