GCP quickstart - https

talazriel · March 31, 2024, 12:44pm

We have successfully implemented Snowplow on GCP, following the quick-start guide provided in the documentation. Initial tests using curl to send requests directly to the collector’s IP address over HTTP are successful, returning a 200 status code:
curl -i http:///com.snowplowanalytics.snowplow/tp2

However, when we configure Google Tag Manager (GTM) to send events to the collector, we encounter issues because GTM is attempting to send events over HTTPS, not HTTP.

To further investigate, we tried accessing the collector over HTTPS using curl, which resulted in the following SSL handshake error:
curl -i https:///com.snowplowanalytics.snowplow/tp2
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

It appears there’s an SSL configuration issue, but I’m unsure how to resolve it without affecting the current Snowplow installation. Could anyone provide information or guidance on how to configure the Snowplow collector to accept HTTPS connections from GTM?

Thank you in advance

josh · March 31, 2024, 3:30pm

Hi @talazriel by default there is no HTTPS setup as that would involve setting DNS records and generating certificates which we cannot automate from a generic open-source setup!

To get HTTPS working you will need to:

Create an A record for a domain you own pointing to the IP Address of the Load Balancer you have created (e.g. c.acme.com)
Generate and link in a valid GCP Certificate here: quickstart-examples/terraform/gcp/pipeline/default/terraform.tfvars at main · snowplow/quickstart-examples · GitHub

The ID you need can be fetched from a google_compute_ssl_certificate resource like so:

resource "google_compute_ssl_certificate" "default" {
  name        = "my-certificate"
  private_key = file("path/to/private.key")
  certificate = file("path/to/certificate.crt")
}

certificate_id = google_compute_ssl_certificate.default.id

If you don’t already have a certificate you can upload then the alternative option is to use a Google Managed Certificate as documented here: Terraform Registry

Hope this helps!

josh · April 3, 2024, 3:22pm

For future reference we have also added HTTPS guidance to our docs now: Quick start guide | Snowplow Documentation

talazriel · April 7, 2024, 12:19pm

Thank you very much Josh, for the quick reply and for updating the documentation.

Topic		Replies	Views
Attempting to add SSL Certificate for Snowplow CE	12	662	January 2, 2024
CORS error when sending events following the quick start guide	8	58	August 16, 2024
Collector does not accept HTTPS / port 443 calls Collectors	3	1401	March 2, 2022
Forcing Secure Protocol on Snowplow GTM template Tracking SDKs	4	1150	August 17, 2021
GCP Quickstart SSL_connect: SSL_ERROR_SYSCALL For engineers	1	856	May 22, 2023

GCP quickstart - https

Related topics