Our pipeline works successfully as of now, but we want to add a custom domain to this; we have our own certificate files already, but when enabling it in the terraform.tfvars file, do we just include the path? What is expected in the certificate_id field of the terraform.tfvars file?
We didn’t generate our SSL Certificate through GCP, and instead have a separate file (since we use our SSL certificate for our other domains as well) - is this still feasible, or do we have to upload it to GCP under the iglu front end load balancer?
Hey @kdrabh to link your SSL certificate in you can upload it into GCP and then reference the ID out - doing this with Terraform:
resource "google_compute_ssl_certificate" "my_cert" {
name = "my-certificate"
private_key = file("path/to/private.key")
certificate = file("path/to/certificate.crt")
}
> this is the value you need: google_compute_ssl_certificate.my_cert.id
Thanks for the prior help - we are now able to see custom events through our pipeline, and we have configured an SSL certificate, but for some reason we are still receiving a CORS error. I assume that the code that is launched for the iglu server is the same code here. Assuming this is the code that’s running on GCP when we deploy an iglu server, shouldn’t CORS traffic be allowed automatically?
Here’s what we’ve done so far in terms of SSL certificate and domain work, just so I’m illustrating as much of our infrastructure as possible:
We purchased a domain through Squarespace. This includes an SSL certificate already for our domain.
We redirected the Squarespace domain’s nameservers to point to GCP’s nameservers (our cloud provider for which snowplow is deployed into)
On GCP, we created an additional SSL certificate, to which we pointed it to a subdomain of our previously mentioned squarespace domain. (stg.domainname.com)
Using the steps you mentioned above, we added these SSL certificates to our iglu server and pipeline code, pointing to our GCP SSL Certificate (with the URL being directly placed in the tfvars file, rather than as a resource in main.tf and then being passed to tfvars)
Pushed and updated both our iglu server stack and the iglu pipeline code using terraform plan/terraform apply to make these changes.
Does this sound correct to you? If so, what could be a possible reason we’re seeing a CORS error as we pass events through our pipeline?
Thanks for the help! As of now, we are still getting a CORS error but we are attempting to mitigate this by moving our pipeline and server under our application domain name (before, they were on separate domains - ie, one was on abc.bac.com, and one was on edf.cba.com - dummy names to explain our issue). As we are attempting to resolve this, I did have one question - when we are adding our IP addresses to our domain management tool, which IP address should we mask under the domain name? I’m confused because one would assume it’s the load balancer under HTTPS, but we would be collecting data through our collector URL as well (which is another IP address) - so just wanted to clarify if we should be forwarding our collector IP or our load balancer IP to the domain name.
Hi @kdrabh so the Collector Load Balancer can have multiple A / CNAME records attached to it. In this instance you would generally setup an A record with value like t.acme.com pointing to the IP Address of the Load Balancer IP you have deployed for the Collector.
Any CORS errors you are seeing are almost certainly due to your own web-servers security requirements around cross-domain traffic - the Collector does not care if it receives requests from other domains than the one it is on!