So far, this is what we have found out when choosing the origin host of our CDN (Fastly):
- myapp.appspot.com: Supports TLS but requires the Host HTTP header to be exactly "myapp.appspot.com". Therefore, the Host header needs to be overridden. - ghs.googlehosted.com: Does not support TLS, but accepts any Host HTTP header, so you can use any of your App Engine custom domains. @Ben, thanks for the answer! We will follow this approach, too, but we will need to send an extra header (for example, X-Host) in order to convey the actual site requested. Otherwise, the GAE app has no way of knowing what is the requested site since the Host header needs to be hardcoded to " myapp.appspot.com". Our GAE app hosts several sites with slightly different content. @George, not sure if I understand what you are saying. I believe your instructions are geared towards Compute Engine, where you need to configure the load balancer. AFAIK, GAE abstracts this from us, so we have no way of dealing with the load balancer. On Tuesday, May 15, 2018 at 1:57:16 PM UTC+2, Alex G wrote: > > We are currently using Fastly as our CDN that reads from the origin App > Engine Flexible (GAE) app. When trying to enable a TLS connection between > Fastly and GAE, we have noticed that ghs.googlehosted.com does not > support TLS. We have also tried using myapp.appspot.com as the origin, > but a 404 is returned. It seems related to the *Host* HTTP header, which > is not supported in this case. > > Is there any alternative to ghs.googlehosted.com that we could use that > supports TLS? > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/c6e3c216-203e-42e9-96eb-986e5aa88df3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
