CDN infrastructure

Overview

We use Fastly as a CDN provider for our web content.

Who has access?

  • Greg
  • Ewoud
  • Evgeni

Which vhosts are served via CDN?

  • downloads.theforeman.org
  • stagingdeb.theforeman.org

Setup

Varnish

theforeman.org

  • Service: theforeman.org
  • Domains: theforeman.org and www.theforeman.org
  • Backend: web02.theforeman.org, with TLS enabled and a health check for HEAD /introduction.html
  • this service currently gets no traffic as it is not configured in DNS

downloads.theforeman.org

  • Service: downloads.theforeman.org
  • Domains: downloads.theforeman.org
  • Backend: web02.theforeman.org, with TLS enabled and a health check for HEAD /HEADER.html

stagingdeb.theforeman.org

  • Service: stagingdeb.theforeman.org
  • Domains: stagingdeb.theforeman.org
  • Backend: web02.theforeman.org, with TLS enabled and a health check for HEAD /HEADER.html

TLS

Fastly provides a shared certificate which has theforeman.org and *.theforeman.org added. (There is a _globalsign-domain-verification TXT record in the theforeman.org DNS zone for that.)

DNS

Each vhost needs a CNAME pointing at p2.shared.global.fastly.net or dualstack.p2.shared.global.fastly.net for a DualStack setup.

TODO

  • Investigate logging posibilities
  • Move more vhosts as soon as the current ones are deemed stable