Fastly can be used as a Content Delivery Network in front of your Platform.sh project. Everyone can opt for your own Fastly CDN (or any other) or utilize the managed Fastly CDN provided by Platform.sh (for Elite and Enterprise customers). This article will details the setup of your own Fastly subscription
- An up-and-running Platform.sh project
- A Fastly CDN subscription
Set up your Fastly CDN
On the Fastly side: refer to Fastly official documentation on how to get started
- Decide on a custom domain will be used to access your project with Fastly in front of it
- In Fastly have the custom domain point to your project's target URL with a
- Add the domain to Platform
- Visit the custom domain in your browser to verify that it is all set up correctly
Handling apex domains
CNAME records can’t point to apex domains, Fastly offers Anycast options
To avoid stale content that can’t be cleared, avoid using Fastly with HTTP caching.
For routes where Fastly is used, disable HTTP caching using the following configuration:
To allow our Let's Encrypt TLS-certificate provisioning works for your domain, ensure that
- The domains point to your CDN
_acme-challenge.subdomain, as in
_acme-challenge.example.com, points to your CDN
/.well-known/route, as in
https://www.example.com/.well-known/, is accessible with no redirects
If you don’t follow those requirements, you get an error message similar to:
W: Failed to verify the challenge at the gateway for the domain 'www.example.com'
E: Error validating domain www.example.com: Couldn't complete challenge [HTTP01: The client lacks sufficient authorization]
Protect your site from on-path attacks
An on-path attack occurs when a hacker intercepts or modifies the communication between a client and a server. This can lead to sensitive data leaks. To prevent such attacks, make sure all communication with your site is encrypted through HTTPS and can’t be downgraded to HTTP.
To do so, enable HTTP strict transport security (HSTS). HSTS forces clients to always communicate with your site over HTTPS.
You can enable HSTS in your Fastly account. All HTTP requests are then automatically redirected to HTTPS.
Managed Fastly CDN
- Dedicated projects include a managed Fastly CDN by default
- To add a managed Fastly CDN to your project, contact sales
- To modify any settings for a managed Fastly CDN, open a support ticket