I have two apps, one is a full stack spring boot app serving Angular files running on a VM, and the second one is app to deploy a spring boot client to the AppEngine environment. The second one is managed by Google.
If I goto http://44.99.88.66
then, in the network tab, all files needed for the Angular UI to render, including the index.html, is returned back successfully and the app is working as designed.
For example, one of the file listed in index.html is runtime.a1f14f474125f28b.js
Request URL: http://44.99.88.66/runtime.a1f14f474125f28b.js
Request Method: GET
Status Code: 200 OK
Direct access to the app running on the VM is successful. No issues here.
This is a proxy spring boot app that was deployed to app engine successfully. The intent behind the proxy is to serve files from the VM instance listed above. Essentially it will act as a frontend to the backend app.
The proxy server configuration is like this:
public class SolrProxyServletConfiguration implements EnvironmentAware {
@Bean
public ServletRegistrationBean servletRegistrationBean() {
org.mitre.dsmiley.httpproxy.ProxyServlet proxy = new org.mitre.dsmiley.httpproxy.ProxyServlet();
ServletRegistrationBean servletRegistrationBean = new ServletRegistrationBean((Servlet) proxy);
servletRegistrationBean.addInitParameter(proxy.P_TARGET_URI, "http://44.99.88.66");
servletRegistrationBean.addInitParameter(proxy.P_LOG,"true");
servletRegistrationBean.addUrlMappings("/*");
return servletRegistrationBean;
See Apache http proxy server details here
<dependency>
<groupId>org.mitre.dsmiley.httpproxy</groupId>
<artifactId>smiley-http-proxy-servlet</artifactId>
<version>2.0</version>
</dependency>
This proxy server works, some of the files are served but NOT all. Maybe firewall configuration issue?
Now, from cloud shell, when I run the command mvn -DskipTests spring-boot:run
and then preview port 8080 on localhost, and look at network tab,
I can verify index.html was returned back by the VM successfully. This index.html needs runtime js file and few other files.
Request URL: https://8080-cs-850933564101-default.cs-us-west1-wolo.cloudshell.dev/runtime.a1f14f474125f28b.js
Request Method: GET
Status Code: 403 Forbidden
I get 403 for this file, after this app is deployed also.
And when I deploy the app by running the command mvn -DskipTests package appengine:deploy
and then go to the URL for the App engine https://<MY-PROJECT_NAME>.uw.r.appspot.com, then index.html is returned successfully to the browser.
However, the runtime js file is not returned and the error is 403 again. I can reproduce this issue by running Springboot run command on localhost and/or deploy it to the Appengine to reproduce it there.
Request URL: https://<MY-PROJECT_NAME>.uw.r.appspot.com/runtime.a1f14f474125f28b.js
Request Method: GET
Status Code: 403 Forbidden
When I look at the log files in the VM box, the VM box does return the runtime js file successfully.
Also, there is another file script js file and that is served successfully like so:
Request URL: https://<MY-PROJECT_NAME>.uw.r.appspot.com/scripts.637b95686c28d236.js
Request Method: GET
Status Code: 200 OK
So, one file (script js) is served successfully back to the browser, but NOT the other (runtime js).
File permission for both the files script js and runtime js is -rw-r--r--
I am wondering if this is a firewall configuration issue? Some files are returned but not all.
I got a success response when I test health endpoint, https://<MY-PROJECT_NAME>.uw.r.appspot.com/health
the response is Health check successful
. So, one end point is working correctly, however, the endpoint to render the Angular UI app is returning some files and for some them browser sees 403.
Please let me know, if more information is needed or if I can engage professional service to fix this issue where a proxy server is not able to return a file?
Thanks and regards, Ganesh
When you encounter a 403 Forbidden error, it may be due to a firewall configuration or the way your App Engine configuration file is set up.
(1) Try to check the firewall settings by navigating to your App Engine’s Firewall UI. Use Test IP Address to verify that the settings are correct and if the external IP would be allowed by the existing firewall rules.
(2) Check your app’s configuration files, specifically the app.yaml
file, to see and check if the runtime.js
file is correctly declared as static_files and not mistakenly marked as an application code file.
You can also check this StackOverflow post, which I think might be related to your concern but it offers a different workaround.
If above doesn’t not work and if you have a support package, I would recommend you getting help through reaching out to Google Cloud Support for a more in-depth analysis of your issue or you can just open an issue report on Google’s App Engine public issue tracker but please note that they won’t be able to provide a specific timeline for when the issue will be resolved.