Enabling SSL/TLS for your Google App Engine production environment can be done
trivially. Nevertheless, some circumstances require that your local development
server also use SSL/TLS. Since the local development server provided by the
Google Cloud SDK, dev_appserver.py, does not come with SSL/TLS out of the
box, some configuration is required to accomplish this.
In Production
Employing SSL/TLS in production is relatively straightforward. From the Google Cloud Platform documentation:
If you want to use native Python SSL, you must enable it by specifying
sslfor thelibrariesconfiguration in your application’sapp.yaml.
app.yaml
libraries:
- name: ssl
version: latest
For Local Development
Using SSL/TLS with the local development server, dev_appserver.py, is
slightly more involved. This solution requires two interventions:
- Set up a reverse proxy server in front of the local development server to proxy SSL traffic to the server.
- Patching the
requestsPython library so that thedev_appserver.pycan initiate outbound requests over HTTPS.
Step 1: Set up a reverse proxy server
To solve this, I configured an NGINX server to act as a reverse proxy for SSL traffic. The walkthrough for accomplishing this on macOS can be found here.
Step 2: Patch the requests Python library
To use requests, you’ll need to install both requests and
requests-toolbelt. Once installed, use the
requests_toolbelt.adapters.appengine module to configure requests to use
URLFetch:
import requests
import requests_toolbelt.adapters.appengine
# Use the App Engine Requests adapter. This makes sure that Requests uses
# URLFetch.
requests_toolbelt.adapters.appengine.monkeypatch()
To issue an HTTPS request, set the validate_certificate parameter to true
when calling the urlfetch.fetch() method. This is handled transparently in
requests-toolbelt
here.1
This file has long since been removed. ↩︎