Skip to content

Commit

Permalink
TR-4678 Update guides on setting up HTTPS ET
Browse files Browse the repository at this point in the history
  • Loading branch information
mtgray-sp committed Oct 1, 2023
1 parent 88ecf68 commit f24035a
Show file tree
Hide file tree
Showing 6 changed files with 43 additions and 29 deletions.
27 changes: 17 additions & 10 deletions content/docs/tech-resources/deep-links-self-serve.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
lastUpdated: "02/24/2021"
lastUpdated: "09/30/2023"
title: "Using Mobile Universal and App Links with SparkPost"
description: "A guide to including iOS universal links and Android App Links in your SparkPost-delivered email"
---
Expand Down Expand Up @@ -444,20 +444,23 @@ To get Android to [auto-verify](#auto-verify) your app's domains (skipping the u
#
<VirtualHost _default_:80>
ServerName yourtrackingdomain.example.com
ProxyPass "/f/" "http://spgo.io/f/"
ProxyPassReverse "/f/" "http://spgo.io/f/"
ProxyPass "/q/" "http://spgo.io/q/"
ProxyPassReverse "/q/" "http://spgo.io/q/"
# The backend IPs can change, so disablereuse=On is required
ProxyPass "/f/" "https://spgo.io/f/" disablereuse=On
ProxyPassReverse "/f/" "https://spgo.io/f/"
ProxyPass "/q/" "https://spgo.io/q/" disablereuse=On
ProxyPassReverse "/q/" "https://spgo.io/q/"
Alias "/.well-known" "/var/www/html/securetrack/.well-known"
SSLProxyEngine on
</VirtualHost>
<VirtualHost _default_:443>
ServerName yourtrackingdomain.example.com
ProxyPass "/f/" "http://spgo.io/f/"
ProxyPassReverse "/f/" "http://spgo.io/f/"
ProxyPass "/q/" "http://spgo.io/q/"
ProxyPassReverse "/q/" "http://spgo.io/q/"
ProxyPass "/f/" "https://spgo.io/f/" disablereuse=On
ProxyPassReverse "/f/" "https://spgo.io/f/"
ProxyPass "/q/" "https://spgo.io/q/" disablereuse=On
ProxyPassReverse "/q/" "https://spgo.io/q/"
Alias "/.well-known" "/var/www/html/securetrack/.well-known"
Expand Down Expand Up @@ -488,6 +491,8 @@ To check your files are served correctly and Android auto-verify is working - se
1. Add `location` blocks to your config to declare the spec files on your tracking domain, which will allow Android to [auto-verify](#android-testing-auto-verify). Here is a complete example, including the engagement-tracking `proxy-pass` block done in step 1.

```
resolver 10.0.0.2 valid=10s;
server {
listen 80;
listen 443 ssl http2;
Expand All @@ -513,7 +518,9 @@ To check your files are served correctly and Android auto-verify is working - se
# pass all other requests through to SparkPost engagement tracking
location / {
proxy_pass https://spgo.io;
set $backend "spgo.io";
proxy_pass https://$backend;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; # pass the client IP to the open & click tracker
server_tokens off; # suppress NGINX giving version/OS information on error pages
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
lastUpdated: "07/10/2023"
lastUpdated: "09/27/2023"
title: "Enabling HTTPS Engagement Tracking on SparkPost"
description: "SparkPost supports HTTPS engagement tracking for customers via self-service for all SparkPost customers. To enable SSL engagement tracking for a domain, additional configuration for SSL keys is required."
---
Expand Down Expand Up @@ -37,7 +37,7 @@ This document includes step by step guides for the following CDNs.
* (Cloudflare certificates are auto-issued)
* AWS CloudFront:
* [Create a Domain](#step-by-step-guide-with-aws-cloudfront)
* [Issue a Certificate](#using-aws-certificate-manager-acm-to-issue-a-certificate-for-your-domains)
* [Issue a Certificate](#using-aws-certificate-manager-acm-to-issue-a-certificate-for-your-domain)
* Fastly:
* [Create a Domain](#step-by-step-guide-with-fastly)
* [Issue a Certificate](#issue-a-certificate-with-fastly)
Expand Down Expand Up @@ -181,6 +181,8 @@ For up to date information on creating a distribution via CloudFront, please ref
* Optionally, change the name (you can leave this at default).
* Under "Add custom header", click "Add header". Enter `X-Forwarded-Host` as the header name and your custom tracking domain as the header value.
* Leave "Enable Origin Shield" disabled.
* Skip the "Additional settings".
Expand Down Expand Up @@ -246,14 +248,14 @@ For up to date information on creating a distribution via CloudFront, please ref
* Enable forwarding of the `User-Agent` header. Type in `User-Agent` and click "Add". This allows `User-Agent` data to be present in your engagement events received from SparkPost.
![](media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache5.png)
* Enable forwarding of the `Host` header. Type in `Host` and click "Add". This allows `Host` data to be present in your engagement events received from SparkPost.
![](media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache6.png)
* Under "Query strings", select "Include the following query strings".
* Leave Query string and Cookies set to defaults (None). Your origin request settings should now look like this.
* Under "Add query string", enter `target`.
![](media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache7.png)
* Leave Cookies set to default (None). Your origin request settings should now look like this.
![](media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache6.png)
* Click "Create" (on first time) / "Save Changes" (if modifying).
Expand All @@ -277,15 +279,15 @@ For up to date information on creating a distribution via CloudFront, please ref
* Under "Custom SSL Certificate", select **Custom SSL Certificate** - Upload certificates as needed.
> If you want to have AWS create a new certificate within AWS instead of importing an existing one, click "Request certificate" and follow the steps [here](#using-aws-certificate-manager-acm-to-issue-a-certificate-for-your-domains) before continuing.
> If you want to have AWS create a new certificate within AWS instead of importing an existing one, click "Request certificate" and follow the steps [here](#using-aws-certificate-manager-acm-to-issue-a-certificate-for-your-domain) before continuing.
* Leave the other settings at default / recommended values.
* At the bottom of the page, press **Create Distribution**. This returns you to the main CloudFront Distributions list.
![](media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_created_new_dist.png)
1. Create, or update, a CNAME record with your DNS service to route queries for tracking domain(s) with your CloudFront distribution ID. This will be specific to your DNS service.
1. Create, or update, a CNAME record with your DNS service so that requests to your tracking domain are routed to your CloudFront distribution. This will be specific to your DNS service.
* Get the "Domain Name" for your distribution from the Distributions page. You can use the square "copy" button.
Expand All @@ -309,21 +311,21 @@ For up to date information on creating a distribution via CloudFront, please ref
1. Follow [these steps](#switch-tracking-domain-to-secure-and-validate) to update and verify your tracking domain.
---
### Using AWS Certificate Manager (ACM) to issue a certificate for your domain(s)
### Using AWS Certificate Manager (ACM) to issue a certificate for your domain
Once your CNAME is set up with your DNS provider, instead of providing an existing certificate, you can have AWS issue a certificate for your custom tracking domain(s).
Once your CNAME is set up with your DNS provider, instead of providing an existing certificate, you can have AWS issue a certificate for your custom tracking domain.
1. Navigate to the AWS Certificate Manager (ACM). Choose Request a Certificate, then select Request a public certificate.
Add your domain name(s), select Next.
Add your domain name, select Next.
![](media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_request_cert.png)
1. Choose DNS validation. Add tags if you wish. Select Review, then Confirm and Request.
![](media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_request_cert2.png)
1. On your DNS provider, create the CNAME records that are used to by AWS to validate that these domain(s) are yours.
1. On your DNS provider, create the CNAME records that are used by AWS to validate that the domain is yours.
![](media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_validate_cert.png)
Expand All @@ -337,7 +339,7 @@ Once your CNAME is set up with your DNS provider, instead of providing an existi
![](media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_edit.png)
1. Enter your domain names, select "Custom SSL certificate", and select from the drop-down list.
1. Enter your domain name, select "Custom SSL certificate", and select from the drop-down list.
![](media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_select_cert.png)
Expand Down
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file not shown.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
15 changes: 10 additions & 5 deletions content/docs/tech-resources/using-proxy-https-tracking-domain.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
lastUpdated: "05/03/2023"
lastUpdated: "09/29/2023"
title: "Using a Reverse Proxy for HTTPS Tracking Domain"
description: "SparkPost supports HTTPS engagement tracking for customers via self-service for all SparkPost customers. To enable SSL engagement tracking for a domain, additional configuration for SSL keys is required. This resource outlines the use of a reverse proxy to host SSL certificates"
---
Expand Down Expand Up @@ -56,18 +56,20 @@ On a Debian distribution, this command will install nginx with a sample configur

Note: you must store `spgo.io` in a variable so that nginx re-resolves the domain when its TTL expires. You also have to include the `resolver` directive to explicitly specify a DNS server to resolve the hostname. By including the `valid` parameter to the directive, you can tell nginx to ignore the TTL and to re‑resolve names at a specified frequency. In the sample below, nginx re‑resolves names every 10 seconds.

Note: as shown in the sample configuration file below, you should forward the `Host` header so that SparkPost can determine the tracking domain used in a request.

```apacheconf
resolver 10.0.0.2 valid=10s;
server { # simple reverse-proxy
listen 80;
listen 443 ssl;
server_name click.nddurant.com;
# pass requests for dynamic content to rails/turbogears/zope, et al
location / {
set $backend "spgo.io";
proxy_pass https://$backend;
proxy_set_header Host $host;
}
}
```
Expand Down Expand Up @@ -234,6 +236,7 @@ server { # simple reverse-proxy
location / {
set $backend "spgo.io";
proxy_pass https://$backend;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; # pass the client IP to the open & click tracker
server_tokens off; # suppress NGINX giving version/OS information on error pages
}
Expand Down Expand Up @@ -270,8 +273,10 @@ Add the following configuration (putting your own tracking domain into the `Serv
<VirtualHost _default_:80>
ServerName yourtrackingdomain.example.com
ServerPath "/"
ProxyPass "/" "http://spgo.io/"
ProxyPassReverse "/" "http://spgo.io/"
# The backend IPs can change, so disablereuse=On is required
ProxyPass "/" "https://spgo.io/" disablereuse=On
ProxyPassReverse "/" "https://spgo.io/"
SSLProxyEngine on
</VirtualHost>
```
Expand All @@ -291,7 +296,7 @@ Create an additional port 443 proxy configuration as follows. Set the certifica
SSLCertificateFile "/opt/apache2/conf/server.crt"
SSLCertificateKeyFile "/opt/apache2/conf/server.key"
ServerPath "/"
ProxyPass "/" "https://spgo.io/"
ProxyPass "/" "https://spgo.io/" disablereuse=On
ProxyPassReverse "/" "https://spgo.io/"
SSLProxyEngine on
</VirtualHost>
Expand Down

0 comments on commit f24035a

Please sign in to comment.