Platform.sh User Documentation

Set up your Fastly CDN

Upsun Beta

Access our newest offering - Upsun!

Get your free trial by clicking the link below.

Get your Upsun free trial

You can use a CDN to deliver your site’s content to users more quickly.

To set up a Fastly CDN with your own Fastly subscription, follow the instructions on this page.

If you are using a Fastly CDN provided by Platform.sh, for example as part of a Dedicated project,
see guidance about Fastly CDNs managed by Platform.sh.

Before you begin Anchor to this heading

You need:

  • An up-and-running Platform.sh project
  • A Fastly CDN subscription

1. Avoid double-caching Anchor to this heading

To avoid stale content that can’t be cleared, avoid using Fastly with HTTP caching.

For routes where Fastly is used, disable HTTP caching using the following configuration:

.platform/routes.yaml
https://{default}/:
    type: upstream
    ...
    cache:
        enabled: false

2. Set up your Fastly CDN Anchor to this heading

To properly configure your Fastly CDN, see the Fastly official documentation on how to get started. Then set up a custom domain. To get the DNS challenge to succeed, have your CDN point to your project’s target URL.

3. Handle apex domains Anchor to this heading

To start routing client traffic through Fastly, create CNAME records for your domain names through your DNS provider. CNAME records can’t point to apex domains. As a workaround, Fastly offers Anycast options.

4. Optional: Protect your site from on-path attacks Anchor to this heading

An on-path attack occurs when a hacker intercepts or modifies the communication between a client and a server. This can lead to sensitive data leaks. To prevent such attacks, make sure all communication with your site is encrypted through HTTPS and can’t be downgraded to HTTP.

To do so, enable HTTP strict transport security (HSTS). HSTS forces clients to always communicate with your site over HTTPS.

You can enable HSTS in your Fastly account. All HTTP requests are then automatically redirected to HTTPS.

Is this page helpful?