Skip to main content

Using a Content Delivery Network (CDN)

Once you start having more than one webserver (and thus need a load balancer), or even before that, you will need to have a CDN to deliver static content to your users. It's usually best to set it up before beginning your website, as otherwise you'll have a lot of files to move and database entries to change.

The purpose of a CDN

Your website's webservers are meant to serve webpages, like HTML and PHP files, not loads of other files and content. A CDN is basically a global network of servers, which you can use to deliver static content (content that doesn't have to be evaluated or 'executed' by the server, like an image or video) to your website users, instead of your webservers doing it. This has a couple of major benefits:

  • It frees up the network bandwidth of your webservers, making them respond faster to requests
  • The CDN can deliver files from a server closer to the user, so they will load faster due to lower network latency
  • The bandwidth costs for using a CDN will be lower than using your webserver's bandwidth
  • The CDN caches files, making for much more efficient delivery

Getting a CDN up and running

Your CDN requires an origin - a location it will obtain files from, i.e the files you want it to serve to users. This is generally a cloud storage bucket, such as an S3 bucket. When the CDN doesn't have a copy of the file, it requests it from the origin, and then caches the copy to serve to users later.

You therefore need to do a few things to get your CDN working:

  • Create a cloud storage bucket, e.g. an S3 bucket, to serve as your CDN's origin
  • Decide on a domain name (not mandatory, but it looks nicer). Usually it is a subdomain of your existing website's domain name, e.g. "cdn.yourwebsite.com".
  • Have access to your domain's DNS records and be able to edit them, if you want to use a custom domain name.
  • Give your CDN access to your storage bucket.
Creating an S3 bucket

In the AWS console, go to S3 (or search for it). You can create a bucket in whatever region you want, though it makes sense to use the same region your other infrastructure resources are on. Keep the default settings.

Creating a CDN distribution

For this example, we'll create a CDN in Amazon CloudFront for the purpose of simplicity, though this isn't normally the best idea for a content CDN (as it has high bandwidth costs versus other CDNs).

Go to CloudFront in the AWS Console, and click Create Distribution. The S3 bucket you created earlier should appear in the "Origins" dropdown if you click on it; select it as the origin for your distribution.

For Origin Access, select Origin access control settings (recommended). You'll need to create a new Origin Access Policy, but this is easy; just click the Create button, keep the defaults, and save the new policy. The point of this is to restrict access to your S3 bucket to your CDN only. Set Viewer protocol policy to Redirect HTTP to HTTPS.

If you want your CDN to use a custom domain name, rather than the one assigned to it by AWS, you'll need to add an item in the Alternate domain name (CNAME) area. Click Add item, and enter the custom domain name for your CDN in the box, e.g. "cdn.yourwebsite.com". If you don't have a corresponding SSL certificate in AWS Certificate Manager, you'll need to do that now by clicking the Request certificate button; all other settings are done, so you can click Create distribution otherwise.

Once the distribution is created, note the S3 policy that is provided afterwards (to allow your CDN to access the S3 bucket that is acting as your CDN's origin). You need to copy-paste that policy into your S3 bucket's access policy, in the S3 console -> your bucket -> Permissions area, or else your CDN won't be able to serve content.

Requesting a certificate (if needed)

Choose Public certificate. Your certificate should have two domain names: one covers your top-level domain (e.g. "yourwebsite.com") and the other covers all subdomains using a wildcard ("*.yourwebsite.com"). Add both of these names to the certificate. Use DNS validation, and keep the RSA algorithm at the default setting, then confirm.

If your domain is managed by AWS Route 53, the certificate manager can generate the required DNS records for you (use the button that shows on the confirmation screen for your certificate request). Otherwise, you will have to add the necessary records yourself with your DNS provider. The certificate should be validated fairly quickly after the DNS records are propagated, at which point you can go back to creating your CDN distribution.

Testing your CDN

Upload a file to your storage bucket (e.g. an image), and then try to access it via your CDN using its URL (e.g. "https://cdn.yourwebsite.com/myimage.jpg"). 

CDNs can take a moment to activate; CloudFront will show a status next to your distribution. If the CDN is available, and the permissions are set correctly for your S3 bucket, then the image should load from your CDN url.

 

Back to top