🌐 Cofigure CDN Domain

This Page Explains How EdgeHit function as a CDN Network, and how to configure a CDN Domain Under EdgeHit-CDN.

What is CDN Domain

The Term CDN Domain might sound confusing and often be misconcept as a DNS Domain. It actually means:

• The User DNS Domain That is registered in EdgeHit CDN
• EdgeHit is responsible for SSL termination of this domain, by using a SiteMap and Traffic Policy CNAME & A record to map to the actual Domain Name
• Such behavior is similiar to AWS route53 record and Cloudflare cname flattening

🛑 Prerequisite

Before Using EdgeHit CDN, user must have

• A web server or any relavance that operates as the origin server

• A domain name that is managed under EdgeHit DNS or any other Domain Provider like Dynadot or GoDaddy

  Note

  if the user is pointing Domain Name to the EdgeHit DNS, ensure that user's account has the DNS admin role enabled and active DNS Domain Plan

• Has an active EdgeHit Accout given to the user by Administrator

• Has an active CDN Plan that is assigned to the user's account

Meanwhile, the system admin must have

• Setup EdgeHit as CDN server in EdgeHit Controller
• Setup EdgeHit DNS as DNS server in EdgeHit Controller
• Defined all the prerequisite setting for all of above such as IP Address list, CDN Server Group, DNS Server Group & Initial Record, etc

For more, please refer to Adding CDN & DNS Server

---

🚦 Configure Traffic Policy

This section show how to configure Traffic Policy , which is needed before defining a CDN Domain

System Admin need to define traffic policy at Traffic > Policy Section. This configuration is only accessible by admin account instead of user account.

• Traffic Policy contain DNS A record that maps to EdgeHit instances , which act as edge nodes in the cdn cluster.

• Traffic Policy can contain multiple A record that will use a round robain or Geo-location based resolving to reply to DNS resolvers.

  

Note

the DNS Domain in Traffic Policy must be System DNS Domain as it will be stored in the Domain Zone. System DNS Domain means DNS Domain Zone that is defined by the EdgeHit Admin.

Tip

• Traffic Policy is a DNS A Record with Record name being traffic-policy-name.<System DNS Domain>. and content being A record of EdgeHit IP Address.

---

👥 Configure CDN User Plan

This section show how to configure CDN User Plan , which is needed before defining a CDN Domain in user account

System Admin needs to define CDN User Plan for user in CDN > User Plan > Add Section.

Info

CDN User Plan is needed as User Account ( Non-Admin) can only create CDN Domain by applying CDN Plan assigned to the User as a configuration template.

• They cannot define settings like CDN Group and Traffic Policy manually like in admin account. This setup restrict use case and prevent violation.

Note

The Select DNS Domain option in CDN user plan is to define the DNS Domain that will store the site-map DNS record instead of the Domain Zone which stores all user's Domain Record. Only system DNS domain can be choosed as an option in this field

Tip

• Site Map is a DNS CNAME Record that use <User Domain>.<Domain Prefix>.<System DNS Domain> as record name and Traffic Policy as Record content.

CDN User Plan defines the CDN Server Group and Traffic Policy as a configuration template of CDN Domain. It also limits how many Domain can user register under EdgeHit, and service tier by mapping access to certain group of Edge Node. Details will be explained in Advanced User Plan Configuration

• CDN Server Group define a group Of EdgeHit Server that are responsible to store the NGINX config block for serving the user's domain via caching from origin server

• Traffic Policy define the A record that will be used to point to the Coresponding Server Group

  Note

  You must ensure that the A record in Traffic Policy record matches all EdgeHit server's IP in the Server Group to prevent any misconfiguration or rachability outage

• CDN User Plan can also define Domain Prefix for user with third level domain such as ccTLD like .com.my. In this case, .my is defined as domain prefix.

---

📃 Configure SSL Cert Provider

EdgeHit Provide SSL auto renewal feature via running ACME script with predefined SSL Certificate Provider.

EdgeHit Administrator need to setup Cert Provider before Configuring CDN Domain to ensure that SSL Termination on Edge Node works and EdgeHit can Serve HTTPS content.

Below are the available option of SSL Provider to be setup in SSL > Cert Provider > Add

Setup Let's Encrypt

The setup of Let's Encrypt as SSL Provider is straight forward. You just need to define Let's Encrypt as Provider , and assign a name to complete the settings. The details such as account creation and password will be generated automatically

Setup ZeroSSL via API Token

To Setup ZeroSSL, you will need to create an account at ZeroSSL.com. Then follow these step to setup ZeroSSL as cert provider.

1. Nativage to the Developer Section in ZeroSSL Website. Note down the API Key provided !!!note if you regenerate the API Token, ensure that you also change the setting in edgehit to the latest token as it will expire all previous token

   
   
   

2. In EdgeHit, Navigate to SSL > Cert Provider > Add and select ZeroSSL API as cert provider. Then fill in the API Token in the Password field. Name the Setting with a proper name and save changes.

   
   
   

Setup ZeroSSL via EAB

Beside using API, you can also use EAB Credentials provided by ZeroSSL to setup ZeroSSL as Cert Provider.

1. Nativage to the Developer Section in ZeroSSL Website. Generate a new EAB Credential and store it locally

   Note

   once you generate the EAB Credentials, old credentials are removed and you are not able to view it again so ensure you store it locally as a backup

   
   
   

2. In EdgeHit, Navigate to SSL > Cert Provider > Add and select ZeroSSL as cert provider. Name the Setting with a proper name and save changes. Then, fill in :

   • EAB KID in the Password field
   • HAMC EAB KEY in the Account field
   • ZeroSSL Account Email Address in Email Address field

   

---

🌐 Configure CDN Domain

This section show how the CDN Domain is configured

1. User define a CDN Domain at CDN > Domain Section

   Note

   This Action is done in user account instead of Admin Account, as creating a DNS Domain Would Create Billing count and Dashboard Analysis according to the owner of CDN Domain

   • user will add CDN domain by using CDN plan to define a new origin server. Note that origin server must use ip address instead of domain name while the Domain field define the FQDN of the origin server.

     

   • user can define multiple Origin server with similiar content. The weight option defines the load balacing selection rule.

     
     
     

2. User Define addional settings under More options. (optional)

   • Below are advanced options that can be configured in CDN Domain

     Note

     If the origin server is hosted in a shared hosting instance, the actual domain name needs to be configured as Custom origin server host header

     

     Setting	Description
     Enabled	Toggles whether the domain/service is active. If disabled, traffic will not be routed.
     HTTPS	Enables HTTPS protocol for secure communication between client and CDN edge.
     Force HTTPS	Redirects all HTTP requests to HTTPS automatically.
     HSTS	Enables HTTP Strict Transport Security to enforce HTTPS on the client side for future visits.
     GZIP Compression	Activates gzip compression on responses to reduce data transfer size and improve performance.
     Custom origin server host header	Allows specifying a custom Host header when forwarding requests to the origin server. Useful for virtual hosting setups.
     Origin Protocol	Defines the protocol (HTTP/HTTPS) to use when connecting from the CDN edge to the origin server.

   
   

   • Below are origin related settings that can be configured in CDN Domain

     Note

     Load Balancing Option can be set to other Parameters only if the coresponding CDN User Plan allow such options. For more Details you can refer to Advanced User Plan configuration

     

     Field	Description
     Load Balancing	Specifies how requests are distributed among multiple origin servers.
     Enable origin health check	When enabled, the CDN performs regular checks on origin servers to ensure they are reachable and responsive before routing traffic.
     Fail Timeout (Unit: Seconds)	Sets how long to wait before retrying a failed origin server. This prevents overloading a failing origin with repeated attempts.
     Max number of fails	The maximum number of allowed failures before an origin is marked unhealthy and removed from the routing pool temporarily.

   
   

3. Once the CDN Domain setting is done, user is prompted with CDN Domain Details and other settings.

   

   • User need to manually create a CNAME record to map the actual Domain Name to the SitePoint. example is givin below by using EdgeHit Domain Zone Setting

     
     
     

4. User verify DNS resolving

   Once the CNAME record is defined, user can wait for 1-2 minutes and use dig command to resolve the DNS record. an example would be using the command:

   dig testing.game23.top
   

   The command above will return similiar output. The Domain Name Resolution is explained below:

   

   • Customer defined CNAME points Domain name to SiteMap
   • SiteMap act as a CNAME record pointing to Traffic Policy
   • Traffic Policy contain actual A record that map's to EdgeHit Instance with nginx reverse proxy config block.

   Tip

   • Traffic Policy is a DNS A Record with Record name being traffic-policy-name.<System DNS Domain>. and content being A record of EdgeHit IP Address.

   Tip

   • Site Map is a DNS CNAME with Record name being <User Domain>.<Domain Prefix>.<System DNS Domain> and content being Traffic Policy .

   
   

5. User verify SSL certificate issuing

   Note

   since the CNAME record is added after defining the CDN Domain, it usually took around 4-5 Minutes for the SSL cert to be issued after Defining the CNAME record as

   • It takes time for the DNS record to propagate
   • The Certificate Request takes time and may wait for timeout timer for previous request that had failed due to DNS resolution.

   By default, EdgeHit auto request SSL certificate , given that cert provider is configured by administrator. You can view the SSL Certificate Request process and Status in CDN > Domain > Details > Certs Section

   

   If it's still in pending state, you can also manually trigger the SSL ceritificate request by

   
   
   

6. User browse CDN Domain

   Once all the above setting is configured, user can browse the configured CDN Domain in local browser.

   In the networking tab of debugging tool, you can see that there are additional Headers in the Response Header set by EdgeHit nodes signalling that this Domain is actually served by EdgeHit CDN Domain.

   
   
   

7. User inspect CDN Usage Analysis

   You can also view the CDN usage analysis in Analysis > CDN section. This section will show total usage per CDN domain and provide timelapse filtering with multiple view

   

   Note

   if you notice that uncached request are high in Analysis , consider Redesign your Web Server to allow cache-content or relax the cache rule in CDN .

---