Skip to main content
Altcraft Docs LogoAltcraft Docs Logo
User guide iconUser guide
Developer guide iconDeveloper guide
Admin guide iconAdmin guide
English
  • Русский
  • English
Login
    Getting StartedAdministrator documentationFunctional characteristics
      Technology descriptionarrow
    • Architecture OverviewComponent Description
        Deployment schemesarrow
      • Basic schemeFail-safe schemeTypical Placement in Infrastructure
    System requirements
      Admin Panelarrow
      • Account areaarrow
        • Accountsarrow
        • Account UsersAccount Virtual SendersAccount Database Indexes
        TariffsExternal data configurationLDAPTasksSchedule JobsGlobal Stop ListsWebversion Store Policies
        Settingsarrow
      • Databases
          Accessarrow
        • AdminsAPI tokens
        Notifiers
          MTAarrow
        • Default rulesRetry rulesLock rulesBounce patternsStrategiesKeysISPsPools
      Nodes
        Sendersarrow
      • EmailSMSEvent generatorIntegration with SendsayENS: настройка сендера
        Reportsarrow
      • Audit JournalData Usage
        Toolsarrow
      • ARF decoderURL decoderSMID decoderLicense
      Platform installationarrow
    • Automatic installationManual installationRunning the platform in a Docker container
      Platform configurationarrow
    • Configuration fileDomain settingsLDAP access configurationSending Email via SMTP relayPixel and push domain configurationCluster and Replication SetupSystem notifications configurationProcesses UNIX sockets configurationHTTPS ConfigurationMigrating from MongoDB Community Edition to Percona Server for MongoDBAdding sender IP addressesDeduplication request settingsPostgreSQL database for account dataProxy server settingsKeycloak Integration with AltcraftGetting HTTP service statusesConfiguration MongoDB logs rotation
        Configuration of system constants and directoriesarrow
      • Filtering bot actionsDirectory of gender markers
      Platform maintenancearrow
    • Personnel requirementsPlatform maintenance processesPlatform updatingPlatform service monitoringBackup and recoveryTransferring the platform to a new serverCreating, deleting, and populating tables for statistics in ClickHouseUsage of the aktool utilityUsers and directories engaged by the platform
      Custom channels guidearrow
    • OverviewCreating and configuring a channelEntity field configurationTemplate languageEntities
        Pipesarrow
      • Pipe: Basic ConceptsResultErrorsLogPackUnpackHTTP RequestStore SetStore GetSelectorSQLEventerScheduler
        Pipelinesarrow
      • Pipeline: Basic ConceptsMessageScheduleListenerModerateStop
      Extraarrow
    • System page customizationSend Message IDИнструкция по миграции истории в ClickHouseInstructions for migrating history to ClickHouseUtility for importing push subscriptions to Firebase projectUtility for importing push subscriptions to Firebase project
    Processing HTTP/HTTPS traffic
      Administrator APIarrow
      • Accounts admin apiarrow
        • Restricted accessarrow
        • Account Activation and DeactivationAccount Freeze and Unfreeze
        Get accounts listAdd a new accountDelete the account
        Account usersarrow
      • Update an Existing AccountAdd a new accountDelete a userGet a list of usersSending a Welcome Email
        Nodesarrow
      • Synchronize node MTA configurationGet nodes listGet node MTA statusActivate node MTADeactivate node MTA
        Senders admin apiarrow
      • Create or update AKMTA senderGet AKMTA sender informationAssign account to senderGet senders listDelete senderRestore sender
          Sender queuearrow
        • Get sender queue informationHold sender queueRelease sender queueClear sender queue
        Virtual sendersarrow
      • Get virtual senders listGet virtual sender informationCreate virtual senderUpdate virtual senderClone virtual senderDelete virtual sender
    Documentation Archive
  • Processing HTTP/HTTPS traffic

Processing HTTP/HTTPS traffic

note

For a complete list of all configurable parameters, see the section - Configuration file. To apply changes to the platform configuration, restart AKD (./akd restart).

tip

To get free Let's Encrypt certificates, you can use the certbot utility.

Default traffic processing scheme on the Altcraft side​

By default, HTTPS is required for pixels to work and custom cookies to be processed. Setting the COOKIESAVER_SSL_ON parameter to false will not affect the presence of the https:// protocol in links generated by mailings.

Required parameters​

ParameterTypeValueDescription
SSL_ONboolfalseDisabling SSL termination for the web interface
TRACKING_SSL_ONboolfalseDisabling SSL termination for tracking
COOKIESAVER_SSL_ONbooltrueEnable SSL termination for pixels
COOKIESAVER_SSL_CRT_PATHstring/etc/letsencrypt/live/pxl.example.com/fullchain.pemPath to certificate for pixels
COOKIESAVER_SSL_KEY_PATHstring/etc/letsencrypt/live/pxl.example.com/privkey.pemPath to the private key to the certificate for pixels

Scheme for processing traffic with full SSL termination on the Altcraft side​

Required parameters​

ParameterTypeValueDescription
SSL_ONbooltrueEnabling SSL termination for the web interface
SSL_CRT_PATHstring/etc/letsencrypt/live/altcraft.example.com/fullchain.pemPath to the certificate for the web interface
SSL_CRT_KEYstring/etc/letsencrypt/live/altcraft.example.com/privkey.pemPath to the private key to the certificate for the web interface
TRACKING_SSL_ONbooltrueEnabling SSL termination for tracking
TRACKING_SSL_CRT_PATHstring/etc/letsencrypt/live/click.example.com/fullchain.pemPath to a trekking certificate
TRACKING_SSL_CRT_KEYstring/etc/letsencrypt/live/click.example.com/privkey.pemPath to the private key to the tracking certificate
COOKIESAVER_SSL_ONbooltrueEnable SSL termination for pixels
COOKIESAVER_SSL_CRT_PATHstring/etc/letsencrypt/live/pxl.example.com/fullchain.pemPath to certificate for pixels
COOKIESAVER_SSL_KEY_PATHstring/etc/letsencrypt/live/pxl.example.com/privkey.pemPath to the private key to the certificate for pixels

Traffic processing scheme with full SSL termination on the external side​

Required parameters​

ParameterTypeValueDescription
SSL_ONboolfalseDisabling SSL termination for the web interface
TRACKING_SSL_ONboolfalseDisabling SSL termination for tracking
TRACKING_SSL_EXTERNAL_ONbooltrueSetting the sign of using SSL termination at the top for tracking
COOKIESAVER_SSL_ONboolfalseDisable SSL termination for pixels
NGINX_TRUSTED_PROXIESarray[ "Внешний IP-адрес прокси" ]List of trusted proxy IP addresses
NGINX_REALIP_HEADER
string"X-Forwarded-For"Header from which a real IP address of a client will be obtained

External NGINX Configuration Example​

    
server {
    listen 80;
    listen 443 ssl;
    server_name altcraft.example.com;

    if ($scheme != "https") { return 307 https://$host$request_uri; }
    ssl_certificate /etc/letsencrypt/live/altcraft.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/altcraft.example.com/privkey.pem;

    ssl_session_cache shared:le_nginx_SSL:10m;
    ssl_session_timeout 1440m;
    ssl_session_tickets off;

    ssl_protocols TLSv1.2 TLSv1.3;
    
    location / {
        proxy_pass http://172.16.0.10:80;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Connection "";
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_read_timeout 900;
    }
}


server {
    listen 80;
    listen 443 ssl;
    server_name click.example.com;

    if ($scheme != "https") { return 307 https://$host$request_uri; }
    ssl_certificate /etc/letsencrypt/live/click.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/click.example.com/privkey.pem;

    ssl_session_cache shared:le_nginx_SSL:10m;
    ssl_session_timeout 1440m;
    ssl_session_tickets off;

    ssl_protocols TLSv1.2 TLSv1.3;

    location / {
        proxy_pass http://172.16.0.11:80;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Connection "";
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_read_timeout 900;
    }
}


server {
    listen 80;
    listen 443 ssl;
    server_name pxl.example.com;

    if ($scheme != "https") { return 307 https://$host$request_uri; }
    ssl_certificate /etc/letsencrypt/live/pxl.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/pxl.example.com/privkey.pem;

    ssl_session_cache shared:le_nginx_SSL:10m;
    ssl_session_timeout 1440m;
    ssl_session_tickets off;

    ssl_protocols TLSv1.2 TLSv1.3;

    location / {
        proxy_pass http://172.16.0.12:443;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Connection "";
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_read_timeout 900;
    }
}
Last updated on Mar 12, 2026
Previous
Utility for importing push subscriptions to Firebase project
Next
Administrator API
  • Default traffic processing scheme on the Altcraft side
    • Required parameters
  • Scheme for processing traffic with full SSL termination on the Altcraft side
    • Required parameters
  • Traffic processing scheme with full SSL termination on the external side
    • Required parameters
    • External NGINX Configuration Example
© 2015 - 2026 Altcraft, LLC. All rights reserved.