Extend CDN functionality with FastEdge
Integrate your CDN resource with FastEdge if you need to introduce additional functionality to Gcore CDN and customize its behavior for various use cases.
Such a setup allows you to extend the CDN beyond standard features and implement advanced logic for:
- Authentication checks. Deploy FastEdge apps based on the JWT authentication template or develop a custom authentication functionality.
- Custom headers modification. Adjust header information on requests for personalized and more secure content delivery.
- Custom access rules. Use advanced geo-blocking and time-based blocking to control user access to your content and mitigate potential threats.
How it works
Unlike traditional HTTP applications, a CDN application in FastEdge must be developed according to the Proxy-Wasm (WebAssembly for Proxies). This ensures compatibility and standardization across different CDN environments.
The application is called at the early stage of CDN processing, allowing for immediate intervention and customization. We’re actively working on new interception points across the CDN workflow to cover many use cases.
The FastEdge application can be invoked at the following stages of the CDN processing workflow:
- On request headers: when we receive an HTTP request from a client.
- On request body: when we receive an HTTP request body from a client.
- On response headers: before we start sending HTTP response headers to a client
- On response: before we start sending an HTTP response to a client.
You can only configure one application per stage.
Set up FastEdge integration with the CDN
To get started, you need a CDN resource configured for your origin. If you don’t have Gcore CDN set up, follow the instructions in this guide: Create a CDN resource.
Step 1. Create a FastEdge application
You can deploy an application from a predefined template or from a custom Wasm file. If you choose the latter option, ensure your Wasm binary file complies with the WebAssembly standard for proxies.
Currently, you can use a predefined template to enable authentication in your application. The template is configured to verify the JSON Web Token (JWT) in the request header.
To deploy an application from the template:
- In the Gcore Customer Portal, navigate to FastEdge.
- Open the CDN Applications page and click Create new application.
- In the Create from a template section, choose Validate JWT in Authorization header.
- Enter a name for your application and, optionally, update its description.
- Add required environment variables, such as a token signing key that will be used for authentication checks.
- Click Save and deploy.
Your application has been successfully deployed and can now be accessed through the CDN.
If you need to adjust the configuration, click Actions > Edit application.
Currently, you can use a predefined template to enable authentication in your application. The template is configured to verify the JSON Web Token (JWT) in the request header.
To deploy an application from the template:
- In the Gcore Customer Portal, navigate to FastEdge.
- Open the CDN Applications page and click Create new application.
- In the Create from a template section, choose Validate JWT in Authorization header.
- Enter a name for your application and, optionally, update its description.
- Add required environment variables, such as a token signing key that will be used for authentication checks.
- Click Save and deploy.
Your application has been successfully deployed and can now be accessed through the CDN.
If you need to adjust the configuration, click Actions > Edit application.
If you want to deploy a FastEdge application from your own binary, check the examples of custom implementation in our repository: FastEdge application examples.
To deploy a FastEdge application from your own binary:
- In the Gcore Customer Portal, navigate to FastEdge.
- Open the CDN Applications page and click Create new application.
- Click Upload binary.
- Choose your custom binary file. If you add multiple files, click Save binary to confirm and upload the selected files.
- Enter a name for your application and, optionally, add a description.
- Add required environment variables that will be used for authentication checks. Enter the data as key-value pairs.
If you’re adding sensitive information or want to ensure that any data in the app’s configuration remains secure, encrypt the variables. Click Encrypt next to the value you want to secure:
The provided value will be replaced with the Encrypted Value text, and the Revert button will appear next to encrypted value. This button allows you to restore the original version if needed.
We store all encrypted variables in a separate table in the database to protect your information from potential security breaches or unauthorized access.
Warning
You won’t be able to update the encrypted variable after creating the application. To change the value, delete the existing variable and add a new encrypted variable with the updated value.
Note that you won’t be able to view the original unencrypted value once you save the configuration.
- Click Save and deploy.
Your application has been successfully deployed and can now be referenced from CDN resource settings. To adjust the configuration, click Actions > Edit application.
Step 2. Enable FastEdge functions for your CDN resource
You can enable the configured Wasm functionality for the whole CDN resource or just some URLs.
- In the Gcore Customer Portal, navigate to CDN.
- Find the resource you want to integrate with FastEdge and open the resource settings.
-
Scroll the page down to the FastEdge apps section and enable the toggle for the event you need.
Currently, we support four events: On request headers, on request body, on response headers, and on response body.
- Choose your application from the dropdown.
- (Optional) Select the Interrupt request processing in case of error checkbox.
Info
The Interrupt request processing in case of error checkbox is enabled by default. This ensures that any errors on the FastEdge side will be returned to the browser with the relevant response code. If you disable the checkbox, CDN will ignore the error and pass requests directly to the origin. For security considerations, we recommend keeping this checkbox active.
- Click Save.
- In the Gcore Customer Portal, navigate to CDN.
- Find the resource you want to integrate with FastEdge and open the resource settings.
-
Scroll the page down to the FastEdge apps section and enable the toggle for the event you need.
Currently, we support four events: On request headers, on request body, on response headers, and on response body.
- Choose your application from the dropdown.
- (Optional) Select the Interrupt request processing in case of error checkbox.
Info
The Interrupt request processing in case of error checkbox is enabled by default. This ensures that any errors on the FastEdge side will be returned to the browser with the relevant response code. If you disable the checkbox, CDN will ignore the error and pass requests directly to the origin. For security considerations, we recommend keeping this checkbox active.
- Click Save.
You can set up a function within your uploaded FastEdge application to manage incoming request headers only for specific URLs. For example, protect some parts of your content with a JWT token, and keep the other URLs unaffected.
To enable the function for specific URLs:
- In the Gcore Customer Portal, navigate to CDN.
- Find the resource you want to integrate with FastEdge and open the resource settings.
- Click Rules > Create rule.
-
Click Create blank rule.
-
Give your rule a name.
-
In the Match criteria section, specify the content affected by the function configured in your FastEdge application.
-
In the Options section, click Add option.
-
Scroll the page down to the FastEdge apps section and enable the toggle for the event you need.
Currently, we support four events: On request headers, on request body, on response headers, and on response body.
- Choose your application from the dropdown.
- (Optional) Select the Interrupt request processing in case of error checkbox.
Info
The Interrupt request processing in case of error checkbox is enabled by default. This ensures that any errors on the FastEdge side will be returned to the browser with the relevant response code.
If you disable the checkbox, CDN will ignore the error and pass requests directly to the origin. For security considerations, we recommend keeping this checkbox active.
- Click Create rule.
Disconnect FastEdge from CDN
If you no longer need to use the functionality configured in your FastEdge application, you can disable the FastEdge functions for your CDN resource.
The steps will slightly differ depending on whether you remove FastEdge from the whole CDN resource or just specific URLs.
- In the Gcore Customer Portal, navigate to CDN.
- Find the resource integrated with FastEdge and open the resource settings.
- If you enabled FastEdge for a whole CDN resource, disable the toggles you no longer need.
- If you enabled Fast Edge just for particular paths, open the Rules page and disable the toggle for the required rule.
- Click Save changes.
You’ve successfully disconnected your CDN resource from FastEdge.
Delete CDN application in FastEdge
Info
You can’t delete an enabled Fastedge application connected to a CDN resource. To remove the application, disconnect it from the CDN resource first.
To delete an application:
- In the Gcore Customer Portal, navigate to FastEdge.
- Open the CDN Applications page and click the three-dot icon next to the application that you want to remove.
- Click Delete.
- Confirm your action by clicking Yes, delete.
You’ve successfully removed your CDN application from Gcore FastEdge.