Documentation

Fastly Setup

Last update: Fri Feb 16 2024 00:00:00 GMT+0000 (Coordinated Universal Time)

The following screenshots illustrate how to configure Fastly to deliver content. Essential settings are marked with a red circle.

Setup push invalidation for Fastly

Push invalidation automatically purges content on the customer’s production CDN (e.g. www.yourdomain.com), whenever an author publishes content changes.

Content is purged by url and by cache tag/key.

Push invalidation is enabled by adding specific properties to the project’s configuration (an Excel workbook named .helix/config.xlsx in Sharepoint or a Google Sheet named .helix/config in Google Drive).

Configuration properties:

key
value
comment
cdn.prod.host
<Production Host>
Host name of production site, e.g. www.yourdomain.com
cdn.prod.type
fastly
cdn.prod.serviceId
<Fastly Service ID>
Service ID of production service
cdn.prod.authToken
<Fastly API Token>

To create a Fastly API Token,

  • go to Personal API Tokens,
  • click on “Create Token”,
  • enter a name (e.g. "Production Site Purge Token"),
  • select “A specific service” and your production service from the drop-down list,
  • check the “Purge select content (purge_select) — Purge by URL or surrogate key” check box,
  • select “Never expire”,
  • click on “Create Token”,
  • copy the generated token value shown in the pop-up window.

You can validate the credentials with this tool.

Create a Fastly service

Go to the Fastly Management UI and select Create Service:

Add Domain

Add your production domain (e.g. www.mydomain.com):

Configure Origin

Add your origin (e.g. main--mysite--hlxsites.hlx.live):

Click on the pencil to edit the new origin:

Scroll down and change Shielding to Ashburn Metro (IAD) (non-mandatory but recommended setting) and Override host to the hostname of your origin (same as Address above, e.g. main--mysite--hlxsites.hlx.live) (mandatory setting):

Enable Gzip

Create VCL Snippets

Create a VCL snippet for the recv subroutine with the following VCL code:

if (req.url.path !~ "/media_[0-9a-f]{40,}[/a-zA-Z0-9_-]*\.[0-9a-z]+$"
  && req.url.ext !~ "(?i)^(gif|png|jpe?g|webp)$"
  && req.url.ext != "json"
  && req.url.path != "/.auth") {
  // strip query string from request url
  set req.url = req.url.path;
}

Create VCL snippets for the miss and pass subroutines with the following VCL code:

set bereq.http.X-BYO-CDN-Type = "fastly";
set bereq.http.X-Push-Invalidation = "enabled";

NB: The X-Push-Invalidation: enabled request header enables the push invalidation incl. long cache TTLs.

miss snippet:

pass snippet:

Finally create a deliver snippet with the following VCL code:

unset resp.http.Age;

if (req.url.path !~ "\.plain\.html$") {
  unset resp.http.X-Robots-Tag;
}

After completing all steps and activating the service version you should be all set:

Note

Your Fastly setup should not use Fastly’s Next Generation Web Application Firewall for requests that are going against hlx.live or any other Edge Delivery Services origin. Enabling WAF with Edge Delivery Services can lead to erroneous content being delivered.

Edge Delivery Services needs no Web Application Firewall, as it is running on hardened, shared, and ultra-scalable infrastructure. Requests that a WAF would typically intercept are terminated in our CDNs.

recommendation-more-help
10a6ce9d-c5c5-48d9-8ce1-9797d2f0f3ec