Hi Thanks for your reply! I know about the various options of SSL at Cloudflare. I will use full (strict) which means SSL all the way to my server and back to the user. I will not use flexible. Google's DDoS protection is just blacklisting while Cloudflare offers real protection.
For the cert, I did take care of mygame.xyz and www.mygame.xyz (one of the many combos I tried) but still no luck. What else could it be? On Wednesday, May 31, 2017 at 10:04:37 PM UTC+2, George (Cloud Platform Support) wrote: > > Hello Garth, > > The stated purpose of your attempt to connect via Cloudflare is: "I can > have DDoS protection and SSL". It may be the moment to stress the fact that > these features are offered by the App Engine already. > > Cloudflare's Flexible SSL mode encrypts traffic from browsers to > CloudFlare, but no traffic from CloudFlare to a site's origin server. > Quoting from Cloudflare's SSL FAQ > <https://support.cloudflare.com/hc/en-us/articles/204144518-SSL-FAQ>: > > "*What does flex and full SSL mean?* > > - *Flexible SSL:* > - SSL is terminated at the Cloudflare edge servers. Everything > between your client and Cloudflare is encrypted, but between Cloudflare > and > your origin server is not encrypted." > > > More detail from "Using Custom Domains and SSL > <https://cloud.google.com/appengine/docs/standard/python/using-custom-domains-and-ssl#app_engine_support_for_ssl_certificates> > ": > > *"App Engine supports the following certificate types:* > > *Single Domain/Hostname* > *Self-signed* > *Wildcard* > *Subject Alternative Name (SAN) / Multi Domain* > *It requires some things of your certificates and keys:* > > *Private Key and Certificate should be uploaded in PEM format.* > *Private Keys must not be encrypted.* > *A certificate file can contain at most five certificates; this number > includes chained and intermediate certificates.* > *All subject names on the host certificate should match or be subdomains > of the user's verified domains.* > *Private keys must use RSA encryption.* > *Maximum allowed key modulus: 2048 bits* > *If the host certificate requires an intermediate or chained certificate > (as many Certificate Authorities (CAs) issue), you will need to append the > intermediate or chained certificates to the end of the public certificate > file.* > > *Some App Engine features use special subdomains. For example, an > application can use subdomains to address application services, or to > address different versions of your application. To use these with SSL, it > makes sense to set up a SAN or wildcard certificate. Wildcard certificates > only support one level of subdomain."* > > In your SAN or wildcard certificate you should take care of the mygame.xyz > and www.mygame.xyz. > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/8bf6a313-9cf3-4f17-a4d4-c9e84d30c253%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
