Created
October 9, 2020 08:19
-
-
Save mikesparr/27df06d4d8eba2ba603b6712c11c23d0 to your computer and use it in GitHub Desktop.
Google App Engine demo script adding custom SSL policies to custom domain
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# https://cloud.google.com/appengine/docs/standard/python3/quickstart | |
export PROJECT_ID="mike-gae-custom-tls" | |
export PROJECT_USER=$(gcloud config get-value core/account) # set current user | |
export PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format="value(projectNumber)") | |
export GAE_SA="${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com" | |
export POLICY_NAME="pci-policy" | |
# enable apis | |
gcloud services enable compute.googleapis.com \ | |
cloudbuild.googleapis.com | |
# create App Engine app | |
gcloud app create --project=$PROJECT_ID # us-central (without the 1) | |
# add permission for cloud build to view storage objects | |
gcloud projects add-iam-policy-binding $PROJECT_ID \ | |
--member="serviceAccount:${GAE_SA}" \ | |
--role="roles/storage.objectViewer" | |
########################################### | |
# Mac users | |
# brew install python | |
# alias python=/usr/local/bin/python3 (add to .zshrc or bash) | |
# python -m pip install --upgrade pip | |
# export PYTHONPATH=/Users/mike/Documents/Teach/app-engine-custom-tls/venv/lib/python3.8/site-packages | |
########################################### | |
# verify Python 3.x.x and Pip 20.x.x | |
python --version | |
pip --version | |
# install components | |
gcloud components install app-engine-python | |
# setup virtual environment | |
python3 -m venv venv | |
source venv/bin/activate | |
# deactivate (when done) | |
# download hello world app | |
git clone https://github.com/GoogleCloudPlatform/python-docs-samples | |
cd python-docs-samples/appengine/standard_python3/hello_world | |
# install dependencies | |
pip install -r requirements.txt | |
# test app | |
# python main.py | |
# visit http://localhost:8080 | |
# CTRL+C | |
# deploy app to App Engine | |
gcloud app deploy | |
# view it | |
gcloud app browse | |
# create custom SSL policy | |
gcloud compute ssl-policies create $POLICY_NAME \ | |
--profile CUSTOM --min-tls-version 1.2 \ | |
--custom-features "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" | |
# create custom domain | |
# generate managed cert | |
# apply ssl policy to custom domain / app | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment