Note: In addition to the flow described in this article, you can also set up a free account on Cloudflare (which is often also easier). Cloudflare offers this feature as part of their free solution and provides a dedicated SSL certificate for a small fee.
What are domains?
Domains are human-friendly aliases for IP addresses (note that a domain can be an alias to a “pool” of IP addresses, to spread requests over multiple servers). For example, “google.com” is an alias for the IP addresses 62.0.54.98, 62.0.54.94, 62.0.54.84, and so on. These are all servers that Google Inc. owns, and can respond to requests to search the Internet.
When you set up an HTTP custom domain in Experience OS, it must be defined as a CNAME of “srv.dynamicyield.com”. This means that your custom domain (for example, “lp.customer.com”) is an alias for “srv.dynamicyield.com” which in itself is an alias of the pool of Dynamic Yield servers. That way, when a visitor follows a link to “http://lp.customer.com/new-deal”, their request is directed to the Dynamic Yield servers that know how to find the Landing Page “/new-deal” of “Customer.com” and how to serve it back to the visitor. Learn more about custom domains on Experience OS.
Note: Replace srv.dynamicyield.com with srv-eu.dynamicyield.com if you are using the Dynamic Yield EU data center.
What is HTTPS?
HTTPS (HTTP, Secure) is just the same as regular HTTP, with two additional (and important) features:
- All communication between the browser and the server is encrypted, so you can send confidential data without fearing that hackers will eavesdrop.
- Pages that are served by the server are “signed” cryptographically, so that visitors can be sure that they are really working with the intended company. This is how the Green Lock in the address bar works. When the browser can't verify the server's signature, it alerts the visitor of a possible security breach, and might not even let the visitor see the served page.
Why can’t Dynamic Yield support HTTPS custom domains out of the box?
The only reason is the second bullet from the previous question: Dynamic Yield servers can’t fake the your signature when they serve pages in HTTPS. Some services do allow you to configure your signature with their servers, but dealing with such sensitive data is currently not in our development plans.
What can be done to support Dynamic Yield HTTPS custom domains?
There is a solution. You must set up a proxy server to receive the HTTPS requests instead of our servers. Your proxy server asks our servers what response to return, and then adds the signature to the request. This way, visitors get both the page they requested and the assurance that it's working with a certified company.
Configuration examples
After you change the DNS record for the custom domain from a CNAME record to “srv.dynamicyield.com”, you must configure your proxy server. There are several server technologies available, and the following are examples for two of the most popular server technologies (nginx and Apache).
nginx
server {
listen 443;
server_name lp.customer.com;
ssl on;
ssl_certificate / etc / ssl / certs / .crt;
ssl_certificate_key / etc / pki / tls / private / .key;
location~/ {
allow all;
resolver 8.8 .8 .8;
proxy_set_header X - Real - IP $remote_addr;
proxy_set_header X - Forwarded - Proto https;
proxy_set_header Host $http_host;
set $upstream http: //srv.dynamicyield.com;
proxy_pass $upstream;
}
}
ServerName lp.customer.com:443
SSLEngine on
SSLCertificateFile /etc/ssl/certs/.crt
SSLCertificateKeyFile /etc/pki/tls/private/.key
RemoteIPHeader X-Real-IP
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto https
RequestHeader set Host lp.customer.com
ProxyPass / http://srv.dynamicyield.com:80/
ProxyPassReverse / http://srv.dynamicyield.com:80/