Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DevOp: Enable HTTPS for email link tracking #956

Open
ssandino opened this issue Nov 30, 2024 · 0 comments
Open

DevOp: Enable HTTPS for email link tracking #956

ssandino opened this issue Nov 30, 2024 · 0 comments
Labels
devop Issue concerning the setup of the tech stack

Comments

@ssandino
Copy link
Member

Issue

Some users with stricter security measures on their computers cannot open our links in emails because they currently use http. Additionally, adopting https is a best practice to ensure secure and trusted connections. This setup will address the issue and align with modern security standards by enabling HTTPS for link.url7680.socialincome.org.

Image

Solution: Setting Up a Google Cloud Free Tier f1-micro Instance for HTTPS and SendGrid Click Tracking

Follow these steps to configure an f1-micro instance on Google Cloud to handle HTTPS for your subdomain (link.url7680.socialincome.org) and forward traffic to SendGrid.

Step 2: Set Up a Free VM Instance

  1. Create a Project:

    • Go to Manage Resources in Google Cloud.
    • Click Create Project and name it (e.g., SendGridProxy).

  2. Go to Compute Engine:

    • Navigate to Compute Engine > VM Instances.
    • Click Create Instance.

  3. Configure the Instance:

    • Name: nginx-server.
    • Region: Choose a free tier eligible region (e.g., us-west1, us-east1).
    • Machine Type: f1-micro.
    • Boot Disk: Use the default Debian or Ubuntu image.
    • Firewall: Check Allow HTTP traffic and Allow HTTPS traffic.
    • Click Create.

Step 3: Connect to Your VM

  1. Go to Compute Engine > VM Instances.
  2. Click SSH next to your VM to connect to it.

Step 4: Install NGINX

sudo apt update && sudo apt upgrade -y
sudo apt install nginx -y
sudo systemctl start nginx
sudo systemctl enable nginx

Step 5: Install Certbot for SSL

To secure your subdomain with HTTPS using a free SSL certificate from Let’s Encrypt, follow these steps:

  1. Install Certbot and the NGINX plugin:
    Run the following command to install Certbot on your VM:

    sudo apt install certbot python3-certbot-nginx -y

  2. Obtain the SSL certificate:
    Use Certbot to generate an SSL certificate for your subdomain:

    sudo certbot --nginx -d link.url7680.socialincome.org
    • Certbot will automatically configure NGINX to use the SSL certificate.
    • During the process, Certbot will verify that you own the subdomain by checking your DNS records. Ensure your DNS is correctly configured before proceeding.

  3. Verify the SSL certificate:
    Once the process is complete, visit your subdomain in a browser:

    • Navigate to https://link.url7680.socialincome.org.
    • Confirm the page loads securely (check for a padlock icon in the address bar).

Step 6: Update DNS Records in GoDaddy

  1. Log in to your GoDaddy account.
  2. Add an A Record:
    • Type: A
    • Name: click
    • Value: Your VM’s external IP (found under Compute Engine > VM Instances).
    • TTL: Default (1 hour).
  3. Wait for DNS propagation (may take a few minutes).

Step 7: Configure NGINX as a Proxy to SendGrid

  1. Edit the NGINX configuration for your subdomain:

    sudo nano /etc/nginx/sites-available/link.url7680.socialincome.org

  2. Add the following configuration:

    server {
    listen 443 ssl;
    server_name link.url7680.socialincome.org;

    # SSL certificates
    ssl_certificate /etc/letsencrypt/live/link.url7680.socialincome.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/link.url7680.socialincome.org/privkey.pem;

    # Proxy to SendGrid
    location / {
        proxy_pass https://sendgrid.net;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

server {
    listen 80;
    server_name link.url7680.socialincome.org;

    # Redirect HTTP to HTTPS
    return 301 https://$host$request_uri;
}

  3. Save and exit the file:

    • Press CTRL+O, then CTRL+X.

  4. Enable the configuration and reload NGINX:

    sudo ln -s /etc/nginx/sites-available/link.url7680.socialincome.org /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

Step 8: Automate SSL Certificate Renewal

  1. Open the crontab editor: 
    sudo crontab -e
  2. Add this line: 
    0 0 * * * certbot renew --quiet && systemctl reload nginx
  3. Save and exit.

Step 9: Notify SendGrid

  1. Open a support ticket in the SendGrid Support Portal.
  2. Provide the subdomain (https://link.url7680.socialincome.org) and request SSL click tracking.
  3. SendGrid will verify the setup and activate HTTPS tracking.

Step 10: Test the Setup

  1. Send a test email from SendGrid with click tracking enabled.
  2. Verify that tracked links point to https://link.url7680.socialincome.org.
  3. Click the link to ensure it redirects properly.

Cost Summary

  • Google Cloud Free Tier: Free for f1-micro instances in eligible regions.

Documentation

See also: SendGrid Support File
@ssandino ssandino added the devop Issue concerning the setup of the tech stack label Dec 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
devop Issue concerning the setup of the tech stack
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ssandino