h1. CDN infrastructure

h2. Overview

We use "Fastly":https://www.fastly.com as a CDN provider for our web content.

h2. Who has access?

* Greg

* Ewoud

* Evgeni

h2. Which vhosts are served via CDN?

* downloads.theforeman.org

* stagingdeb.theforeman.org

h2. Setup

h3. Varnish

h4. theforeman.org

* Service: <code>theforeman.org</code>

* Domains: <code>theforeman.org</code> and <code>www.theforeman.org</code>

* Backend: <code>web02.theforeman.org</code>, with TLS enabled and a health check for <code>HEAD /introduction.html</code>

* this service currently gets no traffic as it is not configured in DNS

h4. downloads.theforeman.org

* Service: <code>downloads.theforeman.org</code>

* Domains: <code>downloads.theforeman.org</code>

* Backend: <code>web02.theforeman.org</code>, with TLS enabled and a health check for <code>HEAD /HEADER.html</code>

h4. stagingdeb.theforeman.org

* Service: <code>stagingdeb.theforeman.org</code>

* Domains: <code>stagingdeb.theforeman.org</code>

* Backend: <code>web02.theforeman.org</code>, with TLS enabled and a health check for <code>HEAD /HEADER.html</code>

h3. TLS

Fastly provides a shared certificate which has <code>theforeman.org</code> and <code>*.theforeman.org</code> added. (There is a <code>_globalsign-domain-verification</code> <code>TXT</code> record in the theforeman.org DNS zone for that.)

h3. DNS

Each vhost needs a CNAME pointing at <code>p2.shared.global.fastly.net</code>

h2. TODO

* Split the Varnish service in multiple, to allow stats to be collected per domain

* Investigate "IPv6":https://www.fastly.com/blog/ipv6-fastly

* Move more vhosts as soon as the current ones are deemed stable