Pre-requisites for Configuring CloudEDGE CDN
Before enabling CloudEDGE CDN (also known as Webscale CDN) ensure that you meet the following pre-requisites in the order presented below.
- Add the CDN provider as a trusted proxy
- Set up DNS
- Set up TSL
- Disable pagespeed
- Create an admin subdomain
- Provider setup
- Pre-requisite validation
Note:While the Webscale Provisioning team has most likely already handled some of these tasks, verify that your system meets the pre-requisites.
Note:This procedure uses “CloudFront” and “AWS” as examples of a provider and cloud platform.
Add the CDN provider as a trusted proxy
When you add the CDN provider as a trusted proxy for the application, the proxy can identify the original user IP addresses for requests coming from the CDN provider.
To add CloudFront as a trusted proxy, select Amazon CloudFront from the address set list in the Trusted proxies page. For information on how to add a trusted proxy, see Add trusted proxies.
For more information on requests for client IP addresses, see HTTP X-Forwarded-For Headers.
Set up DNS
To set up DNS
- Create aliases for all domains under the application. For information on how to view, add, and delete application aliases, see Application aliases in Configuring General Application Settings.
Note:For aliases that you would like to include in your CloudFront CDN installation, select the corresponding CDN checkbox for each alias. For aliases exclusive to Webscale, make sure the corresponding checkboxes are cleared.
- Ensure that all domains under the application point toward Webscale, including top-level domains.
- Verify that the DNS entries are correct.
- Use the proxy hostname to create a CNAME for it.
Set up TLS
After DNS is enabled, make sure that the aliases for your application are correct and there are no unnecessary aliases. Delete all unnecessary aliases.
Then, set up TLS (Transport Layer Security) by enabling the Auto HTTPS feature for your application through the HTTPS page. When this feature is enabled, Webscale automatically obtains and installs a free Let’s Encrypt SSL certificate for the application.
Verify that the certificate covers all application aliases.
Note:If Let’s Encrypt does not automatically obtained your certificate within a few hours, contact support.
Web Controls enable you to configure and disable PageSpeed. If you do not already have a Web Control to configure PageSpeed, create a Web Control to disable it. For information on how to create a Web Control, see Creating Web Controls.
When creating or modifying a Web Control to disable PageSpeed, add or make sure that your Web Control has an action with the Set pagespeed options action type. In the Do you want pagespeed to run? drop-down menu, select No.
Note:Make sure that the rule to disable PageSpeed is at the top of the rules list. Otherwise, it will not disable PageSpeed.
Create an admin subdomain
If requests take longer than 180 seconds to execute, they will time out. This is a CloudFront limitation. The workaround is to bypass the admin domain from CloudFront. The first step is to separate the admin domain by creating an admin subdomain.
After you enable Webscale CDN, you must point the admin subdomain to origin-xyz.cloudmastro.net where xyz.cloudmastro.net is the cname of the application.
For example, if the application is www.webscale.com and the cname is abc.cloudmastro.net, the admin subdomain will point to origin-abc.cloudmastro.net.
Contact support to find out if this procedure applies to you.
Note:If you are accessing the admin page using a subdomain, you can use that subdomain for enabling Webscale CDN instead of creating an admin subdomain.
Note:Make sure you update the admin domain in the Web Control that locks down the admin subdomain.
When you are using Webscale CDN with CloudFront for an application, your account must have a Webscale provider with the Amazon EC2 cloud provider type. To set up the provider so it will support Webscale CDN, perform the following procedure.
- Create a S3 bucket through AWS
- Create a Webscale provider for your account with the Amazon EC2 cloud provider type
The S3 bucket will contain your Webscale CDN logs. When you create the provider, make sure that the provider can use Webscale CDN by selecting the Use for CDN checkbox in the Add a new provider dialog box. After you select the checkbox, you must also enter the S3 bucket name.
For information on how to add an AWS S3 bucket, see Creating a Bucket.
After you have finished working on the pre-requisites, validate that you have followed all of the instructions correctly and fulfilled all of the pre-requisites.
One important validation step is to make sure that your SSL certificate covers all aliases before enabling Webscale CDN, particularly if you have added new aliases after enabling Auto HTTPS. (Let’s Encrypt should automatically update the certificate with any new aliases. Make sure that it does.)
There is one exception. Do not create an alias for the admin sub-domain until after you have enabled Webscale CDN.
After Webscale CDN is enabled, HTTP challenges will fail for any new aliases added to the list, so only DNS challenges will work for those challenges.
- Introduction to Configuring Webscale CDN
- Completing Webscale CDN Configuration
- Configuring Trusted Proxies
- Introducing HTTPS Headers and Status Codes
- Installing SSL Certificates
- Web Controls How-To Guides
- Working with Providers
Have questions not answered here? Please Contact Support to get more help.
Was this page helpful?
Glad to hear it! Have any more feedback? Please share it here.
Sorry to hear that. Have any more feedback? Please share it here.