Just another update here. I've realized that I was missing an SNI in the Fastly request to the origin.
You can test this with the following command (ensure your *curl* is up to date): curl --resolve ghs.googlehosted.com:443:mydomainA.com https://mydomainB.com/ -v -I Basically, if there is a valid certificate for mydomainA.com on App Engine (which should be automatic <https://cloudplatform.googleblog.com/2017/09/introducing-managed-SSL-for-Google-App-Engine.html>), then you can do a request to https://mydomainB.com/. On Tuesday, May 15, 2018 at 1:57:16 PM UTC+2, Alex G wrote: > > We are currently using Fastly as our CDN that reads from the origin App > Engine Flexible (GAE) app. When trying to enable a TLS connection between > Fastly and GAE, we have noticed that ghs.googlehosted.com does not > support TLS. We have also tried using myapp.appspot.com as the origin, > but a 404 is returned. It seems related to the *Host* HTTP header, which > is not supported in this case. > > Is there any alternative to ghs.googlehosted.com that we could use that > supports TLS? > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/a174863d-099a-49b1-a32e-779c95f059e6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
