+------------------------+ | Metadata | +----------+-------------+ | Template | guides | +----------+-------------+ | Image | ![][image0] | +----------+-------------+ | Category | Launch | +----------+-------------+ +-------------------+ | Section Metadata | +---------+---------+ | style | content | +---------+---------+ ![][image0] # Fastly Setup The following screenshots illustrate how to configure [Fastly](https://www.fastly.com/) to deliver content. Essential settings are marked with a red circle. +-----------------------------------------------------------------------------------------------+ | Fragment | +-----------------------------------------------------------------------------------------------+ | | +-----------------------------------------------------------------------------------------------+ ## Create a Fastly service Go to the [Fastly Management UI](https://manage.fastly.com/services/all) and select **Create Service**, CDN. ![][image1] ## Add Domain Add your production domain (e.g. `www.mydomain.com`):\ ![][image2] ## Configure Origin Add your origin (e.g. `main–{site}--{org}.aem.live`) and keep the default settings for: - Override default host - Default compression - Force TLS & HSTS ![][image3] In the new configuration, click "Edit configuration" in the top right corner and "clone version 1 to edit". In the sidebar, select "Hosts" underneath "Origins" and click the pencil icon to change host settings. ![][image4] Scroll down and change **Shielding** to `Ashburn Metro (IAD)` (non-mandatory but *recommended* setting): ![][image5] Don't forget to "update". ## Create VCL Snippets ![][image6] Create a VCL snippet for the `recv` subroutine with the following VCL code: ``` if (fastly.ff.visits_this_service == 0) { # edge delivery node if (req.url.qs != "") { # remember query string set req.http.X-QS = req.url.qs; if (req.url.path !~ "/media_[0-9a-f]{40,}[/a-zA-Z0-9_-]*\.[0-9a-z]+$" && req.url.ext !~ "(?i)^(gif|png|jpe?g|webp)$" && req.url.ext != "json" && req.url.path != "/.auth") { # strip query string from request url set req.url = req.url.path; } } } ``` Create additional VCL snippets for the `miss` and `pass` subroutines with the following VCL code: ``` set bereq.http.X-BYO-CDN-Type = "fastly"; set bereq.http.X-Push-Invalidation = "enabled"; ``` **Note**: The `X-Push-Invalidation: enabled` request header enables the push invalidation including long cache TTLs. \ Create a `deliver` snippet with the following VCL code: ``` if (fastly.ff.visits_this_service == 0) { # on edge delivery node if ( http_status_matches(resp.status, "301,302,303,307,308") && req.http.X-QS && resp.http.location && resp.http.location !~ "\?.*\z" ) { # preserve request query string in redirect location set resp.http.location = resp.http.location "?" req.http.X-QS; } } ``` \ Finally create a `deliver` snippet with the following VCL code: ``` unset resp.http.Age; if (req.url.path !~ "\.plain\.html$") { unset resp.http.X-Robots-Tag; } ``` ![][image7] After completing all steps and activating the service version you should be all set: ![][image8] ![][image9] ## Optional: Authenticate Origin Requests If you have enabled [token-based Site Authentication](https://main--helix-website--adobe.aem.page/docs/authentication-setup-site), navigate in the sidebar to Content → Headers, then "create a header" with following settings: - Name: Origin Authentication - Type: Request/Set - Destination: `http.Authorization` - Source: `"token "` (don't forget the quotes, and replace `` with the site token retrieved in [token-based Site Authentication](https://main--helix-website--adobe.aem.page/docs/authentication-setup-site) – the token starts with `hlx_`) - Ignore if set: no - Priority: 10 ![][image10] ## Note Edge Delivery Services needs no Web Application Firewall, as it is running on hardened, shared, and ultra-scalable infrastructure. Requests that a WAF would typically intercept are terminated in our CDNs. +----------------------------------------------------------------------------------------------------------+ | Pagination (Contained) | +----------------------------------------------------------------------------------------------+-----------+ | :icon-arrow: Previous | | | | | | ### [BYO CDN Setup Overview](https://main--helix-website--adobe.hlx.page/docs/byo-cdn-setup) | | +----------------------------------------------------------------------------------------------+-----------+ [image0]: https://main--helix-website--adobe.aem.page/media_1c8e056645c57ad87499ef645e28e010db5583b02.jpg#width=1103&height=828 [image1]: https://main--helix-website--adobe.aem.page/media_15b1e60338f9b0dd19bfb879ee5afdff7dd5c9c4f.png#width=1600&height=505 [image2]: https://main--helix-website--adobe.aem.page/media_1e563371d0049c49f47f7aa7c00a3fd41f63ae167.png#width=1600&height=1112 [image3]: https://main--helix-website--adobe.aem.page/media_1782a23c840e107eef5c9efde33feab2d215f58c7.png#width=1600&height=1077 [image4]: https://main--helix-website--adobe.aem.page/media_1363ad3d1cfa3bda39ccaa97369a08d12c9616832.png#width=1600&height=1073 [image5]: https://main--helix-website--adobe.aem.page/media_186ee94d159657eb1906c86472e1a03932c4a973c.png#width=1600&height=530 [image6]: https://main--helix-website--adobe.aem.page/media_1da297bde56c7cc7576fdbadefd49050d29755e27.png#width=1600&height=1064 [image7]: https://main--helix-website--adobe.aem.page/media_1c6bfd52af6f5804d48cf5bbc8c9757b38c57f95d.png#width=1600&height=1334 [image8]: https://main--helix-website--adobe.aem.page/media_19f0690259581f8832aace89d0abe5b317fb0dce3.png#width=1423&height=63 [image9]: https://main--helix-website--adobe.aem.page/media_173e518454b60a41b1fea3dbc30e4a1661cb6319c.png#width=1600&height=648 [image10]: https://main--helix-website--adobe.aem.page/media_194f1b58b8683c26ebf9c4c42bc0c94b67ca53458.png#width=1600&height=1298