π Advanced CDN configuration
Advanced configuration options for EdgeHit CDN servers are available under the following sections:
Home > CDN > Configuration > SSL CertHome > CDN > Configuration > NginxHome > CDN > Configuration > Cache
These settings allow administrators to fine-tune the default behavior and capacity of each EdgeHit server instance, typically by passing configured value to the Nginx Main Configuration Block.
Note
You can also define custom behaviour for each EdgeHit Server for Nginx and Cache config under
Home > CDN > Server > Details > NginxHome > CDN > Server > Details > Cache
However, the SSL Cert Configuration are shared Globally and do not have different configuration details of each EdgeHit CDN Server.
π SSL Cert Configuration
This section manages all aspects of automated and manual SSL certificate handling across your domains. It includes controls for issuing, renewing, validating, and deploying SSL certs at the CDN edge.
Note
This Section does not has a Specific configuration for each EdgeHit node unlike other sections. The Configuration under this section is shared Globally and do not have custom overwrite option in each CDN Server configuration details
π Certificate Renewal Setting
These settings allow configuration of SSL Renewal policy and behavior. It is set with a default option and usually will not be adjusted unless necessary
| Setting | Description |
|---|---|
| Enable auto SSL cert | Toggles automatic SSL certificate issuance and renewal for domains. |
| Auto SSL cert early renewal days | Number of days before expiration to attempt early certificate renewal. |
| Auto SSL cert early renewal random number of days | Adds randomness to early renewal attempts to avoid bulk renewal collisions. |
| Number of days to cancel pending orders when auto SSL cert verification fails | Defines how long to wait before canceling a failed certificate order. |
| SSL cert provider policy | Determines how the system prioritizes or rotates certificate providers. |
| SSL cert provider backup | Number of fallback providers to try if the primary one fails. |
| Max number of SSL cert file verifications | Upper limit on concurrent file-based certificate verification operations. |
| SSL cert file verification speed limit duration (Unit: Seconds) | Rate limiter duration to prevent excessive file verification activity. |
| SSL cert file verification shielding duration (Unit: Seconds) | Time to suppress repeated failed verification attempts temporarily. |
| SSL cert shared memory size (Unit: MB) | Memory allocated for managing and caching certificate operations. |
π§° ACME Related Settings
Contains supporting configuration such as site point TTL, edge memory usage, and WebSocket counters β all of which impact the runtime behavior of ACME Protocol indirectly.
| Setting | Description |
|---|---|
| Site Point TTL (Unit: Seconds) | Defines the default TTL for the alias domain pointing to Traffic Policy. Affects DNS propagation during ACME DNS-01 validation. Lower values help reduce caching delays during certificate issuance. |
| Edge Config Version | Tracks the configuration version deployed to edge nodes. Ensures the latest SSL certificate and routing rules are properly activated across the CDN. |
| Edge config shared memory size (Unit: MB) | Allocates shared memory on edge servers for storing SSL-related configurations, validation tokens, and challenge response metadata. Optimizes performance during ACME operations. |
| WebSocket Counter TTL (Unit: Seconds) | Sets how long WebSocket-related stats are retained. Though not part of the ACME process, it may influence resource tracking or verification workflows tied to certificate management. |
π οΈ Nginx Configuration
This section provides full control over how each EdgeHit CDN server runs Nginx, including custom HTTP and server block configurations, DNS resolution behavior, gzip compression policies, and upstream connection handling.
You can fine-tune worker processes, request limits, and connection timeouts to match your server capacity and traffic needs. These settings are essential for optimizing performance, reliability, and compatibility across diverse deployment environments.
π DNS Resolver Settings
This section allows fine-tuning of the Nginx runtime behavior and DNS resolution logic for each EdgeHit CDN server.
Note
This setting is for unbound DNS Resolver local process running on EdgeHit instead of the authoritative DNS Server running on EdgeHit DNS
| Setting | Description |
|---|---|
| Nginx custom http block config | Allows you to inject custom Nginx directives into the http block. Useful for logging, gzip, or global Nginx settings. |
| Nginx custom server block config | Adds custom configuration inside the Nginx server block, specific to each CDN server. |
| DNS resolver IP address | One or more IPs used for upstream DNS resolution (e.g., 127.0.0.1:12345, 8.8.8.8). |
| DNS resolve timeout | Time in seconds to wait for a DNS response before timeout. |
| DNS resolve retry count | Number of times to retry a failed DNS resolution before giving up. |
| DNS resolve TTL min / max | Limits the TTL range for resolved DNS entries to ensure cache control. |
| DNS resolver IPv6 | Enables or disables IPv6 DNS resolution. |
ποΈ Compression Settings
This section allows administrators to optimize how content is compressed before being delivered to clients.
| Setting | Description |
|---|---|
| GZIP compression type | MIME types to compress (e.g., text/plain, application/xml). |
| GZIP min compression length | Only compress responses larger than this byte size. |
| GZIP compression level | Compression strength (usually 1β9). |
| GZIP compression buffer size | Size of each buffer used during compression (in KB). |
| Number of GZIP compression buffers | Total number of buffers Nginx will allocate. |
| GZIP using Vary headers | Enables the Vary: Accept-Encoding header for cache compatibility. |
β¬οΈ Upstream Management
This section defines how the CDN server interacts with upstream (origin) servers. Proper tuning here ensures stable performance under both normal and high-load conditions.
| Setting | Description |
|---|---|
| Max number of connections to upstream servers | Sets the upper limit on the number of simultaneous connections the CDN edge server can open to origin servers. This helps prevent origin overload and allows load balancing across multiple origins. |
| Timeout of connecting to upstream servers (Unit: Seconds) | Defines the maximum amount of time to wait when establishing a TCP connection with the origin server. If the origin does not respond within this time, the connection attempt is aborted. |
| Max number of requests when connecting to upstream servers | Controls how many HTTP requests can be sent over a single keep-alive connection to an upstream server. A higher number reduces connection overhead, but may increase load imbalance if one server is slower. |
| Number of nginx workers | Specifies how many Nginx worker processes are spawned to handle concurrent traffic. This directly affects server concurrency and should be aligned with available CPU cores. |
| Nginx config reload intervals (Unit: Seconds) | Defines how often the CDN node checks for and reloads configuration changes. Lower values allow faster deployment of updates, while higher values reduce reload frequency for performance stability. |
π Security Settings
This section controls the behavior of verification challenges such as CAPTCHA, JavaScript, and slider checks. It also defines rate limiting rules and cooldown periods to prevent abuse.
Note
These settings only applied to those request traffic that hit the Challenge action in Access Control.
| Setting | Description |
|---|---|
| Release time after sliding verification is passed | Time until user is no longer challenged after successful slide check. |
| Release time after captcha verification is passed | Cooldown before re-challenging after correct captcha. |
| Captcha Expiration Time | How long a captcha remains valid after generation. |
| Max number of captcha requests | Prevents abuse by limiting how many times captcha can be requested. |
| Captcha request statistics cycle | Time window (in seconds) over which captcha activity is measured. |
| Captcha timeout blocking duration | Time a client is blocked if they exceed request thresholds. |
| Release time after js verification is passed | How long a client avoids verification after JavaScript checks succeed. |
| Release time after mouse movement verification is passed | Similar release timer, specific to motion-based checks. |
| Release time after http redirect verification is passed | Timer for clients who pass HTTP redirect challenges. |
| Rate limit shared memory size | Memory reserved for rate limit tracking (in MB). |
π§ Caching Configuration
This section controls how the CDN server caches, stores, and manages content on disk. It includes settings for cache storage limits, key zone memory sizing, temporary caching behavior, and automated cleanup or loading policies.
Proper tuning ensures efficient disk usage, fast content retrieval, and reliable cache health monitoring across EdgeHit nodes.
π Health Check Settings
This section configures how EdgeHit perform health check towards the Upstream Origin Server.
Note
This setting will only take effect if origin health check is enabled on CDN Domain
| Setting | Description |
|---|---|
| Max number of failed cluster origin health checks | Number of allowed failed health checks before an origin in the cluster is marked as unhealthy. |
| Cluster origin health check timeout (Unit: Seconds) | Timeout for health check responses from origin servers in the cluster. |
ποΈ Cache Storage Settings
These settings define the physical location, memory allocation, and total disk capacity used for storing cached content.
| Setting | Description |
|---|---|
| Cache Path | Filesystem path where cached files are stored. |
| Cache key zone size (Unit: MB) | Memory size allocated for storing cache keys (metadata used to identify cached items). |
| Cache Capacity (Unit: GB) | Total disk space allocated for caching content on this node. |
π§Ή Cache Management
This section manages how unused or expired cache files are cleaned and how cache files are loaded or pre-fetched over time.
| Setting | Description |
|---|---|
| Unused cache cleaning duration (Unit: Minutes) | Time interval after which unused (stale) cache files are eligible for deletion. |
| Use Temporary Cache | Enables a temporary cache space (often used for in-memory or partial caching). |
| Min disk reserve space (Unit: MB) | Minimum free space to maintain on the disk; cache cleaning is triggered if this threshold is approached. |
| Number of cache files cleaned in a single attempt | Limits how many files are deleted in one cleanup cycle. |
| Cache Cleaning Interval (Unit: Milliseconds) | Time between two consecutive cache cleaning operations. |
| Max single cache cleaning time (Unit: Milliseconds) | Time limit for each cleaning pass to prevent long disk I/O operations. |
| Number of cache files loaded at a time | Number of files preloaded or indexed during a cache loading cycle. |
| Cache Loading Interval (Unit: Milliseconds) | Interval between successive file loading operations. |
| Max single cache loading time (Unit: Milliseconds) | Maximum time to spend on a single cache load operation to avoid blocking disk or CPU. |