Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

DevOp: Enable HTTPS for email link tracking #956

Open
ssandino opened this issue Nov 30, 2024 · 0 comments
Open

DevOp: Enable HTTPS for email link tracking #956

ssandino opened this issue Nov 30, 2024 · 0 comments
Labels
devop Issue concerning the setup of the tech stack

Comments

@ssandino
Copy link
Member

Issue

Some users with stricter security measures on their computers cannot open our links in emails because they currently use http. Additionally, adopting https is a best practice to ensure secure and trusted connections. This setup will address the issue and align with modern security standards by enabling HTTPS for link.url7680.socialincome.org.

Image

Solution: Setting Up a Google Cloud Free Tier f1-micro Instance for HTTPS and SendGrid Click Tracking

Follow these steps to configure an f1-micro instance on Google Cloud to handle HTTPS for your subdomain (link.url7680.socialincome.org) and forward traffic to SendGrid.

Step 2: Set Up a Free VM Instance

  1. Create a Project:

    • Go to Manage Resources in Google Cloud.
    • Click Create Project and name it (e.g., SendGridProxy).

  2. Go to Compute Engine:

    • Navigate to Compute Engine > VM Instances.
    • Click Create Instance.

  3. Configure the Instance:

    • Name: nginx-server.
    • Region: Choose a free tier eligible region (e.g., us-west1, us-east1).
    • Machine Type: f1-micro.
    • Boot Disk: Use the default Debian or Ubuntu image.
    • Firewall: Check Allow HTTP traffic and Allow HTTPS traffic.
    • Click Create.

Step 3: Connect to Your VM

  1. Go to Compute Engine > VM Instances.
  2. Click SSH next to your VM to connect to it.

Step 4: Install NGINX

sudo apt update && sudo apt upgrade -y
sudo apt install nginx -y
sudo systemctl start nginx
sudo systemctl enable nginx

Step 5: Install Certbot for SSL

To secure your subdomain with HTTPS using a free SSL certificate from Let’s Encrypt, follow these steps:

  1. Install Certbot and the NGINX plugin:
    Run the following command to install Certbot on your VM:

    sudo apt install certbot python3-certbot-nginx -y

  2. Obtain the SSL certificate:
    Use Certbot to generate an SSL certificate for your subdomain:

    sudo certbot --nginx -d link.url7680.socialincome.org
    • Certbot will automatically configure NGINX to use the SSL certificate.
    • During the process, Certbot will verify that you own the subdomain by checking your DNS records. Ensure your DNS is correctly configured before proceeding.

  3. Verify the SSL certificate:
    Once the process is complete, visit your subdomain in a browser:

    • Navigate to https://link.url7680.socialincome.org.
    • Confirm the page loads securely (check for a padlock icon in the address bar).

Step 6: Update DNS Records in GoDaddy

  1. Log in to your GoDaddy account.
  2. Add an A Record:
    • Type: A
    • Name: click
    • Value: Your VM’s external IP (found under Compute Engine > VM Instances).
    • TTL: Default (1 hour).
  3. Wait for DNS propagation (may take a few minutes).

Step 7: Configure NGINX as a Proxy to SendGrid

  1. Edit the NGINX configuration for your subdomain:

    sudo nano /etc/nginx/sites-available/link.url7680.socialincome.org

  2. Add the following configuration:

    server {
    listen 443 ssl;
    server_name link.url7680.socialincome.org;

    # SSL certificates
    ssl_certificate /etc/letsencrypt/live/link.url7680.socialincome.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/link.url7680.socialincome.org/privkey.pem;

    # Proxy to SendGrid
    location / {
        proxy_pass https://sendgrid.net;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

server {
    listen 80;
    server_name link.url7680.socialincome.org;

    # Redirect HTTP to HTTPS
    return 301 https://$host$request_uri;
}

  3. Save and exit the file:

    • Press CTRL+O, then CTRL+X.

  4. Enable the configuration and reload NGINX:

    sudo ln -s /etc/nginx/sites-available/link.url7680.socialincome.org /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

Step 8: Automate SSL Certificate Renewal

  1. Open the crontab editor: 
    sudo crontab -e
  2. Add this line: 
    0 0 * * * certbot renew --quiet && systemctl reload nginx
  3. Save and exit.

Step 9: Notify SendGrid

  1. Open a support ticket in the SendGrid Support Portal.
  2. Provide the subdomain (https://link.url7680.socialincome.org) and request SSL click tracking.
  3. SendGrid will verify the setup and activate HTTPS tracking.

Step 10: Test the Setup

  1. Send a test email from SendGrid with click tracking enabled.
  2. Verify that tracked links point to https://link.url7680.socialincome.org.
  3. Click the link to ensure it redirects properly.

Cost Summary

  • Google Cloud Free Tier: Free for f1-micro instances in eligible regions.

Documentation

See also: SendGrid Support File
@ssandino ssandino added the devop Issue concerning the setup of the tech stack label Dec 6, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
devop Issue concerning the setup of the tech stack
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ssandino