Infrastructure CDN » History » Version 1
Evgeni Golov, 12/12/2017 04:37 PM
| 1 | 1 | Evgeni Golov | h1. CDN infrastructure |
|---|---|---|---|
| 2 | |||
| 3 | h2. Overview |
||
| 4 | We use "Fastly":https://www.fastly.com as a CDN provider for our web content. |
||
| 5 | |||
| 6 | h2. Who has access? |
||
| 7 | * Greg |
||
| 8 | * Ewoud |
||
| 9 | * Evgeni |
||
| 10 | |||
| 11 | h2. Which vhosts are served via CDN? |
||
| 12 | * downloads.theforeman.org |
||
| 13 | * stagingdeb.theforeman.org |
||
| 14 | |||
| 15 | h2. Setup |
||
| 16 | |||
| 17 | h3. Varnish |
||
| 18 | * Service: <code>*.theforeman.org</code> |
||
| 19 | * Domains: <code>theforeman.org</code> and <code>*.theforeman.org</code> |
||
| 20 | * Backend: <code>web02.theforeman.org</code>, with TLS enabled and a health check for <code>HEAD /introduction.html</code> |
||
| 21 | |||
| 22 | h3. TLS |
||
| 23 | Fastly provides a shared certificate which has <code>theforeman.org</code> and <code>*.theforeman.org</code> added. (There is a <code>_globalsign-domain-verification</code> <code>TXT</code> record in the theforeman.org DNS zone for that.) |
||
| 24 | |||
| 25 | h3. DNS |
||
| 26 | Each vhost needs a CNAME pointing at <code>p2.shared.global.fastly.net</code> |
||
| 27 | |||
| 28 | h2. TODO |
||
| 29 | * Split the Varnish service in multiple, to allow stats to be collected per domain |
||
| 30 | * Investigate "IPv6":https://www.fastly.com/blog/ipv6-fastly |
||
| 31 | * Move more vhosts as soon as the current ones are deemed stable |