Anyone using a CDN?

[Bryan Cockerham]

Hey guys,

We’ve been using Amazon’s CloudFront but now have two issues:

1. browsers complaining more nowadays about SSL sites hosting non-SSL content

2. Using their DNS Name and SSL Cert, we get Ajax errors when pulling things like font files. 

 

Anyone have a CDN they like?

 

BTW, we built a sick Mongo cluster with 12 servers and communication over 0MQ sockets.  If anyone’s going the MongoDB route, and doesn’t want to go through all the pitfalls, let me know.

 

-Bryan

 

 

 

 

 

--

about me: bryancockerham.com

 

 

 

[Jonathan Kraska]

Hey man,

I've used rackspace cloud files... its roughly the same thing and not any better.  

1) Yeah that unfortunately is often an issue.  The nature of CDNs is that while they support SSL, they dont easily support SSL with your custom SSL certificate.  So basically if you are using a CName to make the cdn url nice, it will throw a cert error under SSL because the certificate wont match up to the domain.  

I believe cloudfront does support custom certificates these days http://aws.amazon.com/cloudfront/custom-ssl-domains/  this would fix your problem, but i think its expensive.  

The work-around that i've been using is to simply not use the CName url when the user is on SSL pages and instead use the ugly full cdn url with https.  Its not pretty, but it works.  

2) - this isnt a CDN issue per-say.  fonts and ajax requests are subject to same origin policy http://en.wikipedia.org/wiki/Same-origin_policy .  Basically for security reasons your browser wont load assets from other domains unless granted proper access. I'm not totally sure how to set it up on amazon, but basically you need to set the AllowedOrigin header to * or your website domain.  I'm sure you can find instructions - this url might help http://html5hacks.com/blog/2012/11/18/configure-amazon-s3-for-cross-origin-resourse-sharing-to-host-a-web-font/  

-Kraska

--
--
EG. Making a come back.
 
To post to this group, send email to nyit-pro...@googlegroups.com
To unsubscribe from this group, send email to
nyit-programme...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nyit-programmers?hl=en
---
You received this message because you are subscribed to the Google Groups "NYIT Programmers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nyit-programme...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Bryan Cockerham]

Yea, Custom Certs on Cloudfront are $600/ MONTH!

 

I’ve tried the Allowed Origin headers.  Unfortunately, we don’t use S3 to host our files. We use an AWS server as an origin (just works better this way for our setup).  “In theory,” Cloudfront is supposed to forward the AllowedOrigin header from our server, but in reality, it seems everyone has issues with it. 

 

Thanks a bunch for these responses.  If it comes to a point where we have to do something immediate, we might just sacrifice and move our CDN files an S3 bucket.  I hear the S3 API is easy enough.

 

We’re actually heavily looking into Rackspace today.  Are their prices for Custom SSL over CDN reasonable?

[Jonathan Kraska]

Last i checked, Rackspace doesnt offer custom SSL certs for cloudfiles .  Even if they did, i'm sure it would be similarly priced to amazon.