Note: In addition to the flow described below, it is also possible (and often easier) to set up a free account on Cloudflare which offers this feature as part of their free solution and provides a dedicated SSL certificate for a small fee.
What are domains?
Domains are simply human-friendly aliases for IP addresses (note: a domain can be an alias to a “pool” of IP addresses, to spread requests over multiple servers). For example, “google.com” is an alias for the IP addresses 62.0.54.98, 62.0.54.94, 62.0.54.84 and so on. These are all servers that Google Inc. own, and can respond to requests to search the Internet.
In the setup instructions for HTTP “Custom Domains” in the Dynamic Yield console, it says that in order for a custom domain to work it must be defined as a “CNAME” of “srv.dynamicyield.com”. This means that your custom domain (for example, “lp.customer.com”) is an alias for “srv.dynamicyield.com” which in itself is an alias of the pool of Dynamic Yield servers. That way, when a visitor clicks on a link to “http://lp.customer.com/new-deal”, their request is directed to the Dynamic Yield servers that know how to find the Landing Page “/new-deal” of “Customer.com” and how to serve it back to the visitor.
Note: Replace srv.dynamicyield.com with srv-eu.dynamicyield.com if you are using the Dynamic Yield EU data center.
What is HTTPS?
HTTPS (HTTP, Secure) is just the same as regular HTTP, with two additional (and important) features:
- All communication between the browser and the server are encrypted, so you can send confidential data without fearing that “hackers” will eavesdrop. This is of course most critical for Bank websites and e-commerce websites.
- Pages that are served by the server are cryptographically “signed”, so the visitor can be sure that they are really working with the intended real company. This is how the Green Lock in the address bar works. When the browser cannot verify the signature of the server, it will alert the visitor of a possible security breach, and may not even let the visitor see the served page.
Why can’t Dynamic Yield support HTTPS custom domains out of the box?
The only reason that Dynamic Yield can’t support HTTPS custom domains is Bullet #2 from the previous question: Dynamic Yield servers simply can’t fake the signature of the customer when they serve pages in HTTPS. Some services do allow you to configure your signature with their servers, but dealing with such sensitive data is currently not in our development plans.
What can be done to support Dynamic Yield HTTPS custom domains?
There is a solution. You must set up a proxy server to receive the HTTPS requests instead of our servers. Your proxy server asks our servers what response to return, and then adds the special signature to the request. This way, visitors get both the page they requested and the assurance that it is working with a certified company.
Configuration examples
After you change the DNS record for the custom domain from a CNAME record to “srv.dynamicyield.com”, you will have to configure your proxy server. There are several server technologies, we have included examples below for two of the most popular server technologies (nginx and Apache).
nginx
server {
listen 443;
server_name lp.customer.com;
ssl on;
ssl_certificate / etc / ssl / certs / .crt;
ssl_certificate_key / etc / pki / tls / private / .key;
location~/ {
allow all;
resolver 8.8 .8 .8;
proxy_set_header X - Real - IP $remote_addr;
proxy_set_header X - Forwarded - Proto https;
proxy_set_header Host $http_host;
set $upstream http: //srv.dynamicyield.com;
proxy_pass $upstream;
}
}
ServerName lp.customer.com:443
SSLEngine on
SSLCertificateFile /etc/ssl/certs/.crt
SSLCertificateKeyFile /etc/pki/tls/private/.key
RemoteIPHeader X-Real-IP
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto https
RequestHeader set Host lp.customer.com
ProxyPass / http://srv.dynamicyield.com:80/
ProxyPassReverse / http://srv.dynamicyield.com:80/
(Requires mod_ssl, mod_remote_ip, mod_headers, mod_proxy and mod_proxy_http)