Configure CDN Distribution
Objective
This guide provides instructions on how to configure Content Delivery Network (CDN) Distribution using the F5 Distributed Cloud CDN service. Using the CDN service, you can enhance application performance by caching content across a geographically distributed network of servers that serve content with high scale and low latency.
The F5 Distributed Cloud CDN service can be deployed with the following TLS configurations:
- HTTP distribution
- HTTPS distribution with your own TLS certificate (also known as HTTPS with custom certificate)
- HTTPS distribution with automatic TLS certificate (minted by F5® Distributed Cloud Services)
Using the instructions provided in this guide, you can perform the following:
- Create and deploy an HTTP CDN distribution
- Create and deploy an HTTPS CDN distribution with your TLS certificate or with the certificate minted by Distributed Cloud Services
Prerequisites
The following prerequisites apply:
-
A Distributed Cloud Services Account. If you do not have an account, see Create an Account.
-
A valid DNS domain delegated to Distributed Cloud Services in case you want Distributed Cloud Services to act as domain name server (DNS). For instructions on how to delegate your domain to Distributed Cloud Services, see Delegate Domain.
-
TLS certificates in case of using HTTPS distribution with custom certificates.
-
Origin server with a valid DNS name and reachable by F5 Distributed Cloud Services.
Note: Ensure that the origin server hosts the content that needs to be served using the CDN Distribution.
Configuration
Create and Verify CDN distribution
Step 1: Log into Console and create new CDN distribution.
-
Select the
Content Delivery Network
service. The CDN distribution configuration page opens. -
Go to
Manage
>Distributions
.
- Select
Add Distribution
.
Step 2: Configure metadata, domains, and distribution type.
-
In the
Name
field, enter a name for the distribution. -
Optionally, select a label and enter a description.
-
Go to
Basic Configuration
and enter a domain name in theDomains
field. Ensure that you enter an FQDN. -
Select
Add item
to add more domains, if needed. -
Select an option for the
Select Type of CDN Distribution
. The following options are supported:-
Select
HTTP
to create the HTTP Distribution. Select theAutomatically Manage DNS Records
checkbox if your domain is delegated to F5 Distributed Cloud. Else, ensure in your DNS provider configuration that your domain is resolved. -
Select
HTTPS with Automatic Certificate
to create the HTTPS Distribution with an automatic TLS certificate. Ensure that the domain is delegated to F5 Distributed Cloud. Optionally, selectHTTP Redirect to HTTPS
andAdd HSTS Header
checkboxes to enable those functions. You can also select TLS security level to be high or medium. -
Select
HTTPS with Custom Certificate
to create the HTTPS Distribution with your custom TLS certificate.
-
-
If you are using the
HTTPS with Custom Certificate
option:-
Set the TLS configuration using the
Configure
option under theTLS Parameters
field. -
From the
TLS Security Level
drop-down menu, select the desired level. -
In the
TLS Certificates
section, SelectAdd Item
. -
For the certificate URL encoding, select
PEM
orbase64(binary)
, and then enter the certificate URL. -
To configure the private key, Select
Configure
. -
Under the
Secret
section, enter your private key inText
type, SelectBlindfold
, wait for the Blindfold operation to complete, and then SelectApply
. -
Select
Add Item
. -
In the
TLS Parameters
section, SelectApply
.
Note: You can add more than one certificate using the
Add Item
option. -
This example configures a CDN Distribution of type HTTPS with Automatic Certificates.
Step 3: Configure CDN origin pool.
-
Select
Configure
in theCDN Origin Pools
section. The CDN origin pool configuration page opens. -
Enter the CDN origin domain name in the
DNS Name
field. The requests to origin servers use this name in the host header. -
Select a TLS choice in the
Enable TLS for Origin Servers
field. Ensure that this matches your origin server configuration. -
Select
Add Item
in theList of Origin Servers
section. In the origin servers page, enter public DNS name or public IP of your origin server. SelectApply
. -
Enter a time value in the
Origin Request Timeout Duration
field. The default is 60s (sixty seconds). -
Select
Apply
in the CDN origin pool configuration page.
Step 4: Optionally, configure advanced options to control your content delivery operation.
Advanced configuration consists of options such as header control, security, cache control, etc. Go to Advanced Configuration
section and perform the following:
-
Select
Show Advanced Fields
toggle to display the advanced configuration options. -
Select
Add Location
checkbox to append the location header in the response. Value for this header is the Regional Edge Site name that serves your request.
Step 4.1: Configure header control.
Select Configure
in the Header Control
field and do the following:
Add Request Headers
-
Select
Configure
inAdd Origin Request Headers
. SelectAdd Item
in the next screen, and enter a name for the header to be added. -
Select
Value
orSecret
for the header value. If it is value, enter a string value for the header. In case of secret, selectConfigure
in theSecret Value
field, enter the secret using theText
type, selectBlindfold
, wait for the encryption to complete, and selectApply
. -
Select
Apply
in theHeaders to Add
page. -
Select
Apply
in theAdd Origin Request Headers
page.
Note: Use the
Add Item
option to add more headers.
Remove Request Headers
-
Select
Configure
inRemove Origin Request Headers
. -
Select
Add Item
and enter a name for the header to be removed. -
Select
Apply
.
Note: Use the
Add Item
option to specify more headers to be removed.
Add Response Headers
-
Select
Configure
inAdd Response Headers
. SelectAdd Item
in the next screen, and enter a name for the header to be added. -
Select
Value
orSecret
for the header value. If it is value, enter a string value for the header. In case of secret, selectConfigure
in theSecret Value
field, enter the secret using theText
type, selectBlindfold
, wait for the encryption to complete, and selectApply
. -
Select
Apply
in theHeaders to Add
page. -
Select
Apply
in theAdd Response Headers
page.
Note: Use the
Add Item
option to add more headers.
Remove Response Headers
-
Select
Configure
inRemove Origin Request Headers
. -
Select
Add Item
and enter a name for the header to be removed. -
Select
Apply
.
Note: Use the
Add Item
option to specify more headers to be removed.
Select Apply
to apply header control settings.
Step 4.2: Configure security settings.
Select Configure
in the Security Options
field and do the following:
Client IP Filtering Options
-
Select
Configure
inClient IP filtering Options
. -
Select whether IP filtering type is allow list or deny list.
-
Enter IP prefix in the IP prefix list section.
-
Select
Add Item
to add more IP prefixes. -
Select
Apply
.
Client Geo filtering Options
-
Select
Configure
inClient Geo filtering Options
. -
Select whether Geo filtering type is allow list or deny list.
-
Select countries from list in the
Country Codes List
field. You can select more than one country. -
Select
Apply
.
Authentication Options
-
Select
Configure
inAuthentication Options
. -
Select
JWT Token Authentication
for authentication type. -
Enter the secret in the
Text
box of theSecret
field. SelectBlindfold
and wait for the operation to complete. -
Specify a source for the token. You can select header value or cookie name or query parameter name or set it as bearer-token.
-
Select
Apply
.
Select Apply
to apply security settings.
Step 4.3: Configure logging options.
Select Configure
in the Logging Options
field and do the following:
Client IP Filtering Options
-
Select
Configure
inClient Request Headers to Log
. -
Select
Add Item
and add headers for logging. -
Select
Apply
.
Origin Response Headers to Log
-
Select
Configure
inOrigin Response Headers to Log
. -
Select
Add Item
and add headers for logging. -
Select
Apply
.
Select Apply
to apply logging option settings.
Step 4.4: Configure cache options.
-
Select
Configure
in theCache Options
fields. -
Select an option for the
Cache Actions
field using following guidelines:- Select
Default Cache TTL
if the origin server does not provide a TTL value. Set the value in theDefault Cache TTL
field. - Select
Override Cache TTL
if the origin server provides a TTL in the response and you want to override it. Set the value in theOverride Cache TTL
field.
- Select
-
Select
Disable Cache
to disallow caching content from the origin. -
Optionally create rules in the
Cache Rules
section to determine the content that is or is not cached:-
Click
Add Item
to create a new rule. -
Enter name in the
Rule Name
field. -
Click
Add Item
in theExpressions
section. If you create more than one expression, the rule will execute if any of the expressions match.-
Enter a name in the
Expression Name
field and clickAdd Item
in theTerms
Section- Configure the match condition by using the
Path Match
,Query Parameters
,Cache Headers
, and/orCookie Matchers
. - Click
Apply
to save the match condition.
- Configure the match condition by using the
-
Click
Apply
to save the expression name.
-
-
Select an option in the
Cache Actions
section. The option you select will determine what happens to your cache if one of your expressions matches.-
Bypass Cache
will not cache the resource/content if the rule matches. -
Eligible for Cache
will cache the resource/content based on the following fields:- In the
Eligible for Cache
field, selectScheme + Proxy Host + URI
orScheme + Proxy Host + Request URI
. - In the
Cache TTL
field, enter the time the cached resource/content will be valid (Time To Live). - Check the
Ignore-Response-Cookie
checkbox if you want to cache the response even if theset-cookie
header is present (Overrideset-cookie
). - Check the
Cache Override
checkbox if you want to honor a cache override.
- In the
-
-
-
Select
Apply
.
Step 5: Complete creating the distribution.
Select Save and Exit
.
Step 6: Verify the distribution status.
It might take a few minutes for your CDN Distribution to be deployed and to be ready to cache and serve content at Regional Edges. Select >
against your distribution object and expand its JSON view. Verify that the service domain is created. Select ...
> Show Global Status
against your CDN object and ensure that the Site Status
section shows status as DEPLOYMENT_STATUS_DEPLOYED
.
Delegated Domain with Automatic Certificates:
- Wait for the
DNS Info
andCertificate status
to display theVIRTUAL_HOST_READY
andCertificate Valid
values.
- Verify that the requests to your CDN domain are processed, and the content is returned.
Delegated Domain with No Automatic Certificates:
Verify that the requests to your CDN domain are processed, and the content is returned.
Non-Delegated Domain:
Verify that the requests to your CDN domain are processed and the content is returned.
Note: In case of content updates in your origin servers, you can force the CDN servers to fetch the updated content using the purge option. Select
...
>Purge
for your distribution object and the CDN service initiates purge for all the cache servers. Purging manually does not immediately delete content, but marks content as expired. When expired content is requested, the CDN service performs aHEAD
request to the origin. If the CDN finds that the content time stamp is not changed, the existing expired entry is marked as active. This prevents a re-fetch from the origin and saves time and bandwidth in redownloading the content.
Purge Content in Cache
You can purge stale content from your cache either to remove them or to refresh them with new content. Perform the following steps to purge Content:
Purge Content From Cache
-
Select the
Content Delivery Network
service. The CDN distribution configuration page opens. -
Go to
Manage
>Distributions
. -
Click
...
for the distribution for which you want to purge content, and then clickPurge
.
-
Enter a string that specifies the content you want to purge from your distribution. The string should be entered in Regex form. For example, "images/.*.(png|jpg)" will match PNG and JPEG files in the images directory.
-
Select an option from the
Purge Type
drop-down menu to specify how the purge is to operate.Soft Purge
invalidates the cache entries, which means the content will be replaced on the next request if the content is stale.Hard Purge
removes the content from the distribution and forcing the next request to retrieve the content from the origin server.
-
Click
Save and Exit
to deploy the purge.
Note: You can also deploy a purge from the
Cache Purges
tab of thePeformance
Monitoring
page. See Cache Purges Tab below.
Monitor a CDN Distribution
You can view your distribution performance dashboards either via the Manage
> Distributions
page or Monitoring
> Performance
page. Click on your distribution name from the list of displayed distributions to open the monitoring view.
Dashboard Tab
The Dashboard
view offers the following:
-
Time series view for statistics such as Requests, Data Transfer, and Bandwidth. This is shown in a graph where hits and misses are displayed. Hover over the graph to see specific quantity information for that time point.
-
Donut chart for cache hit versus miss ratio.
-
HTTP Status codes show the number of response codes in each of the categories. Hover over the horizontal bar to see the values expressed as percentages.
-
Latency shows the time taken between requests and responses for both hits and misses.
-
HTTP version metrics.
-
TLS version metrics.
-
Client requests by country. Hover over a country to see the number of requests originating from that country.
-
Top 5 countries providing requests, shown as a bar chart. Hover over a bar to get the specific value for that country.
Requests Tab
The Requests
tab provides greater insight into requests. There is a bar chart as well as a list of the incoming requests. Use the time period drop-down menu and refresh button to set the time constraint and update the data shown.
Interact with the bar chart as follows:
-
The bar chart at the top shows the number of requests and response codes in each time period.
-
Use the
Add Filter
to see only certain request based on your filter selection. -
Use the colored check boxes below
Add Filter
to quickly filter out specific response types. -
Hover over a bar to get specific bar values (request counts) for that time period.
-
Select and drag within the bar chart to zoom into a range of time. Use the time period drop-down menu to zoom back out.
The list view below the chart shows specific information for individual requests. The time period and filters also affect the requests shown in the list view.
Interact with the list view as follows:
-
Use the
Search
field to only show list entries that match your search criteria. The search will work for all items in the list, not just the items on the current page; however, the search will not find information in columns that are not displayed (see the gear icon description below). -
Select the gear icon ( ⚙ ) to select which columns are shown in the list view.
Time
andClient IP
will always be shown. -
Select the arrow ( > ) at the beginning of the row to see the specific request in JSON or YAML format.
You can also select the blue Forensics
side tab to view the Forensics
side panel. This is an easier way to filter your request to zero in on specific issues. For instance, you can filter by site and by top request page simply by selecting check boxes in the Forensics
panel. This will create a search query for the filter at the top of the window.
Alerts Tab
Select the Alerts
tab to load the alerts view. The active alerts are displayed by default.
You can filter the display for alerts of a specific severity using the severity selection options. All severity types are selected by default. Select a severity selection option to hide the alerts for that severity. You can again select it to display alerts for that severity.
Note: Severity selection options are color-coded and located above the
Add filter
option.
Use the toggle selector and select All Alerts
. The All Alerts
view shows graph for alerts over a specific period. The list of alerts is displayed beneath the graph.
Hover mouse pointer over a graph bar to view the alerts information specific to the time interval in which the bar is generated. Selecting the bar updates the graph and the list beneath the graph for the interval in which the bar is generated.
Select >
for any alert entry to display its details in JSON format.
Cache Purges Tab
The Cache Purges
tab show past purges for your distribution in a table. Each row in the table provides a unique ID
for the purge, the version and information on the date/time of the purge. To see details of the purge, click ...
> Show Status
in the Actions
column for the purge you want to view.
This displays a table showing the sites that were purged and some overview information about each site's purge. For details on the site purge, click the ID in the Service OP ID
column for the site.
Click Back
to view more site purges or click Cancel and Exit
to return to the Cache Purges
page.
You can also deploy a cache purge from here by following these steps:
-
Click
Add Cache Purge
. -
Specify the files your want to purge in the `Pattern (RegEx) field.
-
Select either
Soft Purge
orHard Purge
. -
Click
Save and Exit
to deploy the purge.
This will create a new entry in the Cache Purges
table providing information on your purge.
Note: You can also deploy a purge from the
Distributinos
page. See Purge Content in Cache below.