Attempting to add SSL Certificate for Snowplow CE

Hi all!

I’m new to using snowplow and want to deploy our current setup (created from here -

Our pipeline works successfully as of now, but we want to add a custom domain to this; we have our own certificate files already, but when enabling it in the terraform.tfvars file, do we just include the path? What is expected in the certificate_id field of the terraform.tfvars file?

Any help would be appreciated - thanks!

Hi @kdrabh which Cloud have you deployed the quick-start on so I can help with this.

Hi Josh -

We deployed it using GCP.

Hi @kdrabh once you have an SSL Certificate created within GCP you need to supply the ID string:

Of the form: projects/{{project}}/global/sslCertificates/{{name}}

This is the certificate_id you need to bake in ^^

We didn’t generate our SSL Certificate through GCP, and instead have a separate file (since we use our SSL certificate for our other domains as well) - is this still feasible, or do we have to upload it to GCP under the iglu front end load balancer?

Hey @kdrabh to link your SSL certificate in you can upload it into GCP and then reference the ID out - doing this with Terraform:

resource "google_compute_ssl_certificate" "my_cert" {
  name        = "my-certificate"
  private_key = file("path/to/private.key")
  certificate = file("path/to/certificate.crt")

> this is the value you need:

Hope this helps!

1 Like

Revisiting this just to let you know that it worked. Thank you so much for the help!

1 Like

Great to hear it thanks for letting us know @kdrabh !

Hi @josh

Thanks for the prior help - we are now able to see custom events through our pipeline, and we have configured an SSL certificate, but for some reason we are still receiving a CORS error. I assume that the code that is launched for the iglu server is the same code here. Assuming this is the code that’s running on GCP when we deploy an iglu server, shouldn’t CORS traffic be allowed automatically?

Here’s what we’ve done so far in terms of SSL certificate and domain work, just so I’m illustrating as much of our infrastructure as possible:

  • We purchased a domain through Squarespace. This includes an SSL certificate already for our domain.
  • We redirected the Squarespace domain’s nameservers to point to GCP’s nameservers (our cloud provider for which snowplow is deployed into)
  • On GCP, we created an additional SSL certificate, to which we pointed it to a subdomain of our previously mentioned squarespace domain. (
  • Using the steps you mentioned above, we added these SSL certificates to our iglu server and pipeline code, pointing to our GCP SSL Certificate (with the URL being directly placed in the tfvars file, rather than as a resource in and then being passed to tfvars)
  • Pushed and updated both our iglu server stack and the iglu pipeline code using terraform plan/terraform apply to make these changes.

Does this sound correct to you? If so, what could be a possible reason we’re seeing a CORS error as we pass events through our pipeline?

Thanks again for your continued help.

Hi @kdrabh could you share an example of where exactly you are seeing a CORS error and the request you are issuing when this happens?

Hi Josh -

Thanks for the help! As of now, we are still getting a CORS error but we are attempting to mitigate this by moving our pipeline and server under our application domain name (before, they were on separate domains - ie, one was on, and one was on - dummy names to explain our issue). As we are attempting to resolve this, I did have one question - when we are adding our IP addresses to our domain management tool, which IP address should we mask under the domain name? I’m confused because one would assume it’s the load balancer under HTTPS, but we would be collecting data through our collector URL as well (which is another IP address) - so just wanted to clarify if we should be forwarding our collector IP or our load balancer IP to the domain name.

Thanks again for your help!

Hi @kdrabh so the Collector Load Balancer can have multiple A / CNAME records attached to it. In this instance you would generally setup an A record with value like pointing to the IP Address of the Load Balancer IP you have deployed for the Collector.

Any CORS errors you are seeing are almost certainly due to your own web-servers security requirements around cross-domain traffic - the Collector does not care if it receives requests from other domains than the one it is on!

1 Like

Hi Josh - Thanks for the help! I believe we were able to solve the CORS errors. We have a few other issues, but we will make a new post about that!

1 Like