Infrastructure CDN » History » Revision 3

Revision 2 (Evgeni Golov, 12/14/2017 12:35 PM) → Revision 3/5 (Evgeni Golov, 12/14/2017 12:35 PM)

h1. CDN infrastructure 

 h2. Overview 
 We use "Fastly":https://www.fastly.com as a CDN provider for our web content. 

 h2. Who has access? 
 * Greg 
 * Ewoud 
 * Evgeni 

 h2. Which vhosts are served via CDN? 
 * downloads.theforeman.org 
 * stagingdeb.theforeman.org 

 h2. Setup 

 h3. Varnish 

 h4. theforeman.org 
 * Service: <code>theforeman.org</code> 
 * Domains: <code>theforeman.org</code> and <code>www.theforeman.org</code> 
 * Backend: <code>web02.theforeman.org</code>, with TLS enabled and a health check for <code>HEAD /introduction.html</code> 
 * this service currently gets no traffic as it is not configured in DNS 

 h4. downloads.theforeman.org 
 * Service: <code>downloads.theforeman.org</code> 
 * Domains: <code>downloads.theforeman.org</code> 
 * Backend: <code>web02.theforeman.org</code>, with TLS enabled and a health check for <code>HEAD /HEADER.html</code> 

 h4. stagingdeb.theforeman.org 
 * Service: <code>stagingdeb.theforeman.org</code> 
 * Domains: <code>stagingdeb.theforeman.org</code> 
 * Backend: <code>web02.theforeman.org</code>, with TLS enabled and a health check for <code>HEAD /HEADER.html</code> 

 h3. TLS 
 Fastly provides a shared certificate which has <code>theforeman.org</code> and <code>*.theforeman.org</code> added. (There is a <code>_globalsign-domain-verification</code> <code>TXT</code> record in the theforeman.org DNS zone for that.) 

 h3. DNS 
 Each vhost needs a CNAME pointing at <code>p2.shared.global.fastly.net</code> 

 h2. TODO 
 * Split the Varnish service in multiple, to allow stats to be collected per domain 
 * Investigate "IPv6":https://www.fastly.com/blog/ipv6-fastly 
 * Move more vhosts as soon as the current ones are deemed stable