secure: always still works in all standard environments, but the secure option has been deprecated in all flexible environments, see documentation here or here for Node.js.

If you need this feature in your current environment, the suggested solutions require changes to your application code. Either use the custom HTTP header X-Forwarded-Proto to redirect the HTTP traffic to HTTPS, or use the HTTP Strict Transport Security response header.

Have you tried setting secure: always in your handlers in your app.yaml?

handlers:
- url: /youraccount/.*
  script: accounts.app
  login: required
  secure: always

always

Requests for a URL that match this handler that do not use HTTPS are automatically redirected to the HTTPS URL with the same path. Query parameters are preserved for the redirect

https://cloud.google.com/appengine/docs/standard/python/config/appref#handlers_element

Alex's answer (see comments) put me on the right path.

First meteor add gadicohen:headers to add headers info.

In my router logic (Iron Router on Meteor) in a before hook, I check if the x-forwarded-proto is http. If so, replace http with https and go to that URL instead. I make sure I'm not on localhost too, so that I can develop the site

Router.onBeforeAction(function () {
    <some other logic>
    // Redirect http to https
    if (headers.get('x-forwarded-host') !== "localhost:3000") {
        if (headers.get('x-forwarded-proto') === "http") {
            window.location = window.location.href.replace('http', 'https')
        }
    }
});

Not sure what backend language you are using, but you can brute-force to ssl by checking the request header then redirecting. Example:

if request.environ.get('HTTPS') == 'off':
    return redirect('https://www.example.com' + request.environ.get('PATH_INFO'), 301)