To setup a CDN using Cloudfront you first need to create an S3 bucket and make it public. In this example we will use pslampdemo.s3.amazonaws.com
Note that when setting up a cloudfront distribution you will need to assign an SSL certificate. See: https://impressto.net/aws-setup-ssl-certificates
Once your public S3 bucket has been created to to the Cloudfront console and create a new distribution. Go to https://console.aws.amazon.com/cloudfront/home?region=us-east-2#create-distribution
- Select one of the S3 buckets we are using for the CDN.
- For the origin path we will leave it empty so we can use the root folder of the S3 bucket.
- Select the HTTP > HTTPS redirect as a precatution to prevent accidental use of assets on HTTP
- For alternative domain names add the domain name we will be using for the CDN. This will be added to route53 as a CNAME record.
- Select the ssl certificate (this is one we upload ourselves)
- Click the Create Distribution button. It takes several minutes for a distribution to generate but that is ok as we have work to do now with route53.
- Click on the new distribution to get the url . You can not look for the new domain name for the distribution. It will look something like: dr8thfc1fd2g.cloudfront.net
- copy the domain and head over to Route53 – https://console.aws.amazon.com/route53/home?region=us-east-2
- Add the CNAME record linking pdlampdemo.com to the cloudfront distribution domain (e.g. dr8thfc1fd2g.cloudfront.net)
- That’s it.
Select one of the S3 buckets we are using for the CDN. For the origin path we will leave it empty so we can use the root folder of the S3 bucket. Set a HTTP > HTTPS redirect as a precatution to prevent accidental use of assets on HTTP.
For alternative domain names add the domain name we will be using for the CDN. This will be added to route53 as a CNAME record. Select the ssl certificate (this is one we uploaded ourselves earlier).
Click on the new distribution to get the url . You can not look for the new domain name for the distribution. It will look something like: dr8thfc1fd2g.cloudfront.net.
Copy the domain and head over to Route53 – https://console.aws.amazon.com/route53/home?region=us-east-2#resource-record-sets:Z34JVZ4MBJ5FQW
Add the CNAME record linking pslampdemo.com to the cloudfront distribution domain (e.g. dr8thfc1fd2g.cloudfront.net). After saving that you will be able to access the S3 assets with the CDN domain.
Enabling CORS for CDN
You will needed to enable CORS for the s3 bucket. Navigate to the S3 bucket on AWS and click the Cors Configuration button.
Add the following XML and save
<?xml version="1.0" encoding="UTF-8"?> <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> <CORSRule> <AllowedOrigin>*</AllowedOrigin> <AllowedMethod>GET</AllowedMethod> </CORSRule> </CORSConfiguration>
Enable Header Whitelisting in the Cloudfront Distribution
To forward the headers from your CloudFront distribution, follow these steps:
- Open your distribution from the CloudFront console.
- Choose the Behaviors tab.
- Choose Create Behavior, or choose an existing behavior, and then choose Edit.
- For Cache Based on Selected Request Headers, choose Whitelist.
- Under Whitelist Headers, choose headers from the menu on the left, and then choose Add.
Enable GZip Compression
By default gzip compression is off. To turn it on you will need to edit the behavoir setting for the Cloudfront distribution.
- Select the distribution and click the “Distribution Settings” button
- Select the “Behaviors” tab then click the “Edit” button
- Set the cache policy to “Managed-CacheOptimization”
Enabling Gzip Compresson
Open the cloudfront page then select the distribution.
Click the behavoir tag.
Select the behavior and click Edit
Set the Cache Policy to Managed-CachingOptimized and turn on Compress Object Automatically.
Invalidating Cloudfront Files
To clear the files from cache (ssl update of emergency fixes after a deployment) follow these steps:
- Go to the cloudfront distribution page, select the distribution page.
- Select the distribution for which you want to invalidate files.
- Choose Distribution Settings.
- Choose the Invalidations tab.
- Choose Create Invalidation.
- For the files that you want to invalidate, enter one invalidation path per line. For information about specifying invalidation paths, see Specifying the Files to Invalidate.
Specify file paths carefully. You can’t cancel an invalidation request after you start it.
- Choose Invalidate.
How S3 paths become CDN paths
This s3 path
now works as:
which in turn with a cname record in route53 becomes:
Using CDN for WordPress
We use the wp-offload plugin to host wordpress media files on S3. This allows us to upload images to a standard folder which is then accesible via CDN.
Make sure to read the instruction and set your CDN url accordingly.