As part of the Acquia Edge setup process, your team has the option to configure your DNS using one of the following methods:
Authoritative DNS or Full setup: Move your DNS to Acquia Edge, and use Acquia Edge as your full, authoritative DNS service.
Partial CNAME setup: Keep your DNS with your current DNS service and direct your traffic through Acquia Edge using a CNAME record.
Both the options can be referred to as Direct setups because you directly add your domain to Acquia Edge.
You must select and implement one of these methods to fully launch your domain with Acquia Edge. For more information about the Acquia Edge DNS options, see Acquia Academy.
Setting up a domain for Acquia Edge
To set up your domain with your Acquia Edge subscription, you must complete a security measure to confirm your ownership of the domain you plan to manage. You cannot create a TXT record. Acquia will provide it to your team in the welcome email sent to you when you purchase Acquia Edge. The TXT record will look similar to this example:
Add this TXT record to your current authoritative DNS for the domain. Acquia Edge will detect the record in your DNS, confirming your ownership of the domain. For security purposes, you cannot proceed with setting up your domain until you add this record and Acquia Edge verifies it.
If you are setting up multiple domains, you must add the respective TXT records provided in the welcome email to their respective domains. This TXT record is available on the Overview tab for each domain as a reference until it is added to your DNS record.
SSL Certificates
To enable SSL, you must first determine the type of SSL certificate you want to deploy on Acquia Edge, and the level of encryption the SSL certificate will enforce.
Within your Acquia Edge subscription, you have three options for your SSL certificate: Universal SSL, Custom SSL, or a combination of both.
Universal SSL
Edge CDN and Edge Security include a Universal SAN certificate, covering any hostnames that you may have active on Edge. The Universal certificate renews every year without requiring a certificate maintenance by your team. For these types of certificates, Cloudflare is displayed as the owner of the certificate.
The Universal SSL certificate is available for each domain that you set up within your Edge subscription.
For the Authoritative DNS method, the Universal certificate is deployed after you update your nameservers to move to the Acquia Edge-provided nameservers. A single certificate is issued covering the zone apex and a wildcard on any first-level subdomains.
For the Partial CNAME DNS method, Universal SSL certificates attempt to issue for each proxied hostname that you set on the DNS tab of your zone(s). A single certificate is issued for each proxied hostname, with no wildcards. For domain control validation to complete for each certificate, you must have a CNAME record in your DNS to set the resolution to Acquia Edge for each hostname. For any HTTP request to the respective hostnames, certificates are issued within minutes.
Custom SSL
If you want to use your own custom SSL certificates with Acquia Edge, upload the same certificate you use on Cloud Platform to Acquia Edge. However, if you then change or re-key your SSL certificate, you must apply the updated or new certificate to both Cloud Platform and Acquia Edge to maintain consistency and simplify support.
Note for China and HTTPS usage
If you anticipate website traffic based in China using HTTPS, Cloudflare requires you to place your private SSL keys in their China data centers.
Testing Acquia Edge
You can test Acquia Edge by editing your /etc/hosts file to point your domain to the CloudFlare IP address for the domain. To test, complete the following steps:
Note
Domains protected by Acquia Edge must use a CNAME instead of an A record. If you use CNAME integration with Acquia Edge, you must handle the termination of the apex (root) domain, and the redirect of subdomains such as the www subdomain must be handled outside of Acquia.
Find the IP address of the subdomain to be routed through Acquia Edge using a command similar to the following:
dig [domain_name].cdn.cloudflare.net
where [domain_name] is your fully qualified domain name (FQDN).
For example, if your domain name is test.example.com, the command would be:
dig test.example.com.cdn.cloudflare.net
The response will display like the following results:
; <<>> DiG 9.8.3-P1 <<>> test.example.com.cdn.cloudflare.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64242
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;test.example.com.cdn.cloudflare.net. IN A
;; ANSWER SECTION:
test.example.com.cdn.cloudflare.net. 300 IN A 111.22.33.44
test.example.com.cdn.cloudflare.net. 300 IN A 111.22.34.44
test.example.com.cdn.cloudflare.net. 300 IN A 111.22.35.44
test.example.com.cloudflare.net. 300 IN A 111.22.36.44
test.example.com.cdn.cloudflare.net. 300 IN A 111.22.37.44
Select one of the IP addresses in the ANSWERSECTION of the dig response.
To configure Acquia Edge as the authoritative domain name server for your website, complete the following steps:
Create a Support ticket when you are ready to launch. Provide your intended launch date, and request the nameservers for your Acquia Edge account.
Acquia Support will update the ticket with the nameservers associated with your Acquia Edge subscription. You will use these nameservers for launch.
Determine the registrar for your website’s domain name, and then sign in to your domain name registrar’s website.
Note
Domain registrar information is publicly available online from the WHOIS database. If you are not sure of your domain registrar, use a website such as whois.com to determine your domain name registrar.
On your registrar’s website, update your nameserver records with the nameserver information provided by Acquia Support. If you are not sure how to update your nameserver information with your registrar, contact your registrar’s support for assistance.
In your Acquia Edge dashboard, confirm your changes have taken effect by reviewing the displayed status message from the following list:
Launching with Partial CNAME method
With a CNAME setup, the authoritative DNS for your domain is not managed in Acquia Edge, and one or more subdomains are redirected to Acquia Edge using CNAME DNS record(s). Although you can add multiple CNAME records to your authoritative DNS, each CNAME record you add must contain a corresponding enabled record (marked with an orange cloud icon) in the Acquia Edge DNS tab. Before you launch your domain using the Partial CNAME method, ensure you properly configure the redirects for your apex (root) domain as described in Redirecting bare domain names to the “www” subdomain. For information about limitations of this approach, see the Configuring your DNS section.
Important
Do not perform the following steps if you are using Acquia Edge as your authoritative DNS provider.
To launch a domain using the Partial CNAME DNS method for Acquia Edge, complete the following steps:
Plan your CNAME records for launch. In this step, you are not updating your DNS, but instead confirming you have the correct CNAME records for your DNS update on your scheduled launch date.
To create a CNAME record for your domain, append your domain name with .cdn.cloudflare.net. Your CNAME records will always follow the same pattern. For example:
www.example.com would point to a CNAME of www.example.com.cdn.cloudflare.net
Sign in to your DNS provider.
Add the CNAME you planned in Step 1 for your desired domain to your authoritative DNS provider. Your CNAME domain name will be in the following format:
[www.example.com].cdn.cloudflare.net
where [www.example.com] is the full name of the destination hostname.
Confirming traffic is going through Acquia Edge
After updating your DNS with Acquia Edge, you must test to confirm website requests are being sent through the Acquia Edge network. You can perform these tests in one of two ways:
Using the browser address bar Enter www.example.com/cdn-cgi/trace in any browser, where www.example.com is the domain you are testing. The response will display details similar to the following:
fl=4f64
h=www.camilia.me
ip=108.162.209.36
ts=1437437272.84
visit_scheme=http
uag=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36
colo=SJC
spdy=off
Using the Claire plugin for Chrome The Claire plugin is a free download available from the Chrome web store. After you install the plugin, any website you access through the Edge network will cause the plugin to display an orange cloud icon in the Chrome address bar, indicating the request was processed by the Edge network.
If you do not receive the expected results, the domain is not yet correctly configured for Acquia Edge. Confirm the DNS configurations have been made correctly.
As part of the Acquia Edge setup process, your team has the option to configure your DNS using one of the following methods:
Authoritative DNS or Full setup: Move your DNS to Acquia Edge, and use Acquia Edge as your full, authoritative DNS service.
Partial CNAME setup: Keep your DNS with your current DNS service and direct your traffic through Acquia Edge using a CNAME record.
Both the options can be referred to as Direct setups because you directly add your domain to Acquia Edge.
You must select and implement one of these methods to fully launch your domain with Acquia Edge. For more information about the Acquia Edge DNS options, see Acquia Academy.
Setting up a domain for Acquia Edge
To set up your domain with your Acquia Edge subscription, you must complete a security measure to confirm your ownership of the domain you plan to manage. You cannot create a TXT record. Acquia will provide it to your team in the welcome email sent to you when you purchase Acquia Edge. The TXT record will look similar to this example:
Add this TXT record to your current authoritative DNS for the domain. Acquia Edge will detect the record in your DNS, confirming your ownership of the domain. For security purposes, you cannot proceed with setting up your domain until you add this record and Acquia Edge verifies it.
If you are setting up multiple domains, you must add the respective TXT records provided in the welcome email to their respective domains. This TXT record is available on the Overview tab for each domain as a reference until it is added to your DNS record.
SSL Certificates
To enable SSL, you must first determine the type of SSL certificate you want to deploy on Acquia Edge, and the level of encryption the SSL certificate will enforce.
Within your Acquia Edge subscription, you have three options for your SSL certificate: Universal SSL, Custom SSL, or a combination of both.
Universal SSL
Edge CDN and Edge Security include a Universal SAN certificate, covering any hostnames that you may have active on Edge. The Universal certificate renews every year without requiring a certificate maintenance by your team. For these types of certificates, Cloudflare is displayed as the owner of the certificate.
The Universal SSL certificate is available for each domain that you set up within your Edge subscription.
For the Authoritative DNS method, the Universal certificate is deployed after you update your nameservers to move to the Acquia Edge-provided nameservers. A single certificate is issued covering the zone apex and a wildcard on any first-level subdomains.
For the Partial CNAME DNS method, Universal SSL certificates attempt to issue for each proxied hostname that you set on the DNS tab of your zone(s). A single certificate is issued for each proxied hostname, with no wildcards. For domain control validation to complete for each certificate, you must have a CNAME record in your DNS to set the resolution to Acquia Edge for each hostname. For any HTTP request to the respective hostnames, certificates are issued within minutes.
Custom SSL
If you want to use your own custom SSL certificates with Acquia Edge, upload the same certificate you use on Cloud Platform to Acquia Edge. However, if you then change or re-key your SSL certificate, you must apply the updated or new certificate to both Cloud Platform and Acquia Edge to maintain consistency and simplify support.
Note for China and HTTPS usage
If you anticipate website traffic based in China using HTTPS, Cloudflare requires you to place your private SSL keys in their China data centers.
Testing Acquia Edge
You can test Acquia Edge by editing your /etc/hosts file to point your domain to the CloudFlare IP address for the domain. To test, complete the following steps:
Note
Domains protected by Acquia Edge must use a CNAME instead of an A record. If you use CNAME integration with Acquia Edge, you must handle the termination of the apex (root) domain, and the redirect of subdomains such as the www subdomain must be handled outside of Acquia.
Find the IP address of the subdomain to be routed through Acquia Edge using a command similar to the following:
dig [domain_name].cdn.cloudflare.net
where [domain_name] is your fully qualified domain name (FQDN).
For example, if your domain name is test.example.com, the command would be:
dig test.example.com.cdn.cloudflare.net
The response will display like the following results:
; <<>> DiG 9.8.3-P1 <<>> test.example.com.cdn.cloudflare.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64242
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;test.example.com.cdn.cloudflare.net. IN A
;; ANSWER SECTION:
test.example.com.cdn.cloudflare.net. 300 IN A 111.22.33.44
test.example.com.cdn.cloudflare.net. 300 IN A 111.22.34.44
test.example.com.cdn.cloudflare.net. 300 IN A 111.22.35.44
test.example.com.cloudflare.net. 300 IN A 111.22.36.44
test.example.com.cdn.cloudflare.net. 300 IN A 111.22.37.44
Select one of the IP addresses in the ANSWERSECTION of the dig response.
To configure Acquia Edge as the authoritative domain name server for your website, complete the following steps:
Create a Support ticket when you are ready to launch. Provide your intended launch date, and request the nameservers for your Acquia Edge account.
Acquia Support will update the ticket with the nameservers associated with your Acquia Edge subscription. You will use these nameservers for launch.
Determine the registrar for your website’s domain name, and then sign in to your domain name registrar’s website.
Note
Domain registrar information is publicly available online from the WHOIS database. If you are not sure of your domain registrar, use a website such as whois.com to determine your domain name registrar.
On your registrar’s website, update your nameserver records with the nameserver information provided by Acquia Support. If you are not sure how to update your nameserver information with your registrar, contact your registrar’s support for assistance.
In your Acquia Edge dashboard, confirm your changes have taken effect by reviewing the displayed status message from the following list:
Launching with Partial CNAME method
With a CNAME setup, the authoritative DNS for your domain is not managed in Acquia Edge, and one or more subdomains are redirected to Acquia Edge using CNAME DNS record(s). Although you can add multiple CNAME records to your authoritative DNS, each CNAME record you add must contain a corresponding enabled record (marked with an orange cloud icon) in the Acquia Edge DNS tab. Before you launch your domain using the Partial CNAME method, ensure you properly configure the redirects for your apex (root) domain as described in Redirecting bare domain names to the “www” subdomain. For information about limitations of this approach, see the Configuring your DNS section.
Important
Do not perform the following steps if you are using Acquia Edge as your authoritative DNS provider.
To launch a domain using the Partial CNAME DNS method for Acquia Edge, complete the following steps:
Plan your CNAME records for launch. In this step, you are not updating your DNS, but instead confirming you have the correct CNAME records for your DNS update on your scheduled launch date.
To create a CNAME record for your domain, append your domain name with .cdn.cloudflare.net. Your CNAME records will always follow the same pattern. For example:
www.example.com would point to a CNAME of www.example.com.cdn.cloudflare.net
Sign in to your DNS provider.
Add the CNAME you planned in Step 1 for your desired domain to your authoritative DNS provider. Your CNAME domain name will be in the following format:
[www.example.com].cdn.cloudflare.net
where [www.example.com] is the full name of the destination hostname.
Confirming traffic is going through Acquia Edge
After updating your DNS with Acquia Edge, you must test to confirm website requests are being sent through the Acquia Edge network. You can perform these tests in one of two ways:
Using the browser address bar Enter www.example.com/cdn-cgi/trace in any browser, where www.example.com is the domain you are testing. The response will display details similar to the following:
fl=4f64
h=www.camilia.me
ip=108.162.209.36
ts=1437437272.84
visit_scheme=http
uag=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36
colo=SJC
spdy=off
Using the Claire plugin for Chrome The Claire plugin is a free download available from the Chrome web store. After you install the plugin, any website you access through the Edge network will cause the plugin to display an orange cloud icon in the Chrome address bar, indicating the request was processed by the Edge network.
If you do not receive the expected results, the domain is not yet correctly configured for Acquia Edge. Confirm the DNS configurations have been made correctly.
Enter the domain name in your browser and examine the page response headers.
Status: Active: Your domain setup is complete.
Status: Pending: Your nameserver updates have not yet propagated, or were not updated correctly.
If your nameserver updates are marked Pending, click Overview in the Acquia Edge dashboard, and then click Recheck Nameservers, as displayed in the following example:
If the issue persists, use a website such as whois.comto check whether your nameserver records match the records provided in Acquia Edge.
Did not find what you were looking for?
If this content did not answer your questions, try searching or contacting our support team for further assistance.
Enter the domain name in your browser and examine the page response headers.
Status: Active: Your domain setup is complete.
Status: Pending: Your nameserver updates have not yet propagated, or were not updated correctly.
If your nameserver updates are marked Pending, click Overview in the Acquia Edge dashboard, and then click Recheck Nameservers, as displayed in the following example:
If the issue persists, use a website such as whois.comto check whether your nameserver records match the records provided in Acquia Edge.
Did not find what you were looking for?
If this content did not answer your questions, try searching or contacting our support team for further assistance.
Edge