Note: In addition to the flow described below, it is also possible (and often easier) to set up a free account on Cloudflare which offers this feature as part of their free solution and provides a dedicated SSL certificate for a small fee.
What are domains?
Domains are simply human-friendly aliases for IP addresses (side-note: a domain can be an alias to a “pool” of IP addresses, to spread requests over multiple servers). For example, “google.com” is an alias for the IP addresses 62.0.54.98, 62.0.54.94, 62.0.54.84 etc. These are all servers that Google Inc. own, and can respond to requests to search the Internet.
In the setup instructions for HTTP “Custom Domains” in the Dynamic Yield Admin panel, it is said that in order for a Custom Domain to work it must be defined as a “CNAME” of “srv.dynamicyield.com”. This means that your custom domain (for example, “lp.customer.com”) is an alias for “srv.dynamicyield.com” which in itself is an alias of the pool of Dynamic Yield servers. That way, when a visitor clicks on a link to “http://lp.customer.com/new-deal” his request is directed to the Dynamic Yield servers that know how to find the Landing Page “/new-deal” of “Customer.com” and how to serve it back to the visitor.
Note: Replace srv.dynamicyield.com with srv-eu.dynamicyield.com if you are using Dynamic Yield’s EU data center.
What is HTTPS?
HTTPS (HTTP, Secure) is just the same as regular HTTP, with two additional (and important) features:
All communication between the browser and the server are encrypted, so you can send confidential data without fearing that “hackers” will eavesdrop. This is of course most critical for Bank websites and eCommerce websites.
Pages that are served by the server are cryptographically “signed”, so the visitor can be sure that they are really working with the intended real company. This is how the Green Lock in the address bar works. When the browser cannot verify the signature of the server, it will alert the visitor of a possible security breach, and may not even let the visitor see the served page.
Why can’t Dynamic Yield support HTTPS Custom Domains out of the box?
The only reason that Dynamic Yield can’t support HTTPS Custom Domains, is Bullet #2 from the previous question: Dynamic Yield servers simply can’t fake the signature of the customer when they serve pages in HTTPS. Some services do allow you to configure your signature with their servers, but dealing with such sensitive data is currently not in our development plans.
What can be done in order to support Dynamic Yield HTTPS Custom Domains?
There is a solution, and it is not too complicated. You, the customer, needs to set up a “proxy server” that receives the HTTPS requests, instead of our servers. Your proxy server will ask our servers what response to return, and then add the special signature to the request. This way, the visitor gets both the page that she requested and the assurance that it is working with a certified company.
Example configurations
After you change the DNS record for the Custom Domain from a CNAME record to “srv.dynamicyield.com”, you will have to configure your proxy server. There are several server technologies, we have included examples below for two of the most popular server technologies (nginx and Apache).
nginx
server {
listen 443;
server_name lp.customer.com;
ssl on;
ssl_certificate / etc / ssl / certs / .crt;
ssl_certificate_key / etc / pki / tls / private / .key;
location~/ {
allow all;
resolver 8.8 .8 .8;
proxy_set_header X - Real - IP $remote_addr;
proxy_set_header X - Forwarded - Proto https;
proxy_set_header Host $http_host;
set $upstream http: //srv.dynamicyield.com;
proxy_pass $upstream;
}
}
Apache
ServerName lp.customer.com:443
SSLEngine on
SSLCertificateFile /etc/ssl/certs/.crt
SSLCertificateKeyFile /etc/pki/tls/private/.key
RemoteIPHeader X-Real-IP
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto https
RequestHeader set Host lp.customer.com
ProxyPass / http://srv.dynamicyield.com:80/
ProxyPassReverse / http://srv.dynamicyield.com:80/
(requires mod_ssl, mod_remote_ip, mod_headers, mod_proxy and mod_proxy_http)