From 3d86539926e29dbc8f1505032d112896901daf03 Mon Sep 17 00:00:00 2001 From: Niall Date: Thu, 12 Sep 2024 10:01:32 +0100 Subject: [PATCH 01/10] add proxy issues --- .../website/javascript/custom-proxy.md | 54 +++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md b/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md index 4228ee3bdc..332c2da5e7 100644 --- a/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md +++ b/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md @@ -178,6 +178,60 @@ To add a CNAME record to your DNS settings: 3. Save your record. This might take some time to take effect, depending on your TTL settings. 4. Run `curl` on your domain to check if the proxy is working correctly. +## Common issues + +These are some common issues that occur for cusotmers implemtning a cusotm proxy. This not an exhaustive list, and these settings may change in CloudFront or CloudFlare over time. + +#### CloudFlare returning a 403 error + +There are two ways of configuring the CDN distribution in Cloudflare and the 403 error is an indication that one of the below options is misconfigured: + +1. If you have a CloudFlare enterprise plan then create a Page Rule in Cloudflare so that Segment's CDN wouldn't refuse the requests via the Cloudflare Proxy. + +If cdn.segment.com is another CNAME, which resolves to xxx.cloudfront.net, you will need to use a Page Rule in Cloudflare to override the host header to match the hostname for proxy requests. + +More in Cloudflare’s docs on overriding the host header can be found [here](https://developers.cloudflare.com/rules/page-rules/how-to/rewrite-host-headers/). + + +2. For customers who are not on the Cloudflare Enterprise plan, use the CloudFlare Workers. Workers usually can run on the main domain www.domain.com but if you want to http://segment.domain.com it needs to be in your DNS like [this](https://developers.cloudflare.com/workers/platform/routes#subdomains-must-have-a-dns-record). + +When creating the worker you can use this example provided by [CloudFlare](https://developers.cloudflare.com/workers/examples/bulk-origin-proxy) with the origins set to: + +```ts +const ORIGINS = { +"yourcdndomain.com": "cdn.segment.com", +} +``` + +#### CloudFlare CORS issue + +In order to resolve a CORS OPTIONS pre-request fetch error, you’ll have to specify "Strict (SSL-Only Origin Pull)" as a Cloudflare Page rule for the api.segment.io proxy. Please see CloudFlare [documentation](https://support.cloudflare.com/hc/en-us/articles/200170416-End-to-end-HTTPS-with-Cloudflare-Part-3-SSL-options#h_065d742e-8c0b-4ed4-8fb5-037e10fe5f9a) on this process. + +#### CloudFront returning a 403 error + +If your CloudFront Proxy is returing a 403 error, the following change in CloudFront may solve the issue: + +```ts +Before: +Cache Based on Selected Request Headers: All + +After: +Cache Based on Selected Request Headers: None +``` + +Alternatively, this setting may solve your issue: + +```ts +Before: +Origin request policy: AllViewer + +After: +Origin request policy: None +``` + +### CloudFront CORS issue + +To resolve a CORS issue you may need to follow this [CloudFront](https://aws.amazon.com/premiumsupport/knowledge-center/no-access-control-allow-origin-error/) guide which outlines adding a referrer header in the request sent to Segment. ## Self-hosting Analytics.js From cef06d0af5992012a51827d5c9d5f5b0202dee92 Mon Sep 17 00:00:00 2001 From: Niall Brennan Date: Thu, 12 Sep 2024 16:26:30 +0100 Subject: [PATCH 02/10] Update src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md Co-authored-by: forstisabella <92472883+forstisabella@users.noreply.github.com> --- .../catalog/libraries/website/javascript/custom-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md b/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md index 332c2da5e7..f8e90058b6 100644 --- a/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md +++ b/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md @@ -231,7 +231,7 @@ Origin request policy: None ### CloudFront CORS issue -To resolve a CORS issue you may need to follow this [CloudFront](https://aws.amazon.com/premiumsupport/knowledge-center/no-access-control-allow-origin-error/) guide which outlines adding a referrer header in the request sent to Segment. +To resolve a CORS issue, you might need to add a referrer header in the request you send to Segment. Follow AWS's [How do I resolve the "No 'Access-Control-Allow-Origin' header is present on the requested resource" error from CloudFront?](https://aws.amazon.com/premiumsupport/knowledge-center/no-access-control-allow-origin-error/){:target="_blank”} guide, which explains how to add a referrer header. ## Self-hosting Analytics.js From 56de705dac6bdee7ca4246764ee134b8e012970e Mon Sep 17 00:00:00 2001 From: Niall Brennan Date: Thu, 12 Sep 2024 16:26:39 +0100 Subject: [PATCH 03/10] Update src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md Co-authored-by: forstisabella <92472883+forstisabella@users.noreply.github.com> --- .../catalog/libraries/website/javascript/custom-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md b/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md index f8e90058b6..4c3a83cbb9 100644 --- a/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md +++ b/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md @@ -207,7 +207,7 @@ const ORIGINS = { In order to resolve a CORS OPTIONS pre-request fetch error, you’ll have to specify "Strict (SSL-Only Origin Pull)" as a Cloudflare Page rule for the api.segment.io proxy. Please see CloudFlare [documentation](https://support.cloudflare.com/hc/en-us/articles/200170416-End-to-end-HTTPS-with-Cloudflare-Part-3-SSL-options#h_065d742e-8c0b-4ed4-8fb5-037e10fe5f9a) on this process. -#### CloudFront returning a 403 error +#### CloudFront Proxy returning a 403 error If your CloudFront Proxy is returing a 403 error, the following change in CloudFront may solve the issue: From 6c5d62e3966d079bd5ecf416a644402395870129 Mon Sep 17 00:00:00 2001 From: Niall Brennan Date: Thu, 12 Sep 2024 16:27:01 +0100 Subject: [PATCH 04/10] Update src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md Co-authored-by: forstisabella <92472883+forstisabella@users.noreply.github.com> --- .../catalog/libraries/website/javascript/custom-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md b/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md index 4c3a83cbb9..cc405bcb05 100644 --- a/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md +++ b/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md @@ -209,7 +209,7 @@ In order to resolve a CORS OPTIONS pre-request fetch error, you’ll have to spe #### CloudFront Proxy returning a 403 error -If your CloudFront Proxy is returing a 403 error, the following change in CloudFront may solve the issue: +If your CloudFront Proxy is returing a 403 error, the following change in CloudFront might resolve the issue: ```ts Before: From a20a2519720dcb5fad8460b1a94bcfd39c4219a7 Mon Sep 17 00:00:00 2001 From: Niall Brennan Date: Thu, 12 Sep 2024 16:27:11 +0100 Subject: [PATCH 05/10] Update src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md Co-authored-by: forstisabella <92472883+forstisabella@users.noreply.github.com> --- .../catalog/libraries/website/javascript/custom-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md b/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md index cc405bcb05..0705f4e62d 100644 --- a/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md +++ b/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md @@ -205,7 +205,7 @@ const ORIGINS = { #### CloudFlare CORS issue -In order to resolve a CORS OPTIONS pre-request fetch error, you’ll have to specify "Strict (SSL-Only Origin Pull)" as a Cloudflare Page rule for the api.segment.io proxy. Please see CloudFlare [documentation](https://support.cloudflare.com/hc/en-us/articles/200170416-End-to-end-HTTPS-with-Cloudflare-Part-3-SSL-options#h_065d742e-8c0b-4ed4-8fb5-037e10fe5f9a) on this process. +In order to resolve a CORS OPTIONS pre-request fetch error, you must specify "Strict (SSL-Only Origin Pull)" as a CloudFlare Page rule for the api.segment.io proxy. Please see CloudFlare's [Encryption modes](https://support.cloudflare.com/hc/en-us/articles/200170416-End-to-end-HTTPS-with-Cloudflare-Part-3-SSL-options#h_065d742e-8c0b-4ed4-8fb5-037e10fe5f9a){:target="_blank”} documentation for more details. #### CloudFront Proxy returning a 403 error From 21d9377256f7d2b239d8bfb6ca8c95dd5ffed444 Mon Sep 17 00:00:00 2001 From: Niall Brennan Date: Thu, 12 Sep 2024 16:27:19 +0100 Subject: [PATCH 06/10] Update src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md Co-authored-by: forstisabella <92472883+forstisabella@users.noreply.github.com> --- .../catalog/libraries/website/javascript/custom-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md b/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md index 0705f4e62d..5e1079c9aa 100644 --- a/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md +++ b/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md @@ -195,7 +195,7 @@ More in Cloudflare’s docs on overriding the host header can be found [here](ht 2. For customers who are not on the Cloudflare Enterprise plan, use the CloudFlare Workers. Workers usually can run on the main domain www.domain.com but if you want to http://segment.domain.com it needs to be in your DNS like [this](https://developers.cloudflare.com/workers/platform/routes#subdomains-must-have-a-dns-record). -When creating the worker you can use this example provided by [CloudFlare](https://developers.cloudflare.com/workers/examples/bulk-origin-proxy) with the origins set to: +When creating a Worker you can use this example provided by CloudFlare in their [Bulk origin override](https://developers.cloudflare.com/workers/examples/bulk-origin-proxy){:target="_blank”} documentation with the origins set to: ```ts const ORIGINS = { From 71c98baca8e189b3aaccd65ef75855ef02fd7dd9 Mon Sep 17 00:00:00 2001 From: Niall Brennan Date: Thu, 12 Sep 2024 16:27:29 +0100 Subject: [PATCH 07/10] Update src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md Co-authored-by: forstisabella <92472883+forstisabella@users.noreply.github.com> --- .../catalog/libraries/website/javascript/custom-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md b/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md index 5e1079c9aa..bcf3cea9ff 100644 --- a/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md +++ b/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md @@ -193,7 +193,7 @@ If cdn.segment.com is another CNAME, which resolves to xxx.cloudfront.net, you w More in Cloudflare’s docs on overriding the host header can be found [here](https://developers.cloudflare.com/rules/page-rules/how-to/rewrite-host-headers/). -2. For customers who are not on the Cloudflare Enterprise plan, use the CloudFlare Workers. Workers usually can run on the main domain www.domain.com but if you want to http://segment.domain.com it needs to be in your DNS like [this](https://developers.cloudflare.com/workers/platform/routes#subdomains-must-have-a-dns-record). +2. For customers who are not on the CloudFlare Enterprise plan, use CloudFlare Workers. Workers usually run on the main domain (for example, `www.domain.com`), but if you want Workers to run on a subdomain, like `http://segment.domain.com`, you must record the subdomain in your DNS. For more information, see CloudFlare's [Routes and domains](https://developers.cloudflare.com/workers/platform/routes#subdomains-must-have-a-dns-record){:target="_blank”} documentation. When creating a Worker you can use this example provided by CloudFlare in their [Bulk origin override](https://developers.cloudflare.com/workers/examples/bulk-origin-proxy){:target="_blank”} documentation with the origins set to: From 86206371404ca22257d7973106eb67da2666d566 Mon Sep 17 00:00:00 2001 From: Niall Brennan Date: Thu, 12 Sep 2024 16:27:38 +0100 Subject: [PATCH 08/10] Update src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md Co-authored-by: forstisabella <92472883+forstisabella@users.noreply.github.com> --- .../catalog/libraries/website/javascript/custom-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md b/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md index bcf3cea9ff..33b460c1b2 100644 --- a/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md +++ b/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md @@ -180,7 +180,7 @@ To add a CNAME record to your DNS settings: ## Common issues -These are some common issues that occur for cusotmers implemtning a cusotm proxy. This not an exhaustive list, and these settings may change in CloudFront or CloudFlare over time. +These are some common issues that occur for customers implementing a custom proxy. This not an exhaustive list, and these CloudFront or CloudFlare settings may change. #### CloudFlare returning a 403 error From b08d529297b35cce0ce2f914ef62eea3585cd9ee Mon Sep 17 00:00:00 2001 From: Niall Brennan Date: Thu, 12 Sep 2024 16:27:50 +0100 Subject: [PATCH 09/10] Update src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md Co-authored-by: forstisabella <92472883+forstisabella@users.noreply.github.com> --- .../catalog/libraries/website/javascript/custom-proxy.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md b/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md index 33b460c1b2..68a6303702 100644 --- a/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md +++ b/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md @@ -186,11 +186,7 @@ These are some common issues that occur for customers implementing a custom prox There are two ways of configuring the CDN distribution in Cloudflare and the 403 error is an indication that one of the below options is misconfigured: -1. If you have a CloudFlare enterprise plan then create a Page Rule in Cloudflare so that Segment's CDN wouldn't refuse the requests via the Cloudflare Proxy. - -If cdn.segment.com is another CNAME, which resolves to xxx.cloudfront.net, you will need to use a Page Rule in Cloudflare to override the host header to match the hostname for proxy requests. - -More in Cloudflare’s docs on overriding the host header can be found [here](https://developers.cloudflare.com/rules/page-rules/how-to/rewrite-host-headers/). +1. If you have a CloudFlare enterprise plan, create a Page Rule in CloudFlare so that Segment's CDN doesn't refuse the requests made through the CloudFlare Proxy. If cdn.segment.com is another CNAME that resolves to xxx.cloudfront.net, you will need to use a Page Rule in CloudFlare to override the host header to match the hostname for proxy requests. For more information about overriding the host header, see CloudFlare’s [Rewrite Host headers](https://developers.cloudflare.com/rules/page-rules/how-to/rewrite-host-headers/){:target="_blank”} docs. 2. For customers who are not on the CloudFlare Enterprise plan, use CloudFlare Workers. Workers usually run on the main domain (for example, `www.domain.com`), but if you want Workers to run on a subdomain, like `http://segment.domain.com`, you must record the subdomain in your DNS. For more information, see CloudFlare's [Routes and domains](https://developers.cloudflare.com/workers/platform/routes#subdomains-must-have-a-dns-record){:target="_blank”} documentation. From ae968d9697ff8473fccc7c033dabfe6a1bd974ca Mon Sep 17 00:00:00 2001 From: Niall Brennan Date: Thu, 12 Sep 2024 16:27:58 +0100 Subject: [PATCH 10/10] Update src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md Co-authored-by: forstisabella <92472883+forstisabella@users.noreply.github.com> --- .../catalog/libraries/website/javascript/custom-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md b/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md index 68a6303702..8d20c8c225 100644 --- a/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md +++ b/src/connections/sources/catalog/libraries/website/javascript/custom-proxy.md @@ -184,7 +184,7 @@ These are some common issues that occur for customers implementing a custom prox #### CloudFlare returning a 403 error -There are two ways of configuring the CDN distribution in Cloudflare and the 403 error is an indication that one of the below options is misconfigured: +When you encounter a 403 error, can mean that you've misconfigured your CloudFlare CDN distribution. Try one of the following options to fix the error: 1. If you have a CloudFlare enterprise plan, create a Page Rule in CloudFlare so that Segment's CDN doesn't refuse the requests made through the CloudFlare Proxy. If cdn.segment.com is another CNAME that resolves to xxx.cloudfront.net, you will need to use a Page Rule in CloudFlare to override the host header to match the hostname for proxy requests. For more information about overriding the host header, see CloudFlare’s [Rewrite Host headers](https://developers.cloudflare.com/rules/page-rules/how-to/rewrite-host-headers/){:target="_blank”} docs.