1

REF: https://en.wikipedia.org/wiki/Content_delivery_network

A content delivery network or content distribution network is a system of computers where our website is stored so it’s data (images/videos) can be served from multiple locations. However I dont want to use any online paid/unpaid CDN services but would like to setup CDN on my own high speed server. I did google a lot but dont see any such CDN script which i can install on my server.

I am looking for such script which can support High level cache-control.

Can you please share if you know any good CDN script developed in PHP?

Michael Irigoyen
  • 22,513
  • 17
  • 89
  • 131
Rahul Deshmukh
  • 21
  • 1
  • 1
  • 5
  • 4
    a CDN uses multiple widespread servers so the content being served is "closer" to the users. A single server is **NOT** a cdn, no matter how fast it may be. – Marc B Jun 05 '13 at 15:24
  • Welcome to Stack Overflow. If you haven't already, you should give the [about page](http://stackoverflow.com/about) a read (spoiler alert, there's a badge in it for you). –  Jun 05 '13 at 15:30
  • Well the 1st line of wikipedia article you linked says "A content delivery network or content distribution network (CDN) is a large distributed system of servers deployed in multiple data centers across the Internet." So as Marc B said, one server is NOT a CDN. – user1190992 Jun 05 '13 at 15:31

1 Answers1

7

This isn't done in PHP, this done in Apache.

What I've done on my own home server (that's probably what you want) is set up a cookieless sub-domain for serving content, and enable caching and GZip. The following Apache configurations are all located in a .htaccess file in the website directory.

# GZIP compression
SetOutputFilter DEFLATE

BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(eot|ico|gif|jpe?g|php|png|ttf|svg|woff)$ no-gzip dont-vary

# Fonts on a cookieless subdomain
<FilesMatch "\.(eot|ttf|svg|woff)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>


# Cookieless Static Content
<FilesMatch "\.(css|eot|ico|gif|jpe?g|js|png|ttf|svg|woff)$">
Header unset Cookie
Header unset Set-Cookie
</FilesMatch>

# Caching
ExpiresActive On
ExpiresDefault A0

<FilesMatch "\.(eot|ico|gif|jpe?g|png|ttf|svg|woff)$">
# 2 year caching for images and stuff
ExpiresDefault A31536000
Header append Cache-Control "public"
</FilesMatch>

<FilesMatch "\.(css|js)$">
# 1 week caching for styles and scripts
ExpiresDefault A604800
Header append Cache-Control "public"
</FilesMatch>

#Other Header Manipulation
FileETag MTime Size
Header unset X-Powered-By
AddDefaultCharset UTF-8
DefaultLanguage en-US

So long as you don't mind caching and GZip on your primary domain (which you shouldn't), just link to your cookieless content using your designated cookielesss sub-domain, and Apache takes care of the rest.

Update

I added a few things I've learned about since posting this answer, such as:

  • Allowing any domain to link to fonts so that they may be served without cookies.
  • Setting the ETAG header since it should be set.
  • A few other header fields that aren't bad to include/get rid of.

However, there's one last security concern to keep in mind if you're using HTTPS, and that is BREACH. To protect against this decryption technique, you can remove gzip compression from any page that displays dynamic content (GZIPping static content like static HTML, CSS, or JS is still ok). To avoid compressing a certain file type (like PHP), add it to the SetEnvIfNoCase directive near the start of this config.

Alternatively, you can keep compression enabled and use the GCM cipher method since the BREACH family of attacks only work on the CBC cipher method. As much as I hate to be "that guy", the manual is really the best reference for this if you want to get into configuring such things. It's a fairly complicated topic and the manual does a good job of explaining the basics.

Community
  • 1
  • 1
  • 1
    @MathewFoscarini I've updated my answer with a little more information that I've learned since June 5th. I'm glad that someone found this helpful! –  Oct 15 '13 at 15:36
  • Awesome. Thanks for the update. For my setup I had to add `RewriteEngine Off` otherwise I got a 500 error. It was causing an internal redirect loop (don't know why). Do you have any tips for multi subdomains? (s1.example.com, s2.example.com, s3.example.com) to hold static content? That's my setup. It all points to the same webroot folder. – Reactgular Oct 15 '13 at 15:54
  • @MathewFoscarini That's odd. Nothing in the above configuration should be interfering with a rewrite. And if you want to use multiple sub-domains, you should link the files manually in the HTML using one of your sub domains. Doing any kind of redireting in `.htaccess` would be bad because that'd be a lot of unnecessary redirects, which is a lot worse for page load times than serving cookies on static content. –  Oct 15 '13 at 16:12
  • It's all hardcoded URLs in the HTML. I'm not sure why I have the rewrite issue. It must be something i've done elsewhere in Apache. I'll look into it later. – Reactgular Oct 15 '13 at 17:14