Create HTTP CDN Resource

To add an HTTP CDN resource: 

  1. Go to your Control Panel > CDN > Resources menu. The page that loads shows the list of CDN resources.
  2. To create a new CDN resource, click the "+" button in the top right corner or the CDN Resource Wizard button.

  3. Follow the steps of the CDN resource creation wizard:

On this page:


  1. Type Select

    Select the required resource type - HTTP, by clicking the corresponding button and click Next to proceed.

    Properties

    • CDN hostname – the hostname from which you will serve static content.
      E.g. if your site (origin) is onapp.com, and you want to serve static content from the CDN and make it available at static.onapp.com, then static.onapp.com would be the CDN hostname.
    • Enable SSL - move the slider to the right to enable the secure socket protocol for your CDN resource.

      • Let's Encrypt - select this option if you want to use a Let's Encrypt SSL certificate for the resource

        The Let's Encrypt SSL certificate is automatically generated for the following types of hostname:

        All the hostnames are bundled into one Let's Encrypt SSL certificate. If the secondary hostname cannot be validated, the system generates the LE certificate based on the CDN hostname, CNAME, and Operator Basehostname. The unverified hostname is revalidated by the system every 15 minutes.

      • Shared SSL - choose this option if you want to apply a shared SSL certificate for the resource

        If the SSL protocol is enabled, you can only have fourth-level domain names.
        If you select the Shared SSL certificate, the '.r.worldssl.net' ending will be automatically added to the CDN hostname. Be aware that if CDN hostname ends with 'r.worldssl.net', it can not be digit-only (for example 123456.r.worldssl.net is not applicable).

        A CDN resource can only be linked to one SSL certificate - Let's Encrypt, shared, or custom SNI.

      • Custom SNI SSL - choose this option if you want to apply a custom SNI SSL certificate for the resource and choose the required certificate from the drop-down menu
    • Content origin – specify the content origin type (PULL or PUSH):
      • For the PULL type, you can use a custom origin port. Specify a port number using the colon character (":") in the Origins field. If you do not indicate the origin port, then the system will put it by default depending on origin policy:
        • 80 if origin policy is HTTP

        • 443 if origin policy is HTTPS

        • None if origin policy is AUTO, that is when the origin port is custom

          The valid port values include 80, 443, and the range from 1024 to 65535. Values other than mentioned above will be forbidden.

          In case of using multiple origins, the same port number should be specified for all origins using a colon character (":"). Erase the port number from the origin resource field to reset the custom origin port.

      • For the PUSH type:
        • Storage server location - choose the storage server location from the drop-down menu.
        • FTP password - specify the FTP password. It can consist of 6-32 alphanumeric characters.
        • FTP password confirmation - confirm the password.

    Edge Locations

    Tick the box next to the edge group(s) that will share the new resource. Available groups depend on the assigned bucket's edge groups limit.

    The map displays own, subscribed and available CDN resources:

    Map legend:


    At this point, you can create the CDN resource or proceed to the Advanced Settings step which is optional in the wizard.

    Advanced Settings

    Origin Policy

    Choose the type of the connection from the drop-down menu. Select HTTP, HTTPS or Auto.


    Country Access

    Configure a rule to enable/disable access to the CDN resource’s content for specified countries.

    • Access Policy – select Disabled to switch off the rule, otherwise, choose between Allow by default/Block by default.
    • Except for Countries – select countries to which the access policy won’t be applied. To select more than one country, hold Ctrl during selection.


    Hotlink Policy

    • Hotlink Policy – select Disabled to switch off a hotlink policy, otherwise, choose between Allow by default/Block by default.
    • Except for domains – specify domains to which the hotlink policy won’t be applied


    IP Access

    Configure a rule to enable/disable access to the CDN resource’s content for a range of IP addresses.

    • Access Policy – select Disabled to switch off the rule, otherwise, choose between Allow by default/Block by default.
    • Except for IP Addresses – fill in IP address(es) to which the access policy won’t be applied.


    Secondary CDN Hostnames
    Submit secondary hostnames apart from the default one for HTTP based CDN sites. With these configured, users will be able to access the CDN site using secondary CDN hostname(s). You can add up to 7 secondary CDN hostnames to your CDN resource.

    To be able to use a secondary hostname for the CDN resource with SSL enabled, you require an SSL certificate for your custom hostname. For help with questions about the SSL certificate purchase, please contact OnApp support.


    URL Signing

    Protect your files from unauthorized access with a key. A signed URL looks like `http://example.com/filename?hash=DMF1ucDxtqgxwYQ==`.

    • Enable URL Signing – move the slider to the right to enable it.
    • URL Signing Key – fill in the key which will be used for URL signing. The secret key is similar to a password and can contain a minimum of 6 to a maximum of 32 characters. Symbols and spaces are not allowed.

    You can also specify the expiration time, that is the time when this URL becomes invalid. The time is passed in the URL itself in a Unix timestamp format and takes part in hash generation.

    Here is the example of PHP script used to generate the hash key:

    /**
         * Create hash link CDN resource
         *
         * @param string $cdnResourceUrl
         * The CDN resource URL, eg cdn.yourdomain.com
         * @param string $filePath
         * File path of the CDN resource
         * @param string $secretKey
         * The secret key that is obtained from CDN resource property
         * @param int $expiryTimestamp [optional]
         * UNIX timestamp format, specify how long the hash link is accessible to the public
         * By default will be accessible forever.
         *
         * @return string URL with generated hash link
         * URL with designated format to access the resource
         *
         * Example:
         * Generate hash link for resource  www.example.com/images/photo.png for next 3 days, assume today is Sun, 01 Apr 2012.
         *
         * <?php
         * $hashLink = generateHashLink('www.example.com', '/images/photo.png', 'l33tf0olol', 1333497600);
         *
         * print $hashLink;
         * ?>
         * http://www.example.com/images/photo.png?secure=kaGd_cu6Iy4LDgfX3jy5Rw==,1333497600
         * .
         */
        function generateHashLink($cdnResourceUrl, $filePath, $secretKey, $expiryTimestamp = NULL){
     
            // NOTE [yasir 20110331] + and ?  are some of represented chars of based64 encoding (8 bits)
            // + is 62 and / is 63 . and These char should be replaced by other predefined chars.
            $searchChars = array('+','/');
            $replaceChars = array('-', '_');
     
            if($filePath[0] != '/'){
                $filePath = "/{$filePath}";
            }
     
            if($pos =  strpos($filePath, '?')){
                $filePath = substr($filePath, 0, $pos);
            }
     
            $hashStr = $filePath.$secretKey;
     
            if($expiryTimestamp){
                $hashStr = $expiryTimestamp.$hashStr;
                $expiryTimestamp = ",{$expiryTimestamp}";
            }
     
            return  "http://{$cdnResourceUrl}{$filePath}?secure=".
                    str_replace($searchChars, $replaceChars, base64_encode(md5($hashStr, TRUE))).
                    $expiryTimestamp;
        }


    Cache Expiry

    • Cache expiry – set the cache expiry time in minutes (min=1, max=35000000).


    Password

    • Enable Password – move the slider to the right to restrict access to the resource (cdn hostname).
    • Unauthorized HTML – fill in the text which will be displayed for unauthorized login.
    • Username – choose a  username.
    • Password – select password for the user.

    To remove a user, clear both fields.


    Pseudo Streaming

    • Enable MP4 pseudo streaming – move the slider to the right to enable the pseudo streaming support for MP4 file type.
    • Enable FLV pseudo streaming – move the slider to the right to enable pseudo streaming for FVL file type, respectively.

    With pseudo streaming enabled, your viewers can seek around a video even if it has not finished downloading. A Flash player and a prepared video are required for pseudo-streaming.


  • CORS Header

    • Enable CORS headers - move the slider to the right to enable cross-origin resource sharing (CORS) by adding HTTP header with Access-Control-Allow-Origin: *

  • Ignore Set-Cookie

    Ignore Set-Cookie - move the slider to the right to enable caching content with Set-Cookie response headers.


    Nginx Settings

    • Limit rate - set speed limit of a response to a client (per request) in KB/s. Maximum limit rate value - 2147483647 KB/s
    • Limit rate after - the amount after which the speed of a response to a client will be limited in KB. Maximum limit rate after value -2147483647 KB
    • Proxy cache key - key for caching. Select one of four supported types from the drop-down list:
      • $host$request_uri
      • $host$uri
      • $proxy_host$request_uri
      • $proxy_host$uri


    Search Engine Crawlers

    • Block search engine crawlers - move the slider to the right to block web crawling bots from indexing the CDN content (for HTTP Pull CDN resources only).


    HTTP Live Streaming (HLS) Optimization

    • Enable HLS Optimization - move the slider to enable/disable HLS optimization. This option is available only for HTTP Pull CDN resources. 
    • Enforce Cache Expiry - tick this checkbox to create an HTTP rule that will enforce cache expiry. After you enable HLS optimization during HTTP Pull resource creation or editing, this check box will not be displayed if you edit the resource as long as the Enable HLS Optimization option is switched on. If you disable the option and then enable it again, this checkbox will be displayed. If an enforce cache expiry rule has already been set for the resource, a new rule will not be created after you check this box and save changes. You can manually add or delete the HTTP rule that will enforce cache expiry on the HTTP Caching Rules page of your CDN resource.

  • Click Create CDN Resource.