Welcome to Centmin Mod Community
Become a Member

CDN KeyCDN Setup

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Jimmy, Feb 15, 2017.

  1. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    11:33 PM
    1.13.x
    MariaDB 10.1.x
    Going to be using KeyCDN when I upgrade my forum. Checking out the setup options and had a few questions. Though maybe this would be good for someone setting up a website using SSL and KeyCDN.

    1. Do I have to purchase 2 separate SSL Certs for my site? 1 for my main site and 1 for cdn.domain.com? Assuming that I'm not purchasing a wildcard cert which are more expensive than 2 single certs.

    ZONE SETUP
    General_Zone_settings.png

    2. Zone name - I'm assuming this is the sub-domain - ie zonename.keycdn.com? So here I would enter zonename?

    COMMON ZONE SETTINGS
    Screenshot from 2017-02-15 01-54-44.png
    3. Force Download? Advantages / disadvantages to enabling / disabling this?
    4. CORS? Advantages / disadvantages to enabling / disabling this?
    5. Any recommendations on Expire?
    6. Allow Empty Referrer? Recommendations for this?
    7. SSL - asks for a SSL cert. I should purchase a cert for whatever the Zonealias is? ie whatever.domain.com?
    8. If I'm using a SSL, should I force SSL if my site is all SSL?

    PULL ZONE SETTINGS #1
    pullzone1.png

    9. Should I use the Origin Shield?
    10. Max Expire? Recommend settings?
    11. Ignore Cache Control? Recommend settings?
    12. Ignore Query String? Recommend settings?
    13. Forward Host Header? Should I enable this?
    14. Cache Cookies / Strip Cookies? What settings are the best here?
    15. X-Pull Key - if using an SSL should this be changed?

    PULL ZONE SETTINGS #2
    2.png

    16. Custom Robots.txt. Centmin Mod has bad bots, should I populate this with that list?

    Thanks for any information.
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    1:33 PM
    Nginx 1.13.x
    MariaDB 5.5
  3. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    11:33 PM
    1.13.x
    MariaDB 10.1.x
    I can figure out most of what to use for the settings. My goal was to create a guide for people who want to use KeyCDN with Centmin Mod. If you have any recommendations for the settings, let me know. :) There are a lot of settings which even after reading the docs still aren't simple to understand.
     
    • Like Like x 1
  4. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    1:33 PM
    Nginx 1.13.x
    MariaDB 5.5
    • Informative Informative x 2
  5. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    11:33 PM
    1.13.x
    MariaDB 10.1.x
  6. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    11:33 PM
    1.13.x
    MariaDB 10.1.x
    @eva2000 do you know if there are any disadvantages to using 2 SSL certs for a site using KeyCDN?
    • 1 SSL Cert for the site.
    • 1 SSL Cert for the CDN sub-domain.

    It's a lot cheaper to purchase standard certs vs. paying ~$80+ for a wildcard. According to this doc CDN SSL - 4 Simple Steps to Integrate your SSL Certificate I can use a standard cert.
    One of the advantages I see is that the CDN wouldn't have my private keys if I was using 2 separate SSL certs. They'd only have my CDN SSL private key and not my wildcard private key.
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    1:33 PM
    Nginx 1.13.x
    MariaDB 5.5
    Well SSL Wildcard SSL certificates can be had for <$US40/yr for GGSSL Wildcard SSL certs https://community.centminmod.com/threads/premium-user-membership-explained.1080/#post-4794. Centminmod.com and this forum and 100s of subdomains run off a single GGSSL Wildcard SSL certificate which is basically a Comodo SSL Wildcard certificate :)

    Not much of a disadvantage if it's for remote CDN usage. The advantage of SSL wildcard would be if you have multiple HTTP/2 based HTTPS hostnames serving assets on your site which point back to the same IP - see tip 7 for Implement Smart Sharding at 7 Tips to Improve HTTP2 Performance | NGINX or if you have multiple CDN subdomains off of HTTP/2 HTTPS i.e. CDN alias custom CNAMEs i.e. cdn1.domain.com, cdn2.domain.com etc all using same SSL Wildcard cert.
     
    • Like Like x 1
  8. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    11:33 PM
    1.13.x
    MariaDB 10.1.x
    Wouldn't it be a security issue if you had to upload the wildcard private key to keycdn? I'm just thinking if they got hacked or something the hacker would get the private keys of the server. Using 2 SSL Certs would isolate the domain cert from the subdomain cert used for keycdn.

    I really don't plan on setting up any subdomains for the site.

    Obviously, there are a lot of advantages to buying a wildcard ssl. But I can get a PositiveSSL for $4.95 a year... $15 for 3 years x 2 = $30 for 3 years (site / cdn subdomain). That's super cheap.
     
  9. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    1:33 PM
    Nginx 1.13.x
    MariaDB 5.5
    Yeah if you're operating an ecommerce site or something like that. If keys are compromised just rotate the keys and reissue :) As I supply my own commercial SSL certificates like Comodo/RapidSSL/GGSSL domain validated and wildcards, I have full control and can easily reissue when I need to :)

    Just depends on how many subdomains you have. For me, I can easily have 50-100 subdomains off the same SSL wildcard cert is it works out alot cheaper than individual domain validated SSL certs each at 4.95 x 100 = $495/yr LOL

    Versus $40/yr SSL Wildcard / 100 = $0.40/domain per year :)
     
    • Like Like x 1
  10. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    11:33 PM
    1.13.x
    MariaDB 10.1.x
    I'm going to have more separate sites... 15 total. For each site I'm going to need a site SSL and an SSL for the CDN, no subdomains. So, I think it makes sense to purchase the separate SSL certs vs. the wildcard. Even if I just go per year @ $10 for the 2 standard certs, if I need a wildcard down the road, paying $10 isn't going to break the bank.

    Thanks for the info! :)
     
  11. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    1:33 PM
    Nginx 1.13.x
    MariaDB 5.5
    • Like Like x 1
  12. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    11:33 PM
    1.13.x
    MariaDB 10.1.x
    That's a great option! :)

    Reading more about CDNs, I think I might go with MaxCDN. Everywhere I read it says MaxCDN is much faster than KeyCDN. Any opinion on MaxCDN? I haven't searched the forum here for a MaxCDN thread yet.
     
  13. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    1:33 PM
    Nginx 1.13.x
    MariaDB 5.5
    MaxCDN is expensive as hell but faster !
     
  14. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    11:33 PM
    1.13.x
    MariaDB 10.1.x
    Yea, it is a little pricey. Different payment model vs KeyCDN.
     
  15. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    1:33 PM
    Nginx 1.13.x
    MariaDB 5.5
    I had to let go of a few of my cdn accounts due to higher prices with expiry as not enough traffic and revenues to justify keeping them around so bye bye keycdn, maxcdn and cdn77 for now.
     
  16. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    11:33 PM
    1.13.x
    MariaDB 10.1.x
    I thought you were using Cloudflare?

    I still might go with KeyCDN. I really like to pay as you go.
     
  17. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    1:33 PM
    Nginx 1.13.x
    MariaDB 5.5
    I also use cloudflare as i also test and evaluate all types of solutions for my paying clients for my paid optimisation consulting :)
     
  18. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    11:33 PM
    1.13.x
    MariaDB 10.1.x
    Wow, Cloudfront is even more pricey than MaxCDN. Their prices are crazy expensive. South America is .25 per GB.

    They charge for all of the below... holy cow!
    • Regional Data Transfer Out to Internet (per GB)
    • Regional Data Transfer Out to Origin (per GB)
    • Request Pricing for All HTTP Methods (per 10,000)
    MaxCDN for $40 a month I get 3 sites, 500GB of bandwidth, and .07 overage.

    KeyCDN is the cheapest @ .04 just about everywhere.
     
  19. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    11:33 PM
    1.13.x
    MariaDB 10.1.x
    Last edited: Apr 29, 2017
  20. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    11:33 PM
    1.13.x
    MariaDB 10.1.x
    • Like Like x 1