How can I set up an SSL configuration in Namecheap for Angular deployed on GitHub Pages and Django deployed on App Engine

Question

I am deploying my system, Angular frontend using GitHub and the whole backend in the Google Cloud Platform - App Engine, SQL, Elasticsearch etc. Https seems to be working properly between website and the client as I have checked in the GitHub settings Enforce HTTPS. However I am not sure whether I do a correct configuration between Angular app and my Django API which is deployed in the App Engine. Can anyone take a look at the configuration and confirm that everything is done correctly? I would like to do everything as safely as possible. User portal should be accessible from example.com and www.example.com and the Django API on App Engine from api.example.com and www.api.example.com. Besides, maybe you have any additional safety tips or advices on what else I could do to increase protection?

Namecheap:

Google App Engine:

UPDATE

UPDATE with the configuration of backend and frontend deployed on Google App Engine

dispatch.yaml:

dispatch:

  - url: "api.example.com/"
    service: backend-service

  - url: "www.api.example.com/"
    service: backend-service

  - url: "api.example.com/*"
    service: backend-service

  - url: "www.api.example.com/*"
    service: backend-service

  - url: "*/*"
    service: frontend-service

question from:https://stackoverflow.com/questions/65829126/how-can-i-set-up-an-ssl-configuration-in-namecheap-for-angular-deployed-on-githu

Answer 1

Your configuration looks fine but, I don't understand why www and naked domain are registered on custom domains for app engine, according your description the frontend will work with Github.

Also the * in the Name cheap records is not great idea, you can change this to only for the app engine domains www.api and api

Other security recommendation is to enable CORS on your django application, to prevent that unauthorized domains call your api.