Using Platform CDN, you can deliver accelerated digital experiences to global audiences by caching pages and static assets, including JavaScript, CSS, and images, at over 65 points of presence (POPs) around the world. Visitors accessing your website load the static assets from the POP closest to their location, which decreases the time required to load a page and increases conversions.
Based on years of experience accelerating Drupal applications through Varnish®, Acquia has configured Platform CDN to optimize the delivery of digital experiences.
Ensure that the Platform CDN entitlement is added to your Acquia subscription.
Have at least one custom domain, preferably with a valid SSL/TLS root certificate.
Get an understanding of your site’s caching strategy.
Important
If you are using SSL/TLS, you must have a valid RSA 2048-bit signed certificate uploaded to Cloud Platform to use the certificate with Platform CDN. Self-signed and other certificates are not supported with Platform CDN. If you own a wildcard certificate, upload the certificate to all relevant environments, including the RA environment with Remote Administration. If you are unsure of your certificate’s size, run the following command in a terminal window:
openssl x509 -in [path-to-your/certificate.crt] -text -noout | grep 'Public-Key'
HTTP Basic Authentication
By default, HIPAA and PCI compliance are always on for all cached objects with Platform CDN. It is up to your team to configure objects that do not require this compliance.
If your objects are not HIPAA or PCI compliant and you want the cache
lifetime longer than 24 hours, you must add the header X-Acquia-CDN-HP-Off
.
This indicates that the object is not compliant and can be stored in
cache or on disk at the CDN. HIPAA and PCI sensitive objects are not stored
on disk at the CDN by default.
Note
Session objects, such as objects with session cookies, are not stored in cache.
For more information on HIPAA and PCI compliance on Cloud Platform, see Compliance with standards and regulations.
Important
To provision Platform CDN, you must have appropriate permissions. For more information, see Domain permissions.
Log in to the Cloud Platform.
Select your application.
Select an environment.
In the left navigation pane, click Domain Management.
On the right, click the CDN tab.
Important
You can use Platform CDN only with custom domains.
Note
This tab is visible to only Acquia customers who has the Platform CDN entitlement added to their subscriptions.
Click Provision to provision a CDN for your environment. Acquia provisions all of the custom domains in your environment on CDN. Acquia only provisions Platform CDN for custom domains. Acquia default domains does not function on CDN. For any non-conforming domain patterns, the system displays N/A.
Note
It takes some time for provisioning to complete. It may take 10+ minutes for every Point of Presence (POP) in CDN network to update for all your domains and SSL/TLS certificates.
Once provisioning is complete, the page displays two sections: your DNS information and the status of CDN provisioning for each domain.
You can see a green check mark next to the word Active. If you see an Install-Failed alert icon, see the list of possible errors before contacting Acquia Support.
To begin directing visitor traffic through Platform CDN, change the authoritative DNS for your domain to point to the following endpoints:
For domains that support CNAME records, configure them to point to
dualstack.acquia.map.fastly.net
. The dualstack prefix in the
endpoint ensures that it is IPv6 compatible without the need for a
separate AAAA record.
For other domains that cannot use a CNAME record, configure at least two A
records pointing to 151.101.1.193
, 151.101.65.193
,
151.101.129.193
, or 151.101.193.193
.
Note
After adding Platform CDN to your environment, Cloud Platform automatically keeps CDN configuration up-to-date. For example, when you add or remove a domain, or update an SSL certificate, you may see a CDN provisioning or updating task in the task log view. You may also see a CDN provisioning or updating task after you deploy code to an environment due to the internal operations of the system.
To test Platform CD, use one of the following methods:
To test through the /etc/hosts
file method:
Edit your /etc/hosts
file to add a line based on the following format
by using the IP address and your domain name:
151.101.1.193 test.example.com
For information about how to edit your /etc/hosts
file, see Using a
hosts file for custom domains during development.
Important
Do not use the Chrome browser as it does not read the /etc/hosts
file.
Some browsers require configuration to read DNS from the
/etc/hosts
file.
Enter the domain name in your browser and examine the page response headers.
To test through the curl
command method, run the following command by
using the IP address and your domain name:
curl -Is -X GET https://www.example.com --resolve www.example.com:443:151.101.1.193
Important
Ensure that you point DNS to your Cloud Platform balancers before you disable CDN. This ensures that your sites remain accessible even after CDN is disabled.
To disable Platform CDN:
After DNS is updated, log in to Cloud Platform.
In the left-hand navigation bar, click Domain Management.
On the right, click CDN.
To disable CDN for the entire environment, click Disable CDN.
To disable Platform CDN for a single or select group of custom domains, visit your DNS provider and point DNS for the chosen domain(s) to your Acquia load balancer EIP. This information is available in the Regional Origin sub-section of DNS information.
Note
As you provision Platform CDN, all your custom domains are pushed to the CDN. Domains added or removed from the Cloud Platform user interface are added or removed from CDN and remain in sync. You control which domains actually use CDN by setting each domain’s DNS records accordingly.
Cloud Platform supports SSL certificates on both Platform CDN and Cloud Platform balancers, enabling you to deliver fully secure experiences for your visitors. Cloud Platform automatically copies certificates to Platform CDN as part of the provisioning process. Ensure that your certificate is uploaded to Cloud Platform. Any certificates uploaded after the initial provisioning of Platform CDN are also automatically uploaded to Platform CDN.
Note
Ensure that your certificates use a 2048-bit private key before enabling Platform CDN. You can only use the certificates that are created with a 2048-bit private key.
Cache invalidation is a method of displaying new content to connected clients. During invalidation, objects are marked as outdated, and the next time a client requests these objects, the client is delivered a new version. Acquia offers two approaches to cache invalidation on its Varnish-based load balancers and Platform CDN layers: Purge and Ban.
Purge immediately removes content from Varnish. When the client requests the data again, the request bypasses Varnish and Drupal responds to the request. This is a path-based approach. This is the primary approach for customers using Drupal 7 and the Acquia Purge module.
Ban adds cached object references to a list, and client requests are checked against this list to see if there are any matches. If so, new content is fetched from the application, returned to the client, and added to the cache. Cached content is updated after a client requests the information, unlike the Purge method. This is the primary approach for customers using Drupal 9 with Purge and Acquia Purge modules.
Follow the next steps based on your Drupal version:
Drupal 9 utilizes Drupal’s Cache API and the Purge module, both of which were architected with cache invalidation in mind. This method utilizes cache tags. Cache tags can be added to any piece of content in Drupal. With the presence of cache tags, the Purge module is able add these cache tags to a Ban list. This casts a wider net, allowing Acquia’s customers to implement a comprehensive cache invalidation strategy that caches objects for longer periods of time (TTL). When editors make content changes, it appears fresh when requested immediately.
Setting up cache invalidation
Install and enable the latest versions of the Acquia Purge and Purge modules. Enable all Purge modules:
Navigate to Admin > Configuration > Development > Performance > Purge.
Add your purgers.
In Cache Invalidation, enable Acquia Cloud and select Acquia Platform CDN.
Note
At this point, you still have not provisioned Platform CDN. You have set up your site to send purge requests to Platform CDN. After you provision Platform CDN through the Cloud Platform user interface (see below), a return to this page shows the status on the right of this page as green for Platform CDN. If it displays in red after successful provisioning of Platform CDN, create a Support ticket.
Drupal 7 utilizes a combination of custom rules and the Cache Expiration and Acquia Purge modules to create tailored Purge instructions.
This was considered a leap forward when first introduced to the Drupal community. However, in recent years it was acknowledged that the Drupal 7 caching architecture was not able to build or maintain all of the necessary relationships between content. Therefore, Acquia Purge occasionally leaves some content cached, resulting in stale content.
Setting up cache invalidation
Install and enable the Acquia Purge and Cache Expiration modules and their dependencies. The Acquia Purge module keeps the Acquia Varnish cache in sync with your application. For more information, see Acquia Purge FAQ for Drupal 7.
Platform CDN respects Cache-Control and Surrogate-Control HTTP headers and tag-based invalidation. Acquia recommends using both methods as part of your application’s caching strategy.
Coupled with the Purge and Acquia Purge modules, the Drupal 9 cache invalidation framework expires content at Acquia Varnish and Platform CDN whenever changes occur to tagged content. This feature means that cache lifetimes at both Acquia Varnish and Platform CDN can be set to very long times and even months.
For information about how the Drupal application sets cache headers, see:
For broader control over Platform CDN objects, Acquia recommends the HTTP Cache Control module.
Drupal 7 does not natively support tag-based invalidation. Therefore, Acquia recommends setting Drupal’s maximum time for keeping cached assets to 60 minutes. This allows assets to remain cached for a moderate amount of time before updates are fetched from Drupal. This value can be configured downwards to ensure that your visitors receive the updated content.
To configure the maximum time, log in with administrator privileges and
navigate to config/development/performance
. Enable caching for anonymous
users and set Expiration of cached pages to the duration you require.
These settings generate the following HTTP header:
Cache-Control: public, max-age=3600
Public means the response can be stored by all caches, including Varnish, Platform CDN, and browser caches.
Cache-Control header settings only apply to dynamic content. All static assets, such as CSS fonts, images, and JavaScript files, are given Cache-Control headers by an .htaccess directive and the Apache web infrastructure:
Cache-Control: max-age=1209600
To get further control over Platform CDN objects, follow the instructions in Configuring Platform CDN with Drupal 7 and Cache Control Headers.
You can leverage Cache-Control and Surrogate-Control HTTP headers and tag-based invalidation in Javascript applications based on Node.JS.
Cache-Control works when you set it up on the server side. When you do not set up this header on the server side, the Age header increases to 3600 seconds. Here, 3600 seconds is the TTL value. For example,
[cloudservicesdev|hosting-dev:nodejs-dev] ~/abc/git$ curl -I http://nodejs-i.john-galvin.com/
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html
Content-Length: 1840
Accept-Ranges: bytes
Date: Wed, 28 Sep 2022 10:19:05 GMT
Age: 1228
X-Served-By: cache-bom4733-BOM
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1664360345.110256,VS0,VE1
Via: Acquia Platform CDN 1.176, HTTP/1.1 forward.http.proxy:3128
Connection: keep-alive
[cloudservicesdev|hosting-dev:nodejs-dev] ~/abc/git$ curl -I http://nodejs-i.john-galvin.com/
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html
Content-Length: 1840
Accept-Ranges: bytes
Date: Wed, 28 Sep 2022 10:19:38 GMT
Age: 1262
X-Served-By: cache-bom4734-BOM
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1664360379.803699,VS0,VE1
Via: Acquia Platform CDN 1.176, HTTP/1.1 forward.http.proxy:3128
Connection: keep-alive
[cloudservicesdev|hosting-dev:nodejs-dev] ~/abc/git$ curl -I http://nodejs-i.john-galvin.com/
HTTP/1.1 200 OK
Content-Length: 1840
Server: nginx
Content-Type: text/html
Accept-Ranges: bytes
Date: Wed, 28 Sep 2022 10:25:53 GMT
Age: 1636
X-Served-By: cache-bom4723-BOM
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1664360753.388986,VS0,VE0
Via: Acquia Platform CDN 1.176, HTTP/1.1 forward.http.proxy:3128
Connection: keep-alive
[cloudservicesdev|hosting-dev:nodejs-dev] ~/abc/git$ curl -I http://nodejs-i.john-galvin.com/
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html
Content-Length: 1840
Accept-Ranges: bytes
Date: Wed, 28 Sep 2022 10:27:15 GMT
Age: 1718
X-Served-By: cache-bom4740-BOM
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1664360835.145788,VS0,VE1
Via: Acquia Platform CDN 1.176, HTTP/1.1 forward.http.proxy:3128
Connection: keep-alive
[cloudservicesdev|hosting-dev:nodejs-dev] ~/abc/git$ curl -I http://nodejs-i.john-galvin.com/
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html
Content-Length: 1840
Accept-Ranges: bytes
Date: Wed, 28 Sep 2022 10:39:35 GMT
Age: 2458
X-Served-By: cache-bom4744-BOM
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1664361575.491825,VS0,VE1
Via: Acquia Platform CDN 1.176, HTTP/1.1 forward.http.proxy:3128
Connection: keep-alive
To set up the Cache-Control header on the server (Acquia domain, for example,
https://testdev.prod.acquia-sites.com/
), run the following command and
restart your server:
[cloudservicesdev|hosting-dev:nodejs-dev] ~/abc/git$ curl -Ik https://testdev.prod.acquia-sites.com/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Sep 2022 11:12:52 GMT
Content-Type: text/html
Connection: keep-alive
Cache-Control: max-age=100, no-cache
Note that Platform CDN takes around 30 mins for the changes to come in effect.
As per the example, you can verify the changes by accessing the Acquia domain:
https://testdev.prod.acquia-sites.com/
. This returns the Cache-Control
header in the response. After around 30 minutes, you can access the Node.js domain to view the Cache-Control header as well:
[cloudservicesdev|hosting-dev:nodejs-dev] ~/abc/git$ date && curl -I http://nodejs-i.john-galvin.com/
Wed Sep 28 16:32:12 IST 2022
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html
Cache-Control: max-age=100, no-cache
Content-Length: 1840
Accept-Ranges: bytes
Date: Wed, 28 Sep 2022 11:02:13 GMT
Age: 0
X-Served-By: cache-maa10229-MAA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1664362933.464853,VS0,VE445
Via: Acquia Platform CDN 1.176, HTTP/1.1 forward.http.proxy:3128
Connection: keep-alive
Cache clearing occurs automatically due to the Acquia Purge module.
Cache clearing at Acquia Varnish occurs automatically due to the Acquia Purge module. Content at Platform CDN expires after the time to live specified in the Surrogate-Control: max-age= header.
To purge all content from all caches, use Drupal’s Clear All Caches option. This also clears Acquia Varnish cache and Platform CDN cache. If the Acquia Purge module: Platform CDN purger is installed and configured correctly, you must purge all content. To do so, navigate to admin > Configuration > Performance and select the Clear all caches option.
To purge all content from all caches, use Drupal’s Clear all caches option, which also clears Acquia Varnish cache. To do so, navigate to admin > Configuration > Performance and select the Clear all caches option.
To purge all caches, use one of the following methods:
Use curl on the command line. For more information, see Manually purging all caches or individual objects from Platform CDN.
Use the Cloud Platform user interface. For more information, see Manually purging caches using the Cloud Platform user interface.
Important
These instructions clear content from Platform CDN only. To replace the older content with new content, purge the content from Acquia Varnish first.
Retrieve the value of service_id
and token
from Acquia Support.
Purge Platform CDN by running the following curl
command with the
token
in the header and the service_id
in the URL path as shown in
the following example:
curl -X POST -H "Fastly-Key:<Platform CDN token>" -H "Accept: application/json" https://api.fastly.com/service/<Platform CDN Service ID>/purge_all
Use the token and Service ID values provided to you by Acquia Support.
For example,
curl -X POST -H "Fastly-Key:DMDf1ryoZiERdryIxQAb4seLOBqLfLMU" -H "Accept: application/json" https://api.fastly.com/service/4SsvFsxK25Z7t16kTqzu7d/purge_all
Before manually purging the Platform CDN cache, purge your Varnish cache to ensure cache consistency. For more information, see Varnish: Bypassing the cache.
Note
“Clear All Caches” is not accessible to the users of Node.js. The use of an API is required to develop a caching approach.
Navigate to your environment and click the Domains Management menu.
On the Domains tab, select Clear all caches for the domain for which you want to clear the cache.
The system clears both Acquia Varnish and Platform CDN caches.
If you experience issues provisioning Cloud Platform CDN, review the following likely causes:
There are no custom domains registered to your environment:
The default *.acquia-sites.com domain cannot be added to CDN. You must add at least one of your own domains before Platform CDN can be provisioned.
Your SSL/TLS certificate is not 2048-bit:
Ensure your certificates use a 2048-bit private key before enabling Platform CDN. You can only use the certificates that are created with a 2048-bit private key. A 1024-bit key is outdated, and a 4096-bit SSL key is supported, but requires a manual upload and might not work with all browsers. If you have a specific security or compliance requirement, create a Support ticket for assistance uploading a 4096-bit certificate.
There is an older SSL/TLS certificate being served instead of a newly uploaded certificate:
Platform CDN serves a valid certificate with the closest matching CN or SAN. Deactivate any older certificates through the Cloud Platform user interface to remove them from Platform CDN.
Your domain was previously registered with Acquia’s CDN partner, Fastly Inc.:
If you have previously created a Fastly account using one of your domain names, create a Support ticket. Acquia Support will work with Fastly to transfer the domain for use on Platform CDN.
HTTP to HTTPS redirect gets stuck in a 301 redirect loop:
Purge all caches. If the problem persists, create a Support ticket.
SSO redirects browser to not-logged-in content:
Ensure that your application is serving a Cache-Control header with
max-age:3
or must-revalidate
value. This ensures that the browser
does not use its local cache.
Purge token lost or doesn’t work:
Use Drush 9 to run drush p:dia
. If that command is not available, use the
following method to ensure that all modules are installed and enabled:
# in your local dev environment
git clone [email protected]:manualtest.git
cd manualtest/docroot
# Use composer to install acquia_purge 1.1 beta and its dependencies
composer config minimum-stability 'beta'
composer config prefer-stable true
composer require 'drupal/acquia_purge:1.1-beta1'
# Push the code back and enable the module using drush
git add.
git commit -a -m "Add Acquia Purge module"
git push
ssh {{YOUR SSH URI HERE}}
sudo su
cd /var/www/html/{{YOUR ENVIRONMENT NAME HERE}}/docroot/
source /mnt/users/[SITEGROUP NAME]/dev.shell
drush9 en acquia_purge
yes
#>> [success] Successfully enabled: acquia_purge, purge, purge_drush
# list all the available purgers
drush9 p:purger-lsa
#>> --------------------- ---------------------------- ----------------------------------------------
#>> Plugin Label Description
#>> --------------------- ---------------------------- ----------------------------------------------
#>> acquia_purge Acquia Cloud Invalidate content from Acquia Cloud.
#>> acquia_platform_cdn Acquia Platform CDN (beta) Invalidate content from Acquia Platform CDN.
#>> --------------------- ---------------------------- ----------------------------------------------
# Enable the acquia purge and then the acquia_platform_cdn in that order to ensure
# varnish clears first and then platform_cdn clears after a short delay
drush9 p:purger-add acquia_purge
drush9 p:purger-add acquia_platform_cdn
# Enable the other purge modules that need manually enabled for some reason
drush9 pm:list | grep purge
drush9 en purge_processor_cron
drush9 en purge_processor_lateruntime
drush9 en purge_queuer_coretags
drush9 en purge_tokens
drush9 en purge_ui
drush9 en purge_drush
drush9 pm:list | grep purge
# Run the diagnostic
drush9 p:dia
Important
Acquia balancers have limits on request and response URL, header, and cookie sizes.
Item |
Limit |
Notes |
---|---|---|
Maximum vary fields |
200 / 400 |
Exceeding the soft limit results in no error. Newer variants displace the oldest. |
URL size |
8 KB |
Exceeding the limit results in a too long request string error. |
Cookie size |
32 KB |
Exceeding the limit results in Fastly stripping the cookie and setting req.http.Fastly-Cookie-Overflow = “1”. |
Request header size |
69 KB |
Depending on the circumstances, exceeding the limit can result in:
|
Response header size |
69 KB |
Exceeding the limit results in a 503 backend read error. See Common 503 errors for more information. |
Request header count |
96 |
Exceeding the limit results in a Header overflow error. A small portion of this limit is reserved for internal Fastly use, making the practical limit closer to 85. |
Response header count |
96 |
Exceeding the limit results in a Header overflow error. A small portion of this limit is reserved for internal Fastly use, making the practical limit closer to 85. |
Surrogate key header size |
16 KB |
Exceeding the limit results in no error and any keys past the one that exceeds the limit, are dropped. Acquia Purge keys are 4 bytes + 1byte for the space separator, each implying a maximum of over 3000 tags per object. |
The following products and features are not supported on Platform CDN:
Note
Acquia recommends that you do not use multiple WAFs or CDNs in front of a site while redirecting requests between those WAFs or CDNs. You can leverage Fastly-powered Platform CDN or any other WAF or CDN, including Edge Security or Edge CDN. However, you must avoid using multiple WAFs or CDNs in a layered approach.