Skip to main content

Extend CDN functionality with CDB EdgeCompute

Integrate your CDN resource with CDB EdgeCompute if you need to introduce additional functionality to Orange's CDN and customize its behavior for various use cases.

Such a setup allows you to extend the CDN beyond standard features and implement advanced logic for:

  • Authentication checks. Deploy CDB EdgeCompute apps based on the JWT authentication template or develop a custom authentication functionality.
  • Custom headers modification. Adjust header information on requests for personalized and more secure content delivery.
  • Custom access rules. Use advanced geo-blocking and time-based blocking to control user access to your content and mitigate potential threats.

How it works

Unlike traditional HTTP applications, a CDN application in CDB EdgeCompute must be developed according to the Proxy-Wasm (WebAssembly for Proxies). This ensures compatibility and standardization across different CDN environments.

The application is called at the early stage of CDN processing, allowing for immediate intervention and customization. We're actively working on new interception points across the CDN workflow to cover many use cases.

The CDB EdgeCompute application can be invoked at the following stages of the CDN processing workflow:

  • On request headers: when we receive an HTTP request from a client.
  • On request body: when we receive an HTTP request body from a client.
  • On response headers: before we start sending HTTP response headers to a client
  • On response: before
we start sending an HTTP response to a client.

You can only configure one application per stage.

Set up CDB EdgeCompute integration with the CDN

To get started, you need a CDN resource configured for your origin. If you don't have Orange's CDN set up, follow the instructions in this guide: Create a CDN resource.

Step 1. Create a CDB EdgeCompute application

You can deploy an application from a predefined template or from a custom Wasm file. If you choose the latter option, ensure your Wasm binary file complies with the WebAssembly standard for proxies.

Currently, you can use a predefined template to enable authentication in your application. The template is configured to verify the JSON Web Token (JWT) in the request header.

To deploy an application from the template:

  1. In the CDB Technical Web Portal, navigate to CDB EdgeCompute.
  2. Open the CDN Applications page and click Create new application.

Create CDB EdgeCompute application button

  1. In the Create from a template section, choose Validate JWT in Authorization header.

Create from a template section with jwt validation template

  1. Enter a name for your application and, optionally, update its description.
  2. Add required environment variables, such as a token signing key that will be used for authentication checks.

JWT template configuration menu

  1. Click Save and deploy.

Your application has been successfully deployed and can now be accessed through the CDN.

A page with app deployment confirmation

If you need to adjust the configuration, click Actions > Edit application.

A page with app deployment confirmation

If you want to deploy a CDB EdgeCompute application from your own binary, check the examples of custom implementation in our repository: [CDB EdgeCompute application examples](https://github.com/G-Core/CDB EdgeCompute-examples).

To deploy a CDB EdgeCompute application from your own binary:

  1. In the CDB Technical Web Portal, navigate to CDB EdgeCompute.
  2. Open the CDN Applications page and click Create new application.

Create CDB EdgeCompute application button

  1. Click Upload binary.

Create custom application section

  1. Choose your custom binary file. If you add multiple files, click Save binary to confirm and upload the selected files.
  2. Enter a name for your application and, optionally, add a description.
  3. Add required environment variables that will be used for authentication checks. Enter the data as key-value pairs.

Custom app configuration menu

If you're adding sensitive information or want to ensure that any data in the app's configuration remains secure, encrypt the variables. Click Encrypt next to the value you want to secure:

Encrypt variable button highlighted

The provided value will be replaced with the Encrypted Value text, and the Revert button will appear next to encrypted value. This button allows you to restore the original version if needed.

Encrypted variable

We store all encrypted variables in a separate table in the database to protect your information from potential security breaches or unauthorized access.

Warning

You won't be able to update the encrypted variable after creating the application. To change the value, delete the existing variable and add a new encrypted variable with the updated value.

Note that you won't be able to view the original unencrypted value once you save the configuration.

  1. Click Save and deploy.

Your application has been successfully deployed and can now be referenced from CDN resource settings. To adjust the configuration, click Actions > Edit application.

A page with app deployment confirmation

Step 2. Enable CDB EdgeCompute functions for your CDN resource

You can enable the configured Wasm functionality for the whole CDN resource or just some URLs.

  1. In the CDB Technical Web Portal, navigate to CDN.
  2. Find the resource you want to integrate with CDB EdgeCompute and open the resource settings.

CDN resources page with resource settings context menu

  1. Scroll the page down to the CDB EdgeCompute apps section and enable the toggle for the event you need.

    Currently, we support four events: On request headers, on request body, on response headers, and on response body.

Cdn Fast Edge 1 Pn
  1. Choose your application from the dropdown.
Cdn Fast Edge 2 Pn
  1. (Optional) Select the Interrupt request processing in case of error checkbox.

Info

The Interrupt request processing in case of error checkbox is enabled by default. This ensures that any errors on the CDB EdgeCompute side will be returned to the browser with the relevant response code. If you disable the checkbox, CDN will ignore the error and pass requests directly to the origin. For security considerations, we recommend keeping this checkbox active.

  1. Click Save.

You can set up a function within your uploaded CDB EdgeCompute application to manage incoming request headers only for specific URLs. For example, protect some parts of your content with a JWT token, and keep the other URLs unaffected.

To enable the function for specific URLs:

  1. In the CDB Technical Web Portal, navigate to CDN.
  2. Find the resource you want to integrate with CDB EdgeCompute and open the resource settings.
  3. Click Rules > Create rule.

CDN resource settings with open Rules tab

  1. Click Create blank rule.

  2. Give your rule a name.

  3. In the Match criteria section, specify the content affected by the function configured in your CDB EdgeCompute application.

  4. In the Options section, click Add option.

  5. Scroll the page down to the CDB EdgeCompute apps section and enable the toggle for the event you need.

    Currently, we support four events: On request headers, on request body, on response headers, and on response body.

Cdn Fast Edge 1 Pn
  1. Choose your application from the dropdown.
Cdn Fast Edge 2 Pn
  1. (Optional) Select the Interrupt request processing in case of error checkbox.

Enable CDB EdgeCompute apps section in rule options dialog

Info

The Interrupt request processing in case of error checkbox is enabled by default. This ensures that any errors on the CDB EdgeCompute side will be returned to the browser with the relevant response code.

If you disable the checkbox, CDN will ignore the error and pass requests directly to the origin. For security considerations, we recommend keeping this checkbox active.

  1. Click Create rule.

Disconnect CDB EdgeCompute from CDN

If you no longer need to use the functionality configured in your CDB EdgeCompute application, you can disable the CDB EdgeCompute functions for your CDN resource.

The steps will slightly differ depending on whether you remove CDB EdgeCompute from the whole CDN resource or just specific URLs.

  1. In the CDB Technical Web Portal, navigate to CDN.
  2. Find the resource integrated with CDB EdgeCompute and open the resource settings.

CDN resources page with resource settings context menu

  1. If you enabled CDB EdgeCompute for a whole CDN resource, disable the toggles you no longer need.
  2. If you enabled Fast Edge just for particular paths, open the Rules page and disable the toggle for the required rule.
  3. Click Save changes.

You've successfully disconnected your CDN resource from CDB EdgeCompute.

Delete CDN application in CDB EdgeCompute

Info

You can't delete an enabled Fastedge application connected to a CDN resource. To remove the application, disconnect it from the CDN resource first.

To delete an application:

  1. In the CDB Technical Web Portal, navigate to CDB EdgeCompute.
  2. Open the CDN Applications page and click the three-dot icon next to the application that you want to remove.

CDB EdgeCompute app settings with delete button

  1. Click Delete.
  2. Confirm your action by clicking Yes, delete.

Confirm app deletion dialog

You've successfully removed your CDN application from CDB EdgeCompute.