GCP quickstart - https

talazriel · March 31, 2024, 12:44pm

We have successfully implemented Snowplow on GCP, following the quick-start guide provided in the documentation. Initial tests using curl to send requests directly to the collector’s IP address over HTTP are successful, returning a 200 status code:
curl -i http:///com.snowplowanalytics.snowplow/tp2

However, when we configure Google Tag Manager (GTM) to send events to the collector, we encounter issues because GTM is attempting to send events over HTTPS, not HTTP.

To further investigate, we tried accessing the collector over HTTPS using curl, which resulted in the following SSL handshake error:
curl -i https:///com.snowplowanalytics.snowplow/tp2
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

It appears there’s an SSL configuration issue, but I’m unsure how to resolve it without affecting the current Snowplow installation. Could anyone provide information or guidance on how to configure the Snowplow collector to accept HTTPS connections from GTM?

Thank you in advance

josh · March 31, 2024, 3:30pm

Hi @talazriel by default there is no HTTPS setup as that would involve setting DNS records and generating certificates which we cannot automate from a generic open-source setup!

To get HTTPS working you will need to:

Create an A record for a domain you own pointing to the IP Address of the Load Balancer you have created (e.g. c.acme.com)
Generate and link in a valid GCP Certificate here: quickstart-examples/terraform/gcp/pipeline/default/terraform.tfvars at main · snowplow/quickstart-examples · GitHub

The ID you need can be fetched from a google_compute_ssl_certificate resource like so:

resource "google_compute_ssl_certificate" "default" {
  name        = "my-certificate"
  private_key = file("path/to/private.key")
  certificate = file("path/to/certificate.crt")
}

certificate_id = google_compute_ssl_certificate.default.id

If you don’t already have a certificate you can upload then the alternative option is to use a Google Managed Certificate as documented here: Terraform Registry

Hope this helps!

josh · April 3, 2024, 3:22pm

For future reference we have also added HTTPS guidance to our docs now: Quick start guide | Snowplow Documentation

talazriel · April 7, 2024, 12:19pm

Thank you very much Josh, for the quick reply and for updating the documentation.

Topic		Replies	Views
GCP Quickstart SSL_connect: SSL_ERROR_SYSCALL For engineers	1	668	May 22, 2023
SSL Handshake timeout error for more than 1000 concurrent calls to snowplow stream collector in GCP GCP pipeline	2	1768	March 15, 2022
Collector does not accept HTTPS / port 443 calls Collectors	3	1226	March 2, 2022
Does Snowplow support HTTPS? Should data only be sent via HTTPS? Collectors	4	1611	August 25, 2017
Access to XMLHTTPRequest has been blocked by CORS For engineers	5	1564	October 1, 2021

GCP quickstart - https

Related Topics