diff --git a/content/docs/tech-resources/deep-links-self-serve.md b/content/docs/tech-resources/deep-links-self-serve.md
index 34070cbe3..4f9fa3a2e 100644
--- a/content/docs/tech-resources/deep-links-self-serve.md
+++ b/content/docs/tech-resources/deep-links-self-serve.md
@@ -1,5 +1,5 @@
---
-lastUpdated: "02/24/2021"
+lastUpdated: "09/30/2023"
title: "Using Mobile Universal and App Links with SparkPost"
description: "A guide to including iOS universal links and Android App Links in your SparkPost-delivered email"
---
@@ -444,20 +444,23 @@ To get Android to [auto-verify](#auto-verify) your app's domains (skipping the u
#
ServerName yourtrackingdomain.example.com
- ProxyPass "/f/" "http://spgo.io/f/"
- ProxyPassReverse "/f/" "http://spgo.io/f/"
- ProxyPass "/q/" "http://spgo.io/q/"
- ProxyPassReverse "/q/" "http://spgo.io/q/"
+ # The backend IPs can change, so disablereuse=On is required
+ ProxyPass "/f/" "https://spgo.io/f/" disablereuse=On
+ ProxyPassReverse "/f/" "https://spgo.io/f/"
+ ProxyPass "/q/" "https://spgo.io/q/" disablereuse=On
+ ProxyPassReverse "/q/" "https://spgo.io/q/"
Alias "/.well-known" "/var/www/html/securetrack/.well-known"
+
+ SSLProxyEngine on
ServerName yourtrackingdomain.example.com
- ProxyPass "/f/" "http://spgo.io/f/"
- ProxyPassReverse "/f/" "http://spgo.io/f/"
- ProxyPass "/q/" "http://spgo.io/q/"
- ProxyPassReverse "/q/" "http://spgo.io/q/"
+ ProxyPass "/f/" "https://spgo.io/f/" disablereuse=On
+ ProxyPassReverse "/f/" "https://spgo.io/f/"
+ ProxyPass "/q/" "https://spgo.io/q/" disablereuse=On
+ ProxyPassReverse "/q/" "https://spgo.io/q/"
Alias "/.well-known" "/var/www/html/securetrack/.well-known"
@@ -488,6 +491,8 @@ To check your files are served correctly and Android auto-verify is working - se
1. Add `location` blocks to your config to declare the spec files on your tracking domain, which will allow Android to [auto-verify](#android-testing-auto-verify). Here is a complete example, including the engagement-tracking `proxy-pass` block done in step 1.
```
+ resolver 10.0.0.2 valid=10s;
+
server {
listen 80;
listen 443 ssl http2;
@@ -513,7 +518,9 @@ To check your files are served correctly and Android auto-verify is working - se
# pass all other requests through to SparkPost engagement tracking
location / {
- proxy_pass https://spgo.io;
+ set $backend "spgo.io";
+ proxy_pass https://$backend;
+ proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; # pass the client IP to the open & click tracker
server_tokens off; # suppress NGINX giving version/OS information on error pages
}
diff --git a/content/docs/tech-resources/enabling-https-engagement-tracking-on-sparkpost.md b/content/docs/tech-resources/enabling-https-engagement-tracking-on-sparkpost.md
index ccf40a148..334265326 100644
--- a/content/docs/tech-resources/enabling-https-engagement-tracking-on-sparkpost.md
+++ b/content/docs/tech-resources/enabling-https-engagement-tracking-on-sparkpost.md
@@ -1,5 +1,5 @@
---
-lastUpdated: "07/10/2023"
+lastUpdated: "09/27/2023"
title: "Enabling HTTPS Engagement Tracking on SparkPost"
description: "SparkPost supports HTTPS engagement tracking for customers via self-service for all SparkPost customers. To enable SSL engagement tracking for a domain, additional configuration for SSL keys is required."
---
@@ -37,7 +37,7 @@ This document includes step by step guides for the following CDNs.
* (Cloudflare certificates are auto-issued)
* AWS CloudFront:
* [Create a Domain](#step-by-step-guide-with-aws-cloudfront)
- * [Issue a Certificate](#using-aws-certificate-manager-acm-to-issue-a-certificate-for-your-domains)
+ * [Issue a Certificate](#using-aws-certificate-manager-acm-to-issue-a-certificate-for-your-domain)
* Fastly:
* [Create a Domain](#step-by-step-guide-with-fastly)
* [Issue a Certificate](#issue-a-certificate-with-fastly)
@@ -181,6 +181,8 @@ For up to date information on creating a distribution via CloudFront, please ref
* Optionally, change the name (you can leave this at default).
+ * Under "Add custom header", click "Add header". Enter `X-Forwarded-Host` as the header name and your custom tracking domain as the header value.
+
* Leave "Enable Origin Shield" disabled.
* Skip the "Additional settings".
@@ -246,14 +248,14 @@ For up to date information on creating a distribution via CloudFront, please ref
* Enable forwarding of the `User-Agent` header. Type in `User-Agent` and click "Add". This allows `User-Agent` data to be present in your engagement events received from SparkPost.
-
- * Enable forwarding of the `Host` header. Type in `Host` and click "Add". This allows `Host` data to be present in your engagement events received from SparkPost.
- 
+ * Under "Query strings", select "Include the following query strings".
- * Leave Query string and Cookies set to defaults (None). Your origin request settings should now look like this.
+ * Under "Add query string", enter `target`.
- 
+ * Leave Cookies set to default (None). Your origin request settings should now look like this.
+
+ 
* Click "Create" (on first time) / "Save Changes" (if modifying).
@@ -277,7 +279,7 @@ For up to date information on creating a distribution via CloudFront, please ref
* Under "Custom SSL Certificate", select **Custom SSL Certificate** - Upload certificates as needed.
- > If you want to have AWS create a new certificate within AWS instead of importing an existing one, click "Request certificate" and follow the steps [here](#using-aws-certificate-manager-acm-to-issue-a-certificate-for-your-domains) before continuing.
+ > If you want to have AWS create a new certificate within AWS instead of importing an existing one, click "Request certificate" and follow the steps [here](#using-aws-certificate-manager-acm-to-issue-a-certificate-for-your-domain) before continuing.
* Leave the other settings at default / recommended values.
@@ -285,7 +287,7 @@ For up to date information on creating a distribution via CloudFront, please ref
-1. Create, or update, a CNAME record with your DNS service to route queries for tracking domain(s) with your CloudFront distribution ID. This will be specific to your DNS service.
+1. Create, or update, a CNAME record with your DNS service so that requests to your tracking domain are routed to your CloudFront distribution. This will be specific to your DNS service.
* Get the "Domain Name" for your distribution from the Distributions page. You can use the square "copy" button.
@@ -309,13 +311,13 @@ For up to date information on creating a distribution via CloudFront, please ref
1. Follow [these steps](#switch-tracking-domain-to-secure-and-validate) to update and verify your tracking domain.
---
-### Using AWS Certificate Manager (ACM) to issue a certificate for your domain(s)
+### Using AWS Certificate Manager (ACM) to issue a certificate for your domain
-Once your CNAME is set up with your DNS provider, instead of providing an existing certificate, you can have AWS issue a certificate for your custom tracking domain(s).
+Once your CNAME is set up with your DNS provider, instead of providing an existing certificate, you can have AWS issue a certificate for your custom tracking domain.
1. Navigate to the AWS Certificate Manager (ACM). Choose Request a Certificate, then select Request a public certificate.
- Add your domain name(s), select Next.
+ Add your domain name, select Next.
@@ -323,7 +325,7 @@ Once your CNAME is set up with your DNS provider, instead of providing an existi
-1. On your DNS provider, create the CNAME records that are used to by AWS to validate that these domain(s) are yours.
+1. On your DNS provider, create the CNAME records that are used by AWS to validate that the domain is yours.
@@ -337,7 +339,7 @@ Once your CNAME is set up with your DNS provider, instead of providing an existi
-1. Enter your domain names, select "Custom SSL certificate", and select from the drop-down list.
+1. Enter your domain name, select "Custom SSL certificate", and select from the drop-down list.
diff --git a/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache6.png b/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache6.png
index e25a7e095..68f62585f 100644
Binary files a/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache6.png and b/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache6.png differ
diff --git a/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache7.png b/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache7.png
deleted file mode 100644
index 89c77c735..000000000
Binary files a/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_cache7.png and /dev/null differ
diff --git a/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_origin2.png b/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_origin2.png
index cc7af8f8c..380170fb8 100644
Binary files a/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_origin2.png and b/content/docs/tech-resources/media/enabling-https-engagement-tracking-on-sparkpost/cloudfront_origin2.png differ
diff --git a/content/docs/tech-resources/using-proxy-https-tracking-domain.md b/content/docs/tech-resources/using-proxy-https-tracking-domain.md
index 8e8483fe6..a6f1ff78a 100644
--- a/content/docs/tech-resources/using-proxy-https-tracking-domain.md
+++ b/content/docs/tech-resources/using-proxy-https-tracking-domain.md
@@ -1,5 +1,5 @@
---
-lastUpdated: "05/03/2023"
+lastUpdated: "09/29/2023"
title: "Using a Reverse Proxy for HTTPS Tracking Domain"
description: "SparkPost supports HTTPS engagement tracking for customers via self-service for all SparkPost customers. To enable SSL engagement tracking for a domain, additional configuration for SSL keys is required. This resource outlines the use of a reverse proxy to host SSL certificates"
---
@@ -56,18 +56,20 @@ On a Debian distribution, this command will install nginx with a sample configur
Note: you must store `spgo.io` in a variable so that nginx re-resolves the domain when its TTL expires. You also have to include the `resolver` directive to explicitly specify a DNS server to resolve the hostname. By including the `valid` parameter to the directive, you can tell nginx to ignore the TTL and to re‑resolve names at a specified frequency. In the sample below, nginx re‑resolves names every 10 seconds.
+Note: as shown in the sample configuration file below, you should forward the `Host` header so that SparkPost can determine the tracking domain used in a request.
+
```apacheconf
resolver 10.0.0.2 valid=10s;
server { # simple reverse-proxy
listen 80;
- listen 443 ssl;
server_name click.nddurant.com;
# pass requests for dynamic content to rails/turbogears/zope, et al
location / {
set $backend "spgo.io";
proxy_pass https://$backend;
+ proxy_set_header Host $host;
}
}
```
@@ -234,6 +236,7 @@ server { # simple reverse-proxy
location / {
set $backend "spgo.io";
proxy_pass https://$backend;
+ proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; # pass the client IP to the open & click tracker
server_tokens off; # suppress NGINX giving version/OS information on error pages
}
@@ -270,8 +273,10 @@ Add the following configuration (putting your own tracking domain into the `Serv
ServerName yourtrackingdomain.example.com
ServerPath "/"
- ProxyPass "/" "http://spgo.io/"
- ProxyPassReverse "/" "http://spgo.io/"
+ # The backend IPs can change, so disablereuse=On is required
+ ProxyPass "/" "https://spgo.io/" disablereuse=On
+ ProxyPassReverse "/" "https://spgo.io/"
+ SSLProxyEngine on
```
@@ -291,7 +296,7 @@ Create an additional port 443 proxy configuration as follows. Set the certifica
SSLCertificateFile "/opt/apache2/conf/server.crt"
SSLCertificateKeyFile "/opt/apache2/conf/server.key"
ServerPath "/"
- ProxyPass "/" "https://spgo.io/"
+ ProxyPass "/" "https://spgo.io/" disablereuse=On
ProxyPassReverse "/" "https://spgo.io/"
SSLProxyEngine on