Configuring HTTPS for Custom Domains

For general information and background, see our Knowledge Base article

📌

In addition to the flow described in this article, you can also set up a free account on Cloudflare (which is often also easier). Cloudflare offers this feature as part of their free solution and provides a dedicated SSL certificate for a small fee.

When you set up an HTTP custom domain in Experience OS, it must be defined as a CNAME of “srv.dynamicyield.com” (for the EU data center: srv-eu.dynamicyield.com). This means that your custom domain (for example, “lp.customer.com”) is an alias for “srv.dynamicyield.com” which in itself is an alias of the pool of Dynamic Yield servers. That way, when a visitor follows a link to “http://lp.customer.com/n>ew-deal”, their request is directed to the Dynamic Yield servers that know how to find the landing page “/new-deal” of “customer.com” and serve it back to the visitor.

🚧

Replace srv.dynamicyield.com with srv-eu.dynamicyield.com if you are using the Dynamic Yield EU data center.

Dynamic Yield doesn't support HTTPS out of the box, because we can't "fake" your signature when serving pages in HTTPS. While some services do allow you to configure your signature with their servers, dealing with such sensitive data is currently not in our development plans.

But there is a solution. Set up a proxy server to receive the HTTPS requests instead of our servers. Your proxy server asks our servers what response to return and then adds the signature to the request. This way, visitors get both the page they requested and the assurance that it's working with a certified company.

After you change the DNS record for the custom domain from a CNAME record to srv.dynamicyield.com (US data center) or srv-eu.dynamicyield.com (EU data center), you must configure your proxy server. There are several server technologies available, and the following are examples of two of the most popular server technologies (nginx and Apache).

server {
  listen 443;
  server_name lp.customer.com;
 
  ssl on;
  ssl_certificate / etc / ssl / certs / .crt;
  ssl_certificate_key / etc / pki / tls / private / .key;
 
  location~/ {
    allow all;
    resolver 8.8 .8 .8;
    proxy_set_header X - Real - IP $remote_addr;
    proxy_set_header X - Forwarded - Proto https;
    proxy_set_header Host $http_host;
    set $upstream http: //srv.dynamicyield.com;
      proxy_pass $upstream;
  }
}
ServerName lp.customer.com:443
 
SSLEngine on
SSLCertificateFile /etc/ssl/certs/.crt
SSLCertificateKeyFile /etc/pki/tls/private/.key
 
RemoteIPHeader X-Real-IP
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto https
RequestHeader set Host lp.customer.com
ProxyPass / http://srv.dynamicyield.com:80/
ProxyPassReverse / http://srv.dynamicyield.com:80/

(Requires mod_ssl, mod_remote_ip, mod_headers, mod_proxy and mod_proxy_http)