Create HTTP Resource

To add an HTTP CDN resource:

  1. Go to your Control Panel > CDN > Resources menu. The page that loads shows the list of CDN resources.
  2. To create a new CDN resource, click the "+" button in the top right corner or the CDN Resource Wizard button.

  3. Follow the steps of the CDN resource creation wizard:

On this page:


Type Select

Select the required resource type - HTTP, by clicking the corresponding button and click Next to proceed.

Properties

  • CDN hostname – the hostname from which you will serve static content.
    E.g. if your site (origin) is onapp.com, and you want to serve static content from the CDN and make it available at static.onapp.com, then static.onapp.com would be the CDN hostname.
  • Enable SSL - move the slider to the right to enable the secure socket protocol for your CDN resource.

    If the SSL protocol is enabled, you can only have fourth-level domain names.
    If the CDN hostname ends with '.r.worldssl.net', SSL will be enabled automatically.

    A CDN resource can only be linked to one SSL certificate - Let's Encrypt SSL, shared, or custom SNI.

    • Let's Encrypt - select this option if you want to use a Let's Encrypt SSL certificate for the resource

      The Let's Encrypt SSL certificate is automatically generated for the following types of hostname:

      All the hostnames are bundled into one Let's Encrypt SSL certificate. If the secondary hostname cannot be validated, the system generates the LE certificate based on the CDN hostname, CNAME, and Operator Basehostname. The unverified hostname is revalidated by the system every 15 minutes.

    • Shared SSL - choose this option if you want to apply a shared SSL certificate for the resource
    • Custom SNI SSL - choose this option if you want to apply a custom SNI SSL certificate for the resource and choose the required certificate from the drop-down menu
  • Content origin – specify the content origin type (PULL or PUSH):
    • For the PULL type, you can use a custom origin port. Specify a port number using the colon character (":") in the Origins field. If you do not indicate the origin port, then the system will put it by default depending on origin policy:
      • 80 if origin policy is HTTP

      • 443 if origin policy is HTTPS

      • None if origin policy is AUTO, that is when the origin port is custom

        The valid port values include 80, 443, and the range from 1024 to 65535. Values other than mentioned above will be forbidden.

        In case of using multiple origins, the same port number should be specified for all origins using a colon character (":"). Erase the port number from the origin resource field to reset the custom origin port.

    • For the PUSH type:
      • Storage server location - choose the storage server location from the drop-down menu.
      • FTP password - specify the FTP password. It can consist of 6-32 alphanumeric characters.
      • FTP password confirmation - confirm the password.

Edge Locations

Tick the box next to the group(s) that will share the new resource. Available groups depend on the assigned billing plan limits.

The map displays own, subscribed and available CDN resources:

Map legend:


At this point, you can create the CDN resource or proceed to the Advanced Settings step which is optional in the wizard.

Advanced Settings


Origin Policy

Choose the type of the connection from the drop-down menu. Select HTTP, HTTPS or Auto.


Country Access

Configure a rule to enable/disable access to the CDN resource’s content for specified countries.

  • Access Policy – select Disabled to switch off the rule, otherwise, choose between Allow by default/Block by default.
  • Except for Countries – select countries to which the access policy won’t be applied. To select more than one country, hold Ctrl during selection.


Hotlink Policy

  • Hotlink Policy – select Disabled to switch off a hotlink policy, otherwise, choose between Allow by default/Block by default.
  • Except for domains – specify domains to which the hotlink policy won’t be applied


IP Access

Configure a rule to enable/disable access to the CDN resource’s content for a range of IP addresses.

  • Access Policy – select Disabled to switch off the rule, otherwise, choose between Allow by default/Block by default.
  • Except for IP Addresses – fill in IP address(es) to which the access policy won’t be applied.


Secondary CDN Hostnames
Submit secondary hostnames apart from the default one for HTTP based CDN sites. With these configured, users will be able to access the CDN site using secondary CDN hostname(s). You can add up to 7 secondary CDN hostnames to your CDN resource.

To be able to use a secondary hostname for the CDN resource with SSL enabled, you require an SSL certificate for your custom hostname. For help with questions about the SSL certificate purchase, please contact OnApp support.


URL Signing

Protect your files from unauthorized access with a key. A signed URL looks like `http://example.com/filename?hash=DMF1ucDxtqgxwYQ==`.

  • Enable URL Signing – move the slider to the right to enable it.
  • URL Signing Key – fill in the key which will be used for URL signing. The secret key is similar to a password and can contain a minimum of 6 to a maximum of 32 characters. Symbols and spaces are not allowed.

You can also specify the expiration time, that is the time when this URL becomes invalid. The time is passed in the URL itself in a Unix timestamp format and takes part in hash generation.

Here is the example of PHP script used to generate the hash key:

/**
     * Create hash link CDN resource
     *
     * @param string $cdnResourceUrl
     * The CDN resource URL, eg cdn.yourdomain.com
     * @param string $filePath
     * File path of the CDN resource
     * @param string $secretKey
     * The secret key that is obtained from CDN resource property
     * @param int $expiryTimestamp [optional]
     * UNIX timestamp format, specify how long the hash link is accessible to the public
     * By default will be accessible forever.
     *
     * @return string URL with generated hash link
     * URL with designated format to access the resource
     *
     * Example:
     * Generate hash link for resource  www.example.com/images/photo.png for next 3 days, assume today is Sun, 01 Apr 2012.
     *
     * <?php
     * $hashLink = generateHashLink('www.example.com', '/images/photo.png', 'l33tf0olol', 1333497600);
     *
     * print $hashLink;
     * ?>
     * http://www.example.com/images/photo.png?secure=kaGd_cu6Iy4LDgfX3jy5Rw==,1333497600
     * .
     */
    function generateHashLink($cdnResourceUrl, $filePath, $secretKey, $expiryTimestamp = NULL){
 
        // NOTE [yasir 20110331] + and ?  are some of represented chars of based64 encoding (8 bits)
        // + is 62 and / is 63 . and These char should be replaced by other predefined chars.
        $searchChars = array('+','/');
        $replaceChars = array('-', '_');
 
        if($filePath[0] != '/'){
            $filePath = "/{$filePath}";
        }
 
        if($pos =  strpos($filePath, '?')){
            $filePath = substr($filePath, 0, $pos);
        }
 
        $hashStr = $filePath.$secretKey;
 
        if($expiryTimestamp){
            $hashStr = $expiryTimestamp.$hashStr;
            $expiryTimestamp = ",{$expiryTimestamp}";
        }
 
        return  "http://{$cdnResourceUrl}{$filePath}?secure=".
                str_replace($searchChars, $replaceChars, base64_encode(md5($hashStr, TRUE))).
                $expiryTimestamp;
    }


Cache expiry

  • Cache expiry – set the cache expiry time in minutes (min=1, max=35000000).


Password

  • Enable Password – move the slider to the right to restrict access to the resource (cdn hostname).
  • Unauthorized HTML – fill in the text which will be displayed for unauthorized login.
  • Username – choose a  username.
  • Password – select password for the user.

To remove a user, clear both fields.


Pseudo Streaming

  • Enable MP4 pseudo streaming – move the slider to the right to enable the pseudo streaming support forMP4 file type.
  • Enable FLV pseudo streaming – move the slider to the right to enable pseudo streaming forFVL file type, respectively.

With pseudo streaming enabled, your viewers can seek around a video even if it has not finished downloading. A Flash player and a prepared video are required for pseudo-streaming.


Ignore Set-Cookie

Ignore Set-Cookie - move the slider to the right to enable caching content with Set-Cookie response headers.


Nginx Settings

  • Limit rate - set speed limit of a response to a client (per request) in KB/s. Maximum limit rate value - 2147483647 KB/s
  • Limit rate after - the amount after which the speed of a response to a client will be limited in KB. Maximum limit rate after value -2147483647 KB
  • Proxy cache key - key for caching. Select one of four supported types from the drop-down list:
    • $host$request_uri
    • $host$uri
    • $proxy_host$request_uri
    • $proxy_host$uri

Search Engine Crawlers


    • Block search engine crawlers - move the slider to the right to block web crawling bots from indexing the CDN content (for HTTP Pull CDN resources only).

    4. Click Create CDN Resource.