diff --git a/content/docs/tech-resources/deep-links-self-serve.md b/content/docs/tech-resources/deep-links-self-serve.md index 34070cbe3..81f6018df 100644 --- a/content/docs/tech-resources/deep-links-self-serve.md +++ b/content/docs/tech-resources/deep-links-self-serve.md @@ -1,5 +1,5 @@ --- -lastUpdated: "02/24/2021" +lastUpdated: "09/30/2023" title: "Using Mobile Universal and App Links with SparkPost" description: "A guide to including iOS universal links and Android App Links in your SparkPost-delivered email" --- @@ -444,20 +444,20 @@ To get Android to [auto-verify](#auto-verify) your app's domains (skipping the u # ServerName yourtrackingdomain.example.com - ProxyPass "/f/" "http://spgo.io/f/" - ProxyPassReverse "/f/" "http://spgo.io/f/" - ProxyPass "/q/" "http://spgo.io/q/" - ProxyPassReverse "/q/" "http://spgo.io/q/" + ProxyPass "/f/" "https://spgo.io/f/" disablereuse=On + ProxyPassReverse "/f/" "https://spgo.io/f/" + ProxyPass "/q/" "https://spgo.io/q/" disablereuse=On + ProxyPassReverse "/q/" "https://spgo.io/q/" Alias "/.well-known" "/var/www/html/securetrack/.well-known" ServerName yourtrackingdomain.example.com - ProxyPass "/f/" "http://spgo.io/f/" - ProxyPassReverse "/f/" "http://spgo.io/f/" - ProxyPass "/q/" "http://spgo.io/q/" - ProxyPassReverse "/q/" "http://spgo.io/q/" + ProxyPass "/f/" "https://spgo.io/f/" disablereuse=On + ProxyPassReverse "/f/" "https://spgo.io/f/" + ProxyPass "/q/" "https://spgo.io/q/" disablereuse=On + ProxyPassReverse "/q/" "https://spgo.io/q/" Alias "/.well-known" "/var/www/html/securetrack/.well-known" @@ -488,6 +488,8 @@ To check your files are served correctly and Android auto-verify is working - se 1. Add `location` blocks to your config to declare the spec files on your tracking domain, which will allow Android to [auto-verify](#android-testing-auto-verify). Here is a complete example, including the engagement-tracking `proxy-pass` block done in step 1. ``` + resolver 10.0.0.2 valid=10s; + server { listen 80; listen 443 ssl http2; @@ -513,7 +515,9 @@ To check your files are served correctly and Android auto-verify is working - se # pass all other requests through to SparkPost engagement tracking location / { - proxy_pass https://spgo.io; + set $backend "spgo.io"; + proxy_pass https://$backend; + proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; # pass the client IP to the open & click tracker server_tokens off; # suppress NGINX giving version/OS information on error pages } diff --git a/content/docs/tech-resources/enabling-https-engagement-tracking-on-sparkpost.md b/content/docs/tech-resources/enabling-https-engagement-tracking-on-sparkpost.md index ccf40a148..334265326 100644 --- a/content/docs/tech-resources/enabling-https-engagement-tracking-on-sparkpost.md +++ b/content/docs/tech-resources/enabling-https-engagement-tracking-on-sparkpost.md @@ -1,5 +1,5 @@ --- -lastUpdated: "07/10/2023" +lastUpdated: "09/27/2023" title: "Enabling HTTPS Engagement Tracking on SparkPost" description: "SparkPost supports HTTPS engagement tracking for customers via self-service for all SparkPost customers. To enable SSL engagement tracking for a domain, additional configuration for SSL keys is required." --- @@ -37,7 +37,7 @@ This document includes step by step guides for the following CDNs. * (Cloudflare certificates are auto-issued) * AWS CloudFront: * [Create a Domain](#step-by-step-guide-with-aws-cloudfront) - * [Issue a Certificate](#using-aws-certificate-manager-acm-to-issue-a-certificate-for-your-domains) + * [Issue a Certificate](#using-aws-certificate-manager-acm-to-issue-a-certificate-for-your-domain) * Fastly: * [Create a Domain](#step-by-step-guide-with-fastly) * [Issue a Certificate](#issue-a-certificate-with-fastly) @@ -181,6 +181,8 @@ For up to date information on creating a distribution via CloudFront, please ref * Optionally, change the name (you can leave this at default). + * Under "Add custom header", click "Add header". Enter `X-Forwarded-Host` as the header name and your custom tracking domain as the header value. + * Leave "Enable Origin Shield" disabled. * Skip the "Additional settings". @@ -246,14 +248,14 @@ For up to date information on creating a distribution via CloudFront, please ref * Enable forwarding of the `User-Agent` header. Type in `User-Agent` and click "Add". This allows `User-Agent` data to be present in your engagement events received from SparkPost. ![](media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache5.png) - - * Enable forwarding of the `Host` header. Type in `Host` and click "Add". This allows `Host` data to be present in your engagement events received from SparkPost. - ![](media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache6.png) + * Under "Query strings", select "Include the following query strings". - * Leave Query string and Cookies set to defaults (None). Your origin request settings should now look like this. + * Under "Add query string", enter `target`. - ![](media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache7.png) + * Leave Cookies set to default (None). Your origin request settings should now look like this. + + ![](media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache6.png) * Click "Create" (on first time) / "Save Changes" (if modifying). @@ -277,7 +279,7 @@ For up to date information on creating a distribution via CloudFront, please ref * Under "Custom SSL Certificate", select **Custom SSL Certificate** - Upload certificates as needed. - > If you want to have AWS create a new certificate within AWS instead of importing an existing one, click "Request certificate" and follow the steps [here](#using-aws-certificate-manager-acm-to-issue-a-certificate-for-your-domains) before continuing. + > If you want to have AWS create a new certificate within AWS instead of importing an existing one, click "Request certificate" and follow the steps [here](#using-aws-certificate-manager-acm-to-issue-a-certificate-for-your-domain) before continuing. * Leave the other settings at default / recommended values. @@ -285,7 +287,7 @@ For up to date information on creating a distribution via CloudFront, please ref ![](media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_created_new_dist.png) -1. Create, or update, a CNAME record with your DNS service to route queries for tracking domain(s) with your CloudFront distribution ID. This will be specific to your DNS service. +1. Create, or update, a CNAME record with your DNS service so that requests to your tracking domain are routed to your CloudFront distribution. This will be specific to your DNS service. * Get the "Domain Name" for your distribution from the Distributions page. You can use the square "copy" button. @@ -309,13 +311,13 @@ For up to date information on creating a distribution via CloudFront, please ref 1. Follow [these steps](#switch-tracking-domain-to-secure-and-validate) to update and verify your tracking domain. --- -### Using AWS Certificate Manager (ACM) to issue a certificate for your domain(s) +### Using AWS Certificate Manager (ACM) to issue a certificate for your domain -Once your CNAME is set up with your DNS provider, instead of providing an existing certificate, you can have AWS issue a certificate for your custom tracking domain(s). +Once your CNAME is set up with your DNS provider, instead of providing an existing certificate, you can have AWS issue a certificate for your custom tracking domain. 1. Navigate to the AWS Certificate Manager (ACM). Choose Request a Certificate, then select Request a public certificate. - Add your domain name(s), select Next. + Add your domain name, select Next. ![](media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_request_cert.png) @@ -323,7 +325,7 @@ Once your CNAME is set up with your DNS provider, instead of providing an existi ![](media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_request_cert2.png) -1. On your DNS provider, create the CNAME records that are used to by AWS to validate that these domain(s) are yours. +1. On your DNS provider, create the CNAME records that are used by AWS to validate that the domain is yours. ![](media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_validate_cert.png) @@ -337,7 +339,7 @@ Once your CNAME is set up with your DNS provider, instead of providing an existi ![](media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_edit.png) -1. Enter your domain names, select "Custom SSL certificate", and select from the drop-down list. +1. Enter your domain name, select "Custom SSL certificate", and select from the drop-down list. ![](media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_select_cert.png) diff --git a/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache6.png b/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache6.png index e25a7e095..68f62585f 100644 Binary files a/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache6.png and b/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache6.png differ diff --git a/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache7.png b/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache7.png deleted file mode 100644 index 89c77c735..000000000 Binary files a/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache7.png and /dev/null differ diff --git a/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_origin2.png b/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_origin2.png index cc7af8f8c..380170fb8 100644 Binary files a/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_origin2.png and b/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_origin2.png differ diff --git a/content/docs/tech-resources/using-proxy-https-tracking-domain.md b/content/docs/tech-resources/using-proxy-https-tracking-domain.md index 8e8483fe6..e95a790a4 100644 --- a/content/docs/tech-resources/using-proxy-https-tracking-domain.md +++ b/content/docs/tech-resources/using-proxy-https-tracking-domain.md @@ -1,5 +1,5 @@ --- -lastUpdated: "05/03/2023" +lastUpdated: "09/29/2023" title: "Using a Reverse Proxy for HTTPS Tracking Domain" description: "SparkPost supports HTTPS engagement tracking for customers via self-service for all SparkPost customers. To enable SSL engagement tracking for a domain, additional configuration for SSL keys is required. This resource outlines the use of a reverse proxy to host SSL certificates" --- @@ -56,18 +56,20 @@ On a Debian distribution, this command will install nginx with a sample configur Note: you must store `spgo.io` in a variable so that nginx re-resolves the domain when its TTL expires. You also have to include the `resolver` directive to explicitly specify a DNS server to resolve the hostname. By including the `valid` parameter to the directive, you can tell nginx to ignore the TTL and to re‑resolve names at a specified frequency. In the sample below, nginx re‑resolves names every 10 seconds. +Note: as shown in the sample configuration file below, you should forward the `Host` header so that SparkPost can identify the tracking domain used in a request. + ```apacheconf resolver 10.0.0.2 valid=10s; server { # simple reverse-proxy listen 80; - listen 443 ssl; server_name click.nddurant.com; # pass requests for dynamic content to rails/turbogears/zope, et al location / { set $backend "spgo.io"; proxy_pass https://$backend; + proxy_set_header Host $host; } } ``` @@ -234,6 +236,7 @@ server { # simple reverse-proxy location / { set $backend "spgo.io"; proxy_pass https://$backend; + proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; # pass the client IP to the open & click tracker server_tokens off; # suppress NGINX giving version/OS information on error pages } @@ -270,8 +273,8 @@ Add the following configuration (putting your own tracking domain into the `Serv ServerName yourtrackingdomain.example.com ServerPath "/" - ProxyPass "/" "http://spgo.io/" - ProxyPassReverse "/" "http://spgo.io/" + ProxyPass "/" "https://spgo.io/" disablereuse=On + ProxyPassReverse "/" "https://spgo.io/" ``` @@ -291,7 +294,7 @@ Create an additional port 443 proxy configuration as follows. Set the certifica SSLCertificateFile "/opt/apache2/conf/server.crt" SSLCertificateKeyFile "/opt/apache2/conf/server.key" ServerPath "/" - ProxyPass "/" "https://spgo.io/" + ProxyPass "/" "https://spgo.io/" disablereuse=On ProxyPassReverse "/" "https://spgo.io/" SSLProxyEngine on