tencent cloud

Feedback

Configuring CDN from Scratch

Last updated: 2023-06-29 17:57:26

    Preparation

    1. Register on Tencent Cloud
    2. Activate the CDN service Tencent Cloud CDN supports two service areas, namely, Chinese mainland and Outside Chinese mainland. By default, the service is billed in bill-by-hourly-traffic mode. For more information on billing rules, see Billing Overview. Read and agree to the Terms of Service, click Activate CDN.
    
    
    3. Prepare a domain name and an accessible site.

    Configuring CDN/ECDN from Scratch

    Step 1. Add a domain name

    1. Log in to the CDN console.
    2. Click Domain Management on the left sidebar to enter the domain name management list.
    3. Click Add Domain Name.
    
    
    4. Configure the basic information.
    
    
    Configuration Item
    Description
    Accelerator region
    You can select an acceleration area as needed. Valid values:
    Chinese mainland: All requests are scheduled to the nearest cache nodes in the Chinese mainland. If you select this option, an ICP filing is required for the specified domain name.
    Outside Chinese mainland: All requests are scheduled to the nearest cache nodes in regions outside the Chinese mainland, such as Hong Kong (China), Macao (China), and Taiwan (China). If you select this option, an ICP filing is not required for the specified domain name.
    Global: All requests are scheduled to the nearest cache nodes in global regions. If you select this option, an ICP filing is required for the specified domain name.
    
    Note:
    1. We recommend that you set the origin server region and acceleration region to the same region. For example, if you select Chinese mainland for Accelerator region, we recommend that you also select an origin server within the Chinese mainland. If you select an origin server in Hong Kong, the origin-pull may fail or be slow due to cross-border access. However, if you select Global for Accelerator region, you can add a domain name, and set two origin server configurations, one for the Chinese mainland, and the other for outside the Chinese mainland.
    2. The billing rules vary with regions. For more information, see Billing Overview of CDN and Billing Overview of ECDN.
    3. A regional traffic package is not applicable to the deduction of cross-region traffic fees. For example, if you purchase a traffic package of 500 GB for North America (Toronto), it offsets only the traffic generated by users who access nodes in the North America (Toronto) region.
    Acceleration domain name
    Length:
    The domain name can contain up to 81 characters.
    
    Regulatory compliance:
    1. If you select Chinese mainland or Global for Accelerator region, an ICP filing is required for the domain name.
    2. The synchronization of an ICP filing may take a while. You can add the domain name one or two hours after the registration.
    3. The content connected to CDN must comply with applicable national laws and regulations. If you have connected *.example.com, *.a.example.com, and b.a.example.com to CDN, and b.a.example.com is banned for illegal content, *.example.com and *.a.example.com are also banned.
    
    
    Format:
    1. Supported domain name formats include example.com and a.b.example.com. CDN acceleration configuration takes effect only on the added domain names. For example, if you connect example.com to CDN, access to example.com is accelerated, whereas access to www.example.com or m.example.com is not accelerated.
    2. To add a domain name containing a underscore (_) or in Chinese, you need to convert it to punycode. A domain name in Chinese must have obtained an ICP filing.
    
    Wildcards:
    1. CDN allows you to add a wildcard domain name such as *.example.com and *.a.example.com. After you connect a wildcard domain name to CDN, you cannot connect its sub-domain names or second-level wildcard domain names to CDN under another account. For example, if you have added *.example.com, access to a.example.com is accelerated, but access to example.com is not accelerated.
    2. CDN supports domain name nesting under the same account. For example, you can connect *.example.com, *.path.example.com, and a.path.example.com to CDN under the same account. In this case, the usage of domain name configurations and traffic statistics are based on the matching priority. The more the domain name matches a rule, the higher the priority. For example, the configuration for a.path.example.com applies to access to a.path.example.com, the configuration for *.path.example.com applies to access to b.path.example.com, and the configuration for *.example.com applies to access to c.example.com. Traffic statistics also adopt this rule.
    3. Before you add a wildcard domain name, if a matching sub-domain name is already added to another account, you must first delete the sub-domain name from that account. For example, if you want to add *.example.com under Account B, but a.example.com is already added to Account A, you must first delete a.example.com from Account A.
    
    Ownership verification:
    You must verify your ownership of a domain name in the following circumstances. For more information about the verification methods, see Domain Name Ownership Verification:
    1. When a domain name, for example, a.example.com is connected to CDN for the first time. After the domain name is added, its same-level and sub-level alterations, such as b.example.com, can be connected without ownership verification. However, ownership verification is still required to add its superior alterations, such as example.com.
    2. When a sub-domain name of the domain name you want to add is already added to another account. If the verification succeeds, you can add the domain name under the current account.
    3. When you add a same-level wildcard domain name. For example, if a.example.com is already added, ownership verification is required to add *.example.com, but not required to add *.a.example.com, which is a sub-level wildcard domain name.
    Acceleration type
    You can select a CDN acceleration type to accelerate static resources or an ECDN acceleration type to accelerate dynamic resources based on the file types.
    
    Note:
    1. The billing methods for CDN and ECDN acceleration are different. A CDN traffic package can be used for fee deduction of only CDN traffic. For more information about the comparison on features and billing methods, see User Tutorial.
    2. Once confirmed, the acceleration type cannot be changed. To use another acceleration type, delete the domain name, add the domain name again, and then select a new acceleration type.
    
    CDN acceleration:
    You can select a CDN acceleration type to accelerate static resources such as HTML, CSS, and JS files, images, videos, software installation packages, APK files, and compressed files. When different users access a static resource, the origin server returns the same content.
    You can select one of the following CDN acceleration types to maximize the acceleration performance:
    Webpage file download: Applicable to e-commerce platforms, websites, UGC communities, and other business scenarios that mainly involve small static resources, such as webpage styles, images, and small files.
    Large file download: Applicable to business scenarios where large files, such as game installation packages, application update packages, and application program packages, are downloaded.
    Audio and video on demand: Applicable to audio and video on-demand scenarios that require acceleration, such as online on-demand audio and video streaming.
    
    ECDN acceleration:
    You can select an ECDN acceleration type to accelerate dynamic resources such as APIs and .jsp, .asp, .php, .perl, and .cgi files. When different users access a dynamic resource, the origin server returns different content.
    You can select one of the following ECDN acceleration types to maximize the acceleration performance:
    Dynamic & static content: Applicable to business scenarios where dynamic and static data is integrated, such as various website homepages.
    Dynamic content: Applicable to scenarios such as account login, order transaction, API call, and real-time query.
    IPv6 Access
    IPv6 access is disabled by default. After you add the domain name, you can manually enable IPv6 access, so that CDN nodes can be accessed over the IPv6 protocol.
    Note
    IPv6 access is available only in the Chinese mainland. For global acceleration domain names, if IPv6 access is enabled, it takes effect only in the Chinese mainland. For domain names with acceleration nodes outside the Chinese mainland, IPv6 access cannot be enabled.
    Tag
    Tags are used to manage resources by category from different dimensions. If the existing tags do not meet your requirements, go to the tag management page in the console to create more tags.
    1. You can add up to 50 tags to a domain name.
    2. You can select only existing tags when you set this parameter.
    3. The tag key and value are required when you create a tag.
    5. Set parameters for the origin server. You can select the type of origin server as needed. Supported origin server types include private origin, Tencent Cloud COS, and third-party object storage. This section helps you configure each type of origin server. If you use a private origin, such as a server or a CVM instance that you own, select Customer Origin for Origin type and est the parameters based on the following description.
    
    
    Configuration Item
    Description
    Origin-pull Protocol
    HTTP: Use HTTP for origin-pull requests. In this case, port 80 is used for origin-pull by default and you must ensure that port 80 is available.
    HTTPS: Use HTTPS for origin-pull requests. In this case, port 443 is used for origin-pull by default and you must ensure that port 443 is available. Some platforms do not support custom origin-pull ports over HTTPS.
    Follow Protocol: The origin-pull protocol depends on the access requests. For example, HTTP is used as the origin-pull protocol for HTTP requests. To prevent the failure of origin-pull requests, if you select Follow Protocol for Origin-pull protocol, you cannot specify a custom origin-pull port.
    IPv6 Origin Server
    You can enable this feature and add one IPv6 origin server to support IPv6 origin-pull only if you select Dynamic & static content or Dynamic content for Acceleration type. After you add the domain name, this parameter cannot be modified.
    
    Note:
    1. You can add only one IPv6 origin server that is different from the origin server for the domain name. In addition, you cannot specify the port.
    2. After you enable the IPv6 origin server, you cannot switch the service area of the acceleration domain name to Outside Chinese mainland or Global.
    Origin address
    You can specify the origin-pull address, port, and weight for the origin server address.
    Origin-pull Address: Enter a domain name or IP address. You can specify up to 50 domain names or IP addresses.
    Port: Enter a custom port number for origin-pull. If you do not specify a port number, CDN use the default port based on the origin-pull protocol.
    Weight: If you specify multiple origin server addresses, you can specify the weight for each one, and CDN will perform round-robin origin-pull based on the specified weights.
    
    Note:
    1. You cannot use an acceleration domain name as an origin server address, or use two domain names as the origin server address for each other. Otherwise, the access fails due to a DNS loop.
    2. If your Tencent Cloud COS bucket or third-party object storage allows public access, you can select Customer Origin for Origin type, and enter the address of your Tencent Cloud COS bucket or third-party object storage for origin-pull.
    If you use a Tencent Cloud COS bucket, you can select Tencent Cloud COS Origin for Origin type and set the parameters based on the following description.
    
    
    Configuration Item
    Description
    Origin-pull Protocol
    HTTP: Use HTTP for origin-pull requests.
    HTTPS: Use HTTPS for origin-pull requests. A COS origin supports HTTPS access by default. Therefore, we recommend that you select HTTPS.
    Follow Protocol: The origin-pull protocol adopted depends on the access requests.
    Origin address
    If you select Tencent Cloud COS Origin for Origin type, you can select a Tencent Cloud COS bucket from the drop-down list. Fuzzy search is supported.
    1. If you select a bucket for the first time, you must click Add Authorization Service to grant CDN the permissions to access to the bucket.
    
    
    
    
    
    
    Select I agree to the above authorization and click OK.
    2. COS bucket addresses are divided into three types: default domain name, static website domain name, and global acceleration domain name.
    Default domain name: The default bucket access domain name, which can be used to access the current bucket directly.
    Static website domain name: If the static website configuration is enabled for the current bucket, use this domain name as the origin server address. Otherwise, the static website configuration may become invalid.
    Global acceleration domain name: If the current bucket has global acceleration enabled, use this domain name as the origin-pull address. Otherwise, the global acceleration configuration of the bucket may become invalid.
    
    Note:
    1. If your bucket is configured with cross-origin rules, configure the same cross-origin rules in the HTTP response header of the CDN. Otherwise, cross-origin access problems may occur.
    2. When the current origin server type is COS origin, only one origin server can be added.
    Private bucket access
    This feature is disabled by default. You can enable it if your COS bucket allows only private reads and writes. After you enable the feature, CDN automatically generates a valid access key for the origin-pull of files.
    If you use a third-party object storage, you can select Third-Party Object Storage Origin for Origin type and set the parameters based on the following description.
    
    
    Configuration Item
    Description
    Origin source
    The following third-party object storage services are allowed: AWS S3, Alibaba Cloud OSS, Huawei Cloud OBS, and Qiniu Cloud kodo. The support for Huawei Cloud OBS and Qiniu Cloud kodo is still in canary testing. If you need to use one of the two options, contact Tencent Cloud engineers.
    Origin-pull Protocol
    You can select the origin-pull protocol based on the access protocol of the third-party object storage.
    HTTP: Use HTTP for origin-pull requests. In this case, port 80 is used for origin-pull by default.
    HTTPS: Use HTTPS for origin-pull requests. In this case, port 443 is used for origin-pull by default.
    Origin address
    Enter an available access address of the third-party object storage. CDN has no strict restrictions on the address format. Examples:
    AWS S3: my-bucket.s3.ap-east-1.amazonaws.com.
    Alibaba Cloud OSS: my-bucket.oss-cn-beijing.aliyuncs.com.
    Huawei Cloud OBS: my-bucket.obs.cn-east-3.myhuaweicloud.com.
    Qiniu Cloud kodo: Custom access domain name with no fixed format required.
    Private bucket access
    You can enable this feature if your third-party object storage allows only private reads and writes. After you enable the feature, click Enter under the switch to specify the access key.
    
    
    
    6. Click Add domain name to continue.
    After you add the domain name, you can follow Recommended Configuration Guidelines and configure CDN acceleration as recommended based on the acceleration types to achieve the best acceleration results by improving the resource hit rate, access performance, and access security, and preventing fee overages.
    
    If you do not want to use the recommended configurations at the moment, you can click Back to return to the domain name management list, or click skip, next step to continue. You can also modify the recommended configurations as needed and click Submit configuration to continue.

    2.1 Improving the resource hit rate

    Configuration Item
    Acceleration Type
    Recommended Configuration
    Webpage file download, large file download, audio and video on demand, and dynamic & static content
    We recommend that you do not cache dynamic files, but set a long cache validity period for rarely updated content such as images and JS files to improve the resource hit rate.
    
    Note:
    If you need to update the CDN node cache immediately after your source resources are updated, you can use the cache refresh feature to proactively update the CDN node's unexpired files. For more information, see Purge Cache
    Recommended configuration (the priority of rules increases from top to bottom):
    1. Cache all files for 30 days.
    2. Do not cache .php, .jsp, .asp, and .aspx files.
    Webpage file download, large file download, audio and video on demand, and dynamic & static content
    CDN nodes identify resource versions by using the parameter after the question mark (?) in the user request URL. If the resource version is not indicated, CDN nodes can ignore the parameter to increase the resource hit rate.
    Recommended configuration:
    1. If the resource version is indicated by using the parameter after the question mark (?), we recommend that you keep the parameter.
    2. If the resource version is not indicated by using the parameter after the question mark (?), we recommend that you ignore the parameter.
    Webpage file download and dynamic & static content
    You can specify browser caching rules so that the browner caches rarely updated files to improve the resource response speed.
    Recommended configuration:
    We recommend that you specify the extensions or directories of rarely updated files and the browser cache validity period. For example, you can cache images with extensions such as .jpg, .png, .gif, .bmp, .svg, and .webp, and set the browser cache validity period to 1 hour.

    2.2 Improving the access performance

    Configuration Item
    Acceleration Type
    Recommended Configuration
    Dynamic content
    If you select Dynamic content for Acceleration type, we recommend that you do not cache dynamic files. Otherwise, the access or login may fail.
    Recommended configuration: All files are not cached.
    Webpage file download and dynamic & static content
    You can specify a smart compression rule, so that CDN performs Gzip or Brotli compression on the resources as specified before it returns content. This effectively reduces the volume of the transmitted content and saves overhead.
    Recommended configuration:
    By default, CDN performs Gzip compression on .js, .html, .css, .xml, .json, .shtml, and .htm files whose sizes range from 256 bytes to 2 MB. You can add more file types as needed.
    Large file download, and audio and video on demand
    If most of your files are large static files, enabling Range GETs can help increase the file response speed during origin-pull and improve the large file delivery efficiency.
    Recommended configuration:
    If your origin server supports Range requests, and your files are larger than 4 MB in size, we recommend you enable Range GETs for such files.
    Webpage file download, and dynamic & static content
    If the follow 301/302 redirect configuration is enabled, a CDN node will actively redirect when receiving a 301/302 redirect request during origin-pull until the node obtains the requested resource. The node will then return the actual resource to the client, which does not need to be redirected. This reduces returning links and improves the response speed.
    Recommended configuration:
    If a client obtains the requested resources from your site after multiple redirections, we recommend that you enable the follow 301/302 redirect configuration
    Audio and video on demand
    Video dragging generally happens in VOD scenarios. If the video dragging configuration is enabled, when a user drags the video progress bar, a CDN node directly responds to the request. After you enable the video dragging configuration, you must also configure Ignore Query String of all rules in Cache Key Rule Configuration as Ignore all.
    Recommended configuration:
    We recommend that you enable the video dragging configuration in VOD scenarios.

    2.3 Preventing high bills

    Configuration Item
    Acceleration Type
    Recommended Configuration
    All acceleration types
    The usage limit configuration allows you to configure traffic usage alarming and the corresponding control measure based on your budget and business estimation.
    Recommended configuration:
    We recommend that you specify a usage limit and configure the traffic control rules as needed.

    2.4 Improving access security

    Configuration Item
    Acceleration Type
    Recommended Configuration
    All acceleration types
    The HTTPS protocol is an encrypted and reliable transmission protocol, which effectively protects the security of your transmitted data. We recommended that you complete the HTTPS certificate configuration.
    All acceleration types
    The IP access frequency limit configuration prevents malicious access to resources and APIs by a single client. You can adjust the access frequency limit as needed. Note that this configuration cannot prevent DDoS attacks.
    Recommended configuration:
    We recommend that you specify the access frequency limit based on the actual traffic of your website.

    Step 3. Configure a CNAME record

    Configure a CNAME record

    After adding the domain name, you have to configure a CNAME record to enable CDN acceleration. Tencent Cloud CDN supports two CNAME configuration methods. For more information, see CNAME Configuration.

    Verifying the effect of the CNAME record

    1. After you configure the CNAME record, you can click Verify CNAME status to verify the status the CNAME record for the domain name. If the value in the Status column is Activated, the CNAME record has taken effect, and CDN acceleration is already enabled for the domain name. If the status is Not activated, you need to check whether you have correctly configured the CNAME record. If yes, the issue may be caused by the CNAME resolution latency.
    2. You can also view the domain name list in the CDN console to verify the effect. If at least one CNAME record is activated for the domain name, the CDN acceleration is already enabled for your domain name.
    3. You can also run the nslookup or dig command. Assume that you have added www.test.com. If you use Windows, open the command prompt and run the nslookup -qt=cname www.test.com command. Check the CNAME resolution record in the output. If the CNAME resolution record is the same as the CNAME address that is provided by CDN, the CDN acceleration service has taken effect for the domain name.
    
    
    If you use macOS or Linux, open the command prompt and run the dig www.test.com command. Check the CNAME resolution record in the output. If the CNAME resolution record is the same as the CNAME address that is provided by CDN, the CDN acceleration service has taken effect for the domain name.
    
    
    

    Understanding Cache, Cache Purging, and Cache Prefetch

    1. After connecting a domain name to CDN, you can configure CDN cache based on file types. CDN caches static files on edge nodes, so that client requests for files are responded faster with lower origin-pull traffic. For more information, see Node Cache Validity Configuration.
    2. Cache purging is manually triggered by users to delete the files that are already cached on a node when new files are published or the files violate certain rules. For more information, see Purge Cache.
    3. Cache prefetch is performed by users to cache their large or hot files on Tencent Cloud CDN nodes in advance, so as to avoid origin-pull upon client requests. Cache prefetch effectively reduces origin-pull traffic and improves the access experience. For more information, see Prefetch Cache.

    Common Problems

    1. After I connect example.com to CDN, does CDN accelerate access to www.example.com? No. example.com and www.example.com are two separate domain names. To accelerate access to www.example.com, you must connect it to CDN as well.
    2. After I connect *.example.com to CDN, does CDN accelerate access to example.com? No. After you connect *.example.com to CDN, CDN accelerates access to domain names such as a.example.com and a.b.example.com. To accelerate access to example.com, you must connect it to CDN as well.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support