(See bottom of post for video explanation)
Connecting Google Cloud Run to Cloud Flare with a Proxy caused me HTTPS redirect issues. Luckily there is a way round this.
This guide details the necessary steps for establishing your domain connection and ensuring it operates securely with SSL/TLS certification.
Step 1: Accessing Google Cloud Run for Domain Mapping
Begin by navigating to the Cloud Run console. Locate the Manage Custom Domains section. Here, you must verify your domain's ownership.
Mapping Your Domain
Link your domain to the Google Cloud Run service. The console provides on-screen prompts to simplify this task. Upon mapping, you'll receive DNS records needed for the subsequent steps. The type of DNS record needed here is typically an "A" record, although these steps are the same for CNAME records etc.
Step 2: Configuring DNS with Cloudflare
If you're leveraging Cloudflare, you must manage your DNS settings there to ensure the domain points to your Cloud Run service accurately.
Adding a New DNS Record
- Login to Cloudflare: Select the domain you want to manage.
- Access the DNS section: Create a new DNS record.
- Record Type: Choose "A" record.
- Hostname: Use root ("@"). (root is for no subdomain, if you want to map a subdomain then enter it here rather than "@")
- IP Address: Input the IP address from the Cloud Run mapping step.
Understanding Proxy Status
This step is important for Cloudflare to work with Cloud Run. Cloudflare's proxy provides caching and DDOS protection as well as some other security benefits, but needs to be disabled temporarily for now. Disable the proxy and set to DNS only for now.
Step 3: Setting TTL and Await SSL/TLS Certification
Post-mapping your DNS record, it's useful to manage your TTL setting, which dictates how quickly DNS updates propagate. A temporary TTL of 1 minute here should be set.
Step 4: Adjusting SSL/TLS Settings in Cloudflare
- Set SSL to Off (Not Secure) temporarily in Cloudflare.
- Adjust Edge Certificate settings: Disable automatic HTTPS rewrites for initial setup to ensure certification.
Once DNS settings are in place, certificate provisioning activates. This might seem slow and likely you will see a small grey loader next to your mapping in Cloud Run.
If settings are correct, provisioning should complete within 10 to 20 minutes. Delays aren't unusual, so allow sufficient time before further interventions or troubleshooting.
Step 5: Verifying DNS Propagation and Updates
To check things are moving along you can confirm DNS propagation using terminal commands or online visual tools. For terminal users, watch dig yourdomain.com shows real-time DNS updates worldwide.
Monitoring DNS Records
Compare global IP propagation against your hosting service-provided IP (example: 216.x.x.x). Propagation times vary, so allow multiple checks to ensure accuracy.
Alternatively you can just wait for the green tick to appear next to your domain mapping in the Google Cloud Run domain mapping console.
Recap
So far we have covered initial steps such as pointing a domain name to Cloudflare with DNS-only settings and securing a https certificate. Now we will update these configurations to turn on the proxy and take advantage of DDOS protection and cached content delivery.
Step 6 Configuring CNAME and Adjusting Proxy Settings
In Cloudflare choose your domain and click on DNS, then Records, then:
- Delete Existing DNS Record: This step we delete our old A record which allows us to prepare for the new setup.
- Add New Records: - Create a CNAME Record: Direct this to your root domain:
- Record Type: CNAME
- Name: @
-
Target:
ghs.googlehosted.com- Enable Proxy Status: Turn this "on".
Step 6 Re-Adjusting SSL/TLS Settings
-
SSL/TLS Configuration:
- Change from "Off" to "Full".
- Save Changes
Finalizing DNS Configuration and Leveraging Cloudflare's Full Suite
Following completion of CNAME and SSL configurations, a brief waiting period for DNS propagation will be needed. Once completed, you should expect to be able to visit your domain successfully with no HTTPS redirect issues, and you should now have full access to cache and DDOS protection controls in your Cloudflare console.
Shoutout to Adnan Hodzic for coming up with the original solution. You can checkout his videos here detailing the process:
https://www.youtube.com/watch?v=b0iBHDHOb3Y&list=PL83G0TLSeXREwjHDZPsV_34azAmniL81V&index=9&t=1s
https://www.youtube.com/watch?v=CLOCCFT8rRo&list=PL83G0TLSeXREwjHDZPsV_34azAmniL81V
Top comments (0)