Configuration d’Akamai
The following screenshots illustrate how to use the Akamai Property Manager to configure a property to deliver content from AEM using your Akamai CDN setup. Essential settings are marked with a red circle.
Origin Server
Configuration properties:
Add Behavior: Remove Vary Header
Configuration properties:
Add Behavior: Modify Outgoing Request Header
We will need a number of outgoing request headers, please see the table below. Keep the “avoid duplicate headers” setting enabled for all.
Configuration properties:
Add/Modify Behavior: Caching
Configuration properties:
Add Behavior: HTTP/2
(Optional, but recommended)
Add Rule: Modify Outgoing Response Header
In the list of rules in the sidebar, click the button “+ Rules”
Select “Blank Rule Template”, set a name such as “Conditionally strip headers” and click “Insert Rule”.
To set the criteria for the rule to be applied click “+ Match”
Then select:
- If
- Path
- Does not match one of
*.plain.html
Click “+ Behavior” and “Standard property behavior” to set the behavior if a match is found
Then select “Modify Outgoing Response Header”
With following values:
- Action: Remove
- Select Header Name: Other
- Custom Header Name:
X-Robots-Tag
These are all essential property settings for delivering content.
Optional: Authenticate Origin Requests
When using token-based Site Authentication, add the following under “Add Behavior: Outgoing Request Headers”
Configuration properties:
This setting will ensure that Akamai authenticates requests from your CDN to the AEM Origin, which validates the token received in the Authorization header.
Caveats
Do not enable Akamai mPulse Real Usage Monitoring. While the performance impact on most sites is negligible, for sites built for consistent high performance, enabling it will prevent reaching a Lighthouse Score of 100. In AEM, you have a Real Use Monitoring service built-in, so that dual instrumentation will be unnecessary and is strongly discouraged.
Also, do not enable Akamai Bot Manager Premier (also called “Transactional Endpoint Protection”) or similar Web Application Firewall offerings, as they markedly interfere with rendering performance and user experience. Your site on AEM is protected against bot attacks on the backend, so that this performance cost comes with negligible benefit.
Setup push invalidation for Akamai
Push invalidation automatically purges content on the customer’s production CDN (e.g. www.yourdomain.com), whenever an author publishes content changes.
Content is purged by url and by cache tag/key.
Push invalidation is enabled by adding specific properties to the project’s configuration (an Excel workbook named .helix/config.xlsx in Sharepoint or a Google Sheet named .helix/config in Google Drive).
Configuration properties:
AEM push invalidation uses the Akamai Fast Purge API, specifically Delete by URL and Delete by cache tag.
The Fast Purge API credentials consist of
host = akaa-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.luna.akamaiapis.net
client_token = akab-XXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXX
client_secret = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
access_token = akab-XXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXX
They can be generated by following the instructions at Create an API client with custom permissions.
Go to Identity & Access Management:
Create API client:
Required group/role permissions:
You can validate the credentials with this tool.
Special Mention - Akamai Edge-Control Headers
AEM uses a fine tuned, production hardened way to supply caching information that applies to the specific CDN, in conjunction with our reliable push invalidation. This allows us to improve cache efficiency and consistency over traditional TTL based approaches.
Every CDN vendor supports a way to directly influence how to instruct caching and we are excited to see standardization efforts like “Targeted Cache Control” (TCC) being on the roadmap for Akamai (see: https://www.akamai.com/blog/news/targeted-cache-control), in the meantime we are using Akamai’s long-term supported Edge-Control header.