diff --git a/pages/edge-services/concepts.mdx b/pages/edge-services/concepts.mdx index ec8c418ef1..9847db3170 100644 --- a/pages/edge-services/concepts.mdx +++ b/pages/edge-services/concepts.mdx @@ -4,14 +4,24 @@ description: Understand Scaleway Edge Services terminology with our glossary of tags: edge-services edge services pipeline custom-domain cache dates: creation: 2024-07-24 - validation: 2025-09-22 + validation: 2026-06-09 --- import image from './assets/scaleway-edge-services-pipeline.webp' +## Backend + +A backend (formerly referred to as [origin](#origin)) is the primary source from which a Scaleway Edge Services pipeline retrieves and caches data. An Edge Services backend can consist of either: + +- An [Object Storage bucket](/object-storage/how-to/create-a-bucket/), or +- A [Load Balancer](/load-balancer/how-to/create-load-balancer/) and frontend port that Edge Services connects to in order to request content, and (optionally) a specified [host](#destination-host) associated with the Load Balancer, used in the HTTP request `Host` header. + + +An Edge Services backend is different from a [Load Balancer backend](/load-balancer/reference-content/configuring-backends/), which is a backend server receiving requests forwarded by a [Load Balancer frontend](/load-balancer/reference-content/configuring-frontends/). + ## Cache -The storage location where Edge Services stores copies of content that it has retrieved from a given origin. When users request content from the Edge Services endpoint, it serves content directly from the cache wherever possible, in accordance with the caching rules defined by the user. This reduces load on the origin bucket or Load Balancer/backend servers. +The storage location where Edge Services stores copies of content that it has retrieved from a given backend. When users request content from the Edge Services endpoint, it serves content directly from the cache wherever possible, in accordance with the caching rules defined by the user. This reduces load on the bucket or Load Balancer/backend servers. Note that if an object has a caching directive, the caching directive always takes precedence over any lifetime setting defined in Edge Services. @@ -28,38 +38,31 @@ Refer to [CNAME records for Edge Services](/edge-services/reference-content/cnam ## Edge Services Edge Services is an additional feature for Scaleway Load Balancers and Object Storage buckets. It provides: -- A [caching service](/edge-services/how-to/configure-cache/) to improve performance by reducing load on your [origin](#origin) -- A [Web Application Firewall](/edge-services/how-to/configure-waf/) to protect your origin from threats and malicious activity +- A [caching service](/edge-services/how-to/configure-cache/) to improve performance by reducing load on your [backend](#backend) +- A [Web Application Firewall](/edge-services/how-to/configure-waf/) to protect your backend from threats and malicious activity - A customizable and secure [endpoint](#endpoint) for accessing content via Edge Services, which can be set to a subdomain of your choice. Read the [Edge Services Quickstart](/edge-services/quickstart/) to get started. ## Endpoint -The endpoint from which a given Edge Services pipeline can be accessed, e.g. `https://pipeline-id.svc.edge.scw.cloud`. When a client requests content from the Edge Services endpoint, it is served by Edge Services and its cache, rather than from the origin (Object Storage bucket or Load Balancer backend servers) directly. Edge Services automatically manages redirection from HTTP to HTTPS. +The endpoint from which a given Edge Services pipeline can be accessed, e.g. `https://pipeline-id.svc.edge.scw.cloud`. When a client requests content from the Edge Services endpoint, it is served by Edge Services and its cache, rather than from the backend (Object Storage bucket or Load Balancer) directly. Edge Services automatically manages redirection from HTTP to HTTPS. The endpoint can be customized with a user-defined subdomain, allowing you to replace the standardized endpoint with the subdomain of a domain you already own, e.g. `http://my-own-domain.com`. An associated [certificate](#certificate), and [CNAME record](#cname-record) will be required, in this case. ## Exclusions -In the context of an Edge Services [Web Application Firewall](#web-application-firewall), exclusions let you define filters for requests that should not be evaluated by WAF, but rather pass straight to the Load Balancer origin. Learn more about [creating exclusions](/edge-services/how-to/configure-waf/#how-to-set-exclusions). +In the context of an Edge Services [Web Application Firewall](#waf), exclusions let you define filters for requests that should not be evaluated by WAF, but rather pass straight to the backend. Learn more about [creating exclusions](/edge-services/how-to/configure-waf/#how-to-set-exclusions). ## Origin -The primary source from which a Scaleway Edge Services pipeline retrieves and caches data. An origin can consist of either: - -- An [Object Storage bucket](/object-storage/how-to/create-a-bucket/), or -- A [Load Balancer](#origin-load-balancer) and frontend port that Edge Services connects to the request content, and (optionally) a specified [host](#origin-host) associated with the Load Balancer, used in the HTTP request Host Header. - -## Origin host - -In the case of a Load Balancer origin, the specific host for which Edge Services requests and caches data. This is an optional setting: when specified, this host (e.g. `mydomain.com`) is used in the HTTP Host Header when Edge Services requests data from the Load Balancer. If no origin host is specified, the `Host` from the incoming request will be used. +Previously, the term origin was used to describe a Load Balancer or Object Storage bucket that was the target of an Edge Services pipeline. Moving forward, for enhanced clarity, we will use the term [backend](#backend) rather than origin. -The origin host must be associated with the origin Load Balancer / its backend servers, and only one host may be set per pipeline. If your Load Balancer is in front of multiple hosts, you can create a separate Edge Services pipeline for each. Each host will therefore get its own Edge Services endpoint and cache. +## Destination host -## Origin Load Balancer +In the case of a Load Balancer as an Edge Services backend, the specific host for which Edge Services requests and caches data. This is an optional setting: when specified, this host (e.g. `mydomain.com`) is used in the HTTP `Host` header when Edge Services requests data from the Load Balancer. If no destination host is specified, the `Host` from the incoming request will be used. -The Load Balancer defined by the user as origin for a given Edge Services pipeline. The pipeline connects to this Load Balancer, on the specified frontend port to request content. +The destination host must be associated with the Load Balancer / its backend servers, and only one host may be set per pipeline. If your Load Balancer is in front of multiple hosts, you can create a separate Edge Services pipeline for each. Each host will therefore get its own Edge Services endpoint and cache. ## Paranoia level @@ -67,16 +70,16 @@ In the context of an Edge Services [Web Application Firewall](#waf), the paranoi ## Pipeline - + -An Edge Services pipeline consists of an [origin](#origin), which Edge Services can protect from threats with a [Web Application Firewall](#web-application-firewall), and for which it also requests and [caches](#cache) content. Each pipeline also has an [endpoint](#endpoint) from which content is accessed and served via Edge Services. The pipeline's endpoint can be customized with a user-defined [subdomain](/domains-and-dns/concepts/#subdomain) and associated [certificate](#certificate) so that Edge Services can serve content over HTTPS. +An Edge Services pipeline consists of a [backend](#backend), which Edge Services can protect from threats with a [Web Application Firewall](#waf), and for which it also requests and [caches](#cache) content. Each pipeline also has an [endpoint](#endpoint) from which content is accessed and served via Edge Services. The pipeline's endpoint can be customized with a user-defined [subdomain](/domains-and-dns/concepts/#subdomain) and associated [certificate](#certificate) so that Edge Services can serve content over HTTPS. -You can create an Edge Services pipeline for each of your Object Storage buckets or Load Balancer origins. Note that caching and WAF can be enabled and disabled at will, so are optional parts of the pipeline, as is the customization of the endpoint. WAF is only available for Load Balancer origins, not Object Storage buckets. +You can create an Edge Services pipeline for each of your Object Storage buckets or Load Balancers. Note that caching and WAF can be enabled and disabled at will, so are optional parts of the pipeline, as is the customization of the endpoint. ## Protocol -The protocol (HTTP or HTTPS) that the Edge Services pipeline should use when sending requests to an origin Load Balancer. HTTPS is recommended, but you should choose the protocol that corresponds with your Load Balancer setup. +The protocol (HTTP or HTTPS) that the Edge Services pipeline should use when sending requests to a backend. HTTPS is recommended, but you should choose the protocol that corresponds to your Load Balancer setup. ## WAF -An Edge Services **W**eb **A**pplication **F**irewall (WAF) evaluates requests to your origin to determine whether they are potentially malicious. You can set the [paranoia level](#paranoia-level) to be used when evaluating requests. Requests that are judged to be malicious are then blocked or logged, depending on the settings you choose. Find out more about [configuring a WAF](/edge-services/how-to/configure-waf/). +An Edge Services **W**eb **A**pplication **F**irewall (WAF) evaluates requests to your backend to determine whether they are potentially malicious. You can set the [paranoia level](#paranoia-level) to be used when evaluating requests. Requests identified as malicious are then blocked or logged depending on your settings. Find out more about [configuring a WAF](/edge-services/how-to/configure-waf/). diff --git a/pages/edge-services/faq.mdx b/pages/edge-services/faq.mdx index 0078ccafa1..df84ab4060 100644 --- a/pages/edge-services/faq.mdx +++ b/pages/edge-services/faq.mdx @@ -2,7 +2,7 @@ title: Edge Services FAQ description: Get answers to the most frequently asked questions about Scaleway Edge Services. Learn about compatible products, billing, key features, and more. dates: - validation: 2025-09-22 + validation: 2026-06-09 productIcon: EdgeServicesProductIcon --- import image from './assets/scaleway-edge-services-pipeline.webp' @@ -12,17 +12,17 @@ import image from './assets/scaleway-edge-services-pipeline.webp' ### What is Edge Services? -Edge Services is a feature for Scaleway Load Balancers and Object Storage buckets. Creating Edge Services [pipelines](/edge-services/concepts/#pipeline) towards your Load Balancers or Object Storage buckets provides: +Edge Services is a comprehensive solution for exposing HTTP services to the internet with built-in security, reliability, and performance. Creating Edge Services [pipelines](/edge-services/concepts/#pipeline) toward your Scaleway resources provides: -- A [caching service](/edge-services/how-to/configure-cache/) to improve performance by reducing load on your [origin](/edge-services/concepts/#origin), and -- A [Web Application Firewall](/edge-services/how-to/configure-waf/) to protect your origin from threats and malicious activity, and +- A [caching service](/edge-services/how-to/configure-cache/) to improve performance by reducing load on your [backend](/edge-services/concepts/#backend), and +- A [Web Application Firewall](/edge-services/how-to/configure-waf/) to protect your backend from threats and malicious activity, and - A customizable and secure endpoint for accessing content via Edge Services, which can be set to a subdomain of your choice and secured with an SSL/TLS certificate. - + ### What is WAF? -**W**eb **A**pplication **F**irewall is a feature available via Edge Services. When enabled, WAF filters requests to your origin to determine whether they are potentially malicious. You can choose the [paranoia level](/edge-services/concepts/#paranoia-level) to be used when evaluating requests, and set [exclusions](/edge-services/concepts/#exclusions) to define traffic that should not be filtered by WAF. Requests that are judged to be malicious are blocked or logged, depending on the settings you choose. Find out more about WAF in our [detailed documentation](/edge-services/reference-content/understanding-waf/). +**W**eb **A**pplication **F**irewall is a feature available via Edge Services. When enabled, WAF filters requests to your backend to determine whether they are potentially malicious. You can choose the [paranoia level](/edge-services/concepts/#paranoia-level) used when evaluating requests, and set [exclusions](/edge-services/concepts/#exclusions) to define traffic that should not be filtered by WAF. Requests identified as malicious are blocked or logged depending on your settings. Find out more about WAF in our [detailed documentation](/edge-services/reference-content/understanding-waf/). ## Pricing and billing @@ -42,10 +42,6 @@ Edge Services is currently available for Scaleway [Object Storage buckets](/obje For now, WAF is only compatible with Load Balancers and Object Storage. You must put other resources behind a Load Balancer in order to benefit from WAF. Watch this space for other solutions in the future. - -WAF can be configured via the console for Load Balancer pipelines only. To configure WAF for an Object Storage bucket pipeline, use the [API](https://www.scaleway.com/en/developers/api/edge-services/). - - ## Specifications ### If I customize my Edge Services endpoint with my own domain, can it serve content over HTTPS? @@ -54,7 +50,7 @@ Yes, if you choose to [customize your Edge Services endpoint with your own subdo ### Can I use WAF and caching simultaneously? -Yes, you can have both of these features enabled at the same time on the same Load Balancer pipeline. WAF protects your Load Balancer origin only: it does not filter requests served by the cache. +Yes, you can have both of these features enabled at the same time on the same pipeline. WAF protects your backend only: it does not filter requests served by the cache. ### What ruleset is used by WAF? Is it updated automatically? diff --git a/pages/edge-services/how-to/configure-cache.mdx b/pages/edge-services/how-to/configure-cache.mdx index de2af82442..c1317b9ab7 100644 --- a/pages/edge-services/how-to/configure-cache.mdx +++ b/pages/edge-services/how-to/configure-cache.mdx @@ -2,23 +2,13 @@ title: How to configure an Edge Services cache description: Learn how to configure a cache for Edge Services. Enhance performance and finely control your cached objects via purging (cache invalidation). dates: - validation: 2025-10-27 + validation: 2026-06-09 posted: 2024-07-24 tags: object-storage edge-services cdn network cache purge --- import Requirements from '@macros/iam/requirements.mdx' -import image from './assets/scaleway-edge-services-lb-dashboard.webp' -import image2 from './assets/scaleway-edge-services-cache.webp' -import image3 from './assets/scaleway-edge-services-lb-dashboard.webp' -import image4 from './assets/scaleway-edge-services-purge-cache.webp' -import image5 from './assets/scaleway-edge-services-lb-dashboard.webp' -import image6 from './assets/scaleway-edge-services-purge-cache.webp' -import image7 from './assets/scaleway-edge-services-purge-object.webp' -import image8 from './assets/scaleway-edge-services-lb-dashboard.webp' - - -The cache feature allows you to cache your origin's content with Edge Services. This means that content can be served directly to users from Edge Services' servers, instead of from your Object Storage bucket or Load Balancer origin, enhancing performance. +The cache feature lets Edge Services store and serve your backend's content to users directly from its own servers, not from your backend, enhancing performance. You can disable and enable caching at will, as well as control the lifetime of an object in the cache. You can also purge your entire cache, or specific objects within it. A log is displayed to help you track your purge events. @@ -26,61 +16,55 @@ You can disable and enable caching at will, as well as control the lifetime of a - A Scaleway account logged into the [console](https://console.scaleway.com) - [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization -- An Edge Services pipeline for a [Load Balancer](/edge-services/how-to/create-pipeline-lb/) or [Object Storage bucket](/edge-services/how-to/create-pipeline-bucket/) origin +- An [Edge Services pipeline](/edge-services/how-to/create-pipeline/) ## How to enable the cache -1. In the Scaleway console, navigate to the Edge Services dashboard for the Object Storage or Load Balancer pipeline on which you want to enable caching: +1. Click **Edge Services** in the **Network** section of the [Scaleway console](https://console.scaleway.com/) side menu. A listing of your pipelines displays. - +2. Click the name of the pipeline you want to enable cache for, then open the **Settings** tab. -2. In the **Cache** panel, use the icon to enable the cache. +3. In the **Cache** panel, click **Enable cache**. A configuration pop-up displays. - The **Lifetime** configuration box displays. This enables you to define, in seconds, how long an object can be stored in the cache before it must be retrieved freshly from the origin (Object Storage bucket or Load Balancer). - - +4. Configure the **Lifetime** of the cached objects to define how long they can be stored in the cache before they must be retrieved freshly from the pipeline backend. - As an example, a value of 0 means that objects will not be cached, unless they have a separately-defined caching directive. Note that in any case, if an object has a caching directive, the caching directive always takes precedence over any lifetime setting defined here in Edge Services. + A value of 0 means that objects will not be cached, unless you define a caching directive separately. Note that in any case, if an object has a caching directive, the caching directive always takes precedence over any lifetime setting defined here in Edge Services. -3. Leave the default value of 1 hour in place, or enter another value. +5. Click **Save** to proceed. The cache is now enabled. ## How to purge all objects from your cache -Purging objects clears all objects from your cache. Afterward, Edge Services will retrieve fresh copies from the origin (Object Storage bucket or Load Balancer) before it stores them again in the cache. - -1. In the Scaleway console, navigate to the Edge Services dashboard for the Object Storage bucket or Load Balancer pipeline whose cache you want to purge: +Purging objects clears all objects from your cache. Afterward, Edge Services will retrieve fresh copies from the backend before it stores them again in the cache. - +1. Click **Edge Services** in the **Network** section of the [Scaleway console](https://console.scaleway.com/) side menu. A listing of your pipelines displays. -2. In the **Purge cache** panel, click **Purge all**. +2. Click the name of the pipeline you want to enable cache for, then open the **Settings** tab. - +3. In the **Purge cache** panel, click **Purge all**. - A screen displays, warning you that your cache will be emptied, and Edge Services will have to retrieve objects from your origin before re-caching them. + A pop-up displays, warning you that your cache will be emptied, and Edge Services will have to retrieve objects from your backend before re-caching them. -3. Click **Purge cache** to confirm. +4. Click **Purge cache** to confirm. -## How to purge specific objects from your cache + All objects are purged from your cache. -This allows you to specify the precise objects that you want to clear from the cache. Afterward, Edge Services will retrieve fresh copies from the origin (Object Storage bucket or Load Balancer) before it stores them again in the cache. +## How to purge specific objects from your cache -1. In the Scaleway console, navigate to the Edge Services dashboard for the Object Storage bucket or Load Balancer pipeline whose cache you want to purge: +This allows you to specify the precise objects that you want to clear from the cache. Afterward, Edge Services will retrieve fresh copies from the backend before it stores them again in the cache. - +1. Click **Edge Services** in the **Network** section of the [Scaleway console](https://console.scaleway.com/) side menu. A listing of your pipelines displays. -2. In the **Purge cache** panel, click **Purge by object**. +2. Click the name of the pipeline you want to enable cache for, then open the **Settings** tab. - +3. In the **Purge cache** panel, click **Purge by object**. - A screen displays prompting you to enter the path of each object you want to purge from the cache. - - + A pop-up displays prompting you to enter the path of each object you want to purge from the cache. -3. Enter the path of each object you want to purge. You can purge a maximum of 5 objects at a time. +4. Enter the path of each object you want to purge. You can purge a maximum of 5 objects at a time. @@ -95,15 +79,15 @@ This allows you to specify the precise objects that you want to clear from the c -4. Click **Purge objects from cache**. +5. Click **Purge objects from cache**. - The specified objects are purged from your cache and you are returned to the Edge Services dashboard. + The specified objects are purged from your cache. ## How to use Cache-Control -To avoid repeated purging, you can also set the `Cache-Control` HTTP header directly on your files/objects. This allows you to define how long items should remain in the cache before being freshly retrieved from the origin. Edge Services will respect this header when determining where to fetch content. +To avoid repeated purging, you can also set the `Cache-Control` HTTP header directly on your files/objects. This allows you to define how long items should remain in the cache before being freshly retrieved from the backend. Edge Services will respect this header when determining where to fetch content. -For Object Storage bucket origins, the following example call to the S3 API updates the `Cache-Control` header for **all** objects in the bucket, setting a maximum age of 60 seconds before they must be freshly retrieved. +For Object Storage bucket backends, the following example call to the S3 API updates the `Cache-Control` header for **all** objects in the bucket, setting a maximum age of 60 seconds before they must be freshly retrieved. ``` ./s3cmd --recursive modify --add-header="Cache-Control:max-age=60" s3://yourbucket/ @@ -111,17 +95,17 @@ For Object Storage bucket origins, the following example call to the S3 API upda ## How to disable your cache -1. In the Scaleway console, navigate to the Edge Services dashboard for the Object Storage bucket or Load Balancer pipeline whose cache you want to disable: +1. Click **Edge Services** in the **Network** section of the [Scaleway console](https://console.scaleway.com/) side menu. A listing of your pipelines displays. - +2. Click the name of the pipeline you want to enable cache for, then open the **Settings** tab. -2. In the **Cache** panel, use the icon to disable the cache. +3. In the **Cache** panel, click **Disable cache**. A pop-up displays, asking you to confirm the action. -3. Click **Disable cache**. +4. Click **Disable cache**. - Your cache is purged and disabled. Edge Services will now serve content by fetching it from your origin (Object Storage bucket or Load Balancer) directly. If you reenable your cache at a later point, you will begin with an empty cache. + Your cache is purged and disabled. Edge Services will now serve content by fetching it from your pipeline backend directly. If you re-enable your cache later, it will start empty. ## Troubleshooting cache problems diff --git a/pages/edge-services/how-to/configure-custom-domain.mdx b/pages/edge-services/how-to/configure-custom-domain.mdx index f682941473..09ecc7794a 100644 --- a/pages/edge-services/how-to/configure-custom-domain.mdx +++ b/pages/edge-services/how-to/configure-custom-domain.mdx @@ -1,8 +1,8 @@ --- title: How to configure a custom domain for Edge Services -description: Learn how to configure an Edge Services endpoint with a custom subdomain. Access your Object Storage bucket or Load Balancer origin via your own domain name instead of the standardized endpoint. +description: Learn how to configure an Edge Services endpoint with a custom subdomain. Access your Object Storage bucket or Load Balancer backend via your own domain name instead of the standardized endpoint. dates: - validation: 2025-10-27 + validation: 2026-06-08 posted: 2024-07-24 tags: object-storage edge-services cdn network domain ssl tls https --- @@ -14,7 +14,7 @@ import image5 from './assets/scaleway-edge-services-lb-dashboard.webp' import image6 from './assets/scaleway-edge-services-lb-dashboard.webp' -If you already own a domain, you can customize an Edge Services pipeline endpoint with a subdomain of your choice. This means you can access your Object Storage bucket or Load Balancer origin through Edge Services via your own subdomain, rather than the standardized Edge Services endpoint. +If you already own a domain, you can customize an Edge Services pipeline endpoint with a subdomain of your choice. This means you can access your pipeline backend through Edge Services via your own subdomain, rather than the standardized Edge Services endpoint. For example, if you own `beautiful-domain.com`, you can customize the endpoint to be `whatever-i-want.beautiful-domain.com`. You must also add an SSL/TLS certificate so that Edge Services can securely serve your content via HTTPS. @@ -22,23 +22,14 @@ You cannot customize your endpoint with a primary domain directly (e.g. `beautif ## How to configure a custom domain -The procedure for adding a customized endpoint is as follows: - 1. In the Scaleway console, navigate to the Edge Services dashboard for the Object Storage or Load Balancer pipeline whose domain you want to customize: - - -2. In the **Endpoint** panel, click **Configure domain**. The following screen displays: +2. In the **Endpoint** panel, click **Configure domain**. - - -3. Set a subdomain from which your Object Storage bucket or Load Balancer origin will be accessible via its Edge Services pipeline. You must already own the primary domain. For example, if you own `beautiful-domain.com`, choose any subdomain you like and enter `my-chosen-subdomain.beautiful-domain.com` into the box. +3. Set a subdomain from which your backend will be accessible via its Edge Services pipeline. You must already own the primary domain. For example, if you own `beautiful-domain.com`, choose any subdomain you like and enter `my-chosen-subdomain.beautiful-domain.com` into the box. It is **not** possible to use only a root domain (aka primary domain or apex domain), you must use a subdomain. This is because CNAME records, essential to point your domain to your Edge Services endpoint, cannot by definition be created for root domains, only for subdomains. - For example, - ✅ Use: `blog.mywebsite.com` - ❌ Don't use: `mywebsite.com`. 4. This step depends on whether the domain used in the previous step is managed with [Scaleway Domains and DNS](/domains-and-dns/), or an external domain provider. Choose the appropriate tab below. @@ -60,9 +51,7 @@ The procedure for adding a customized endpoint is as follows: Log in to your domain provider, and locate the DNS settings for your domain. Create a new CNAME record pointing your subdomain to the Edge Services pipeline endpoint displayed in the Scaleway console. For help setting up CNAME records and troubleshooting any problems, [check out our dedicated documentation](/edge-services/reference-content/cname-record/). - Back in the Scaleway console, click the `Verify CNAME` button to check whether your CNAME record has been correctly configured. Edge Services will carry out a check, and if it is successful the following message displays: - - + Back in the Scaleway console, click the `Verify CNAME` button to check whether your CNAME record has been correctly configured. Edge Services will carry out a check, and if it is successful, a confirmation message displays. If the check fails, an error message will display. See the documentation linked above for help troubleshooting such errors. Note that it may take a short time for the DNS record to be propagated and the check to pass. @@ -83,22 +72,17 @@ The procedure for adding a customized endpoint is as follows: 6. Click **Customize domain** to finish. -Your customized domain is set up, and you are returned to the Edge Services dashboard. The customized domain displays in the Endpoint panel. When you access your Object Storage or Load Balancer origin through this domain, its content will be served via Edge Services. +Your customized domain is set up, and you are returned to the Edge Services dashboard. The customized domain displays in the Endpoint panel. When you access your pipeline backend through this domain, its content will be served via Edge Services. -If you chose to generate a managed Let's Encrypt certificate, allow a few minutes for the certificate to finish creating. When the process is complete and the certificate is ready, you will see a green status light for **SSL/TLS certificate** on your endpoint dashboard. - - - +Generating a managed Let's Encrypt certificate can take a few minutes. When the process is complete and the certificate is ready, you will see a green status light for **SSL/TLS certificate** on your endpoint dashboard. ## How to edit your customized domain or its certificate After customizing your domain, you can edit it (or its certificate) at any time as follows: -1. In the Scaleway console, navigate to the Edge Services dashboard for the Object Storage bucket or Load Balancer pipeline whose domain you want to customize: - - +1. In the Scaleway console, navigate to the Edge Services dashboard for the pipeline whose domain you want to customize. 2. In the **Endpoint** panel, click **Edit**. The **Edit Domain** screen displays. @@ -114,8 +98,6 @@ Even though the original Edge Services endpoint (e.g. `https://pipeline-id.svc.e 1. In the Scaleway console, navigate to the Edge Services dashboard for the Object Storage bucket or Load Balancer pipeline whose domain you want to reset: - - 2. In the **Endpoint** panel, click **Reset**. A screen displays, warning you that this will reset the pipeline's domain back to the default Edge Services endpoint. Edge Services will consider your customized subdomain as unknown. You should also remember to: diff --git a/pages/edge-services/how-to/configure-waf.mdx b/pages/edge-services/how-to/configure-waf.mdx index 90c7568da5..ecd8391b66 100644 --- a/pages/edge-services/how-to/configure-waf.mdx +++ b/pages/edge-services/how-to/configure-waf.mdx @@ -1,8 +1,8 @@ --- title: How to configure Edge Services Web Application Firewall -description: Learn how to configure a Web Application Firewall (WAF) for Edge Services. Protect your Load Balancer origin from threats and malicious requests, and fine tune your settings to pick the right paranoia level and exclusions for your use case. +description: Learn how to configure a Web Application Firewall (WAF) for Edge Services. Protect your backend from threats and malicious requests, and fine-tune your settings to pick the right paranoia level and exclusions for your use case. dates: - validation: 2025-06-26 + validation: 2026-06-08 posted: 2024-07-24 tags: object-storage edge-services cdn network waf paranoia block exclusions --- @@ -12,137 +12,123 @@ import image from './assets/scaleway-edge-services-lb-dashboard.webp' import image2 from './assets/scaleway-edge-waf-popup.webp' import image3 from './assets/scaleway-edge-waf-add-exc.webp' +An Edge Services **W**eb **A**pplication **F**irewall (WAF) evaluates requests to your pipeline to determine whether they are potentially malicious. You can choose the [paranoia level](/edge-services/concepts/#paranoia-level) to be used when evaluating requests, and set [exclusions](/edge-services/concepts/#exclusions) to define traffic that should not be filtered by WAF. Requests identified as malicious are blocked or logged depending on your settings. -An Edge Services **W**eb **A**pplication **F**irewall (WAF) evaluates requests to your Load Balancer origin to determine whether they are potentially malicious. You can choose the [paranoia level](/edge-services/concepts/#paranoia-level) to be used when evaluating requests, and set [exclusions](/edge-services/concepts/#exclusions) to define traffic that shouldn't be filtered by WAF. Requests that are judged to be malicious are blocked or logged, depending on the settings you choose. +This page walks you through the process of enabling and configuring WAF to protect your Edge Services pipeline. -This page walks you through the process of enabling and configuring WAF to protect your Load Balancer origin. - -To read more about how WAF works, try our [Understanding WAF](/edge-services/reference-content/understanding-waf/) page. +To read more about how WAF works, refer to our [Understanding WAF](/edge-services/reference-content/understanding-waf/) page. - A Scaleway account logged into the [console](https://console.scaleway.com) - [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization -- An Edge Services pipeline for a [Load Balancer](/edge-services/how-to/create-pipeline-lb/) origin - - -WAF can be configured via the console for Load Balancer pipelines only. To configure WAF for an Object Storage bucket pipeline, use the [API](https://www.scaleway.com/en/developers/api/edge-services/). - +- An [Edge Services pipeline](/edge-services/how-to/create-pipeline/) ## How to enable and configure WAF -1. In the Scaleway console, navigate to the Edge Services dashboard for the Load Balancer pipeline on which you want to enable WAF: - - +1. Click **Edge Services** in the **Network** section of the [Scaleway console](https://console.scaleway.com/) side menu. A listing of your pipelines displays. -2. In the **Web Application Firewall (WAF)** panel, click **Enable WAF**. +2. Click the name of the pipeline you want to configure WAF for, then open the **Settings** tab. - A pop-up displays: +3. In the **Web Application Firewall (WAF)** panel, click **Enable WAF**. A configuration pop-up displays. - - -3. Choose the **paranoia level**, from 1 - 4, that is best adapted to your use case. The higher the paranoia level, the more sensitive WAF is to potential threats, and the more likely it is to classify a request as malicious. For help with choosing a paranoia level, see our [dedicated documentation](/edge-services/reference-content/understanding-waf/#waf-ruleset-and-paranoia-levels). +4. Choose the **paranoia level**, from 1 to 4, that best suits your use case. The higher the paranoia level, the more sensitive WAF is to potential threats, and the more likely it is to classify a request as malicious. For help with choosing a paranoia level, see our [dedicated documentation](/edge-services/reference-content/understanding-waf/#waf-ruleset-and-paranoia-levels). After enabling WAF, you will be able to [set exclusions](#how-to-set-exclusions) that filter out requests matching certain criteria from being evaluated by WAF. -4. Select a WAF **mode**. Requests judged to be malicious can either be **blocked** and prevented from passing to the Load Balancer origin, or **logged** but allowed to pass. +5. Select a WAF **mode**. Requests judged to be malicious can either be **blocked** and prevented from passing to the backend, or **logged** but allowed to pass. -5. Click **Save** +6. Click **Save**. WAF is enabled and you are returned to your Edge Services pipeline overview. You can disable or edit WAF settings at any time. ## How to set exclusions -Once you have enabled WAF, you can choose to set **exclusions**. Exclusions are a set of filters: requests that match the filters are not evaluated by WAF, and pass directly to your Load Balancer origin. - -1. In the Scaleway console, navigate to the Edge Services dashboard for the Load Balancer pipeline on which you want to set WAF exclusions. +Once you have enabled WAF, you can choose to set **exclusions**. Exclusions are a set of filters: requests that match the filters are not evaluated by WAF, and pass directly to your backend. -2. In the **WAF** panel, click **+ Add exclusions**. WAF goes into Edit mode. +1. Click **Edge Services** in the **Network** section of the [Scaleway console](https://console.scaleway.com/) side menu. A listing of your pipelines displays. - - You can only add exclusions **after** you have already enabled WAF. - +2. Click the name of the desired pipeline, then open the **Settings** tab. - The following screen displays: +3. In the **Web Application Firewall (WAF)** panel, click **+ Add exclusions**. A configuration pop-up displays. - - -3. Set up to two filters for this exclusion. You can add either: - - One ***Path regex** filter, to match paths of requests to exclude. For example, `/api/v1/.*` - - One **HTTP method** filter, to match te HTTP methods of requests to exclude. For example, enter one or more of `GET`, `PATCH`, `PUT`, `DELETE` etc. Requests that match any of these methods will be considered to match the HTTP method filter. +4. Set up to two filters for this exclusion. You can add either: + - One **Path regex** filter, to match paths of requests to exclude. For example, `/api/v1/.*` + - One **HTTP method** filter, to match the HTTP methods of requests to exclude. For example, enter one or more of `GET`, `PATCH`, `PUT`, `DELETE` etc. Requests that match any of these methods will be considered to match the HTTP method filter. - One of each of the above (use the **Add filter** button to add the second filter) If you include both a path regex and an HTTP method filter in the same exclusion, requests must match both of the filters in order to be excluded. - Currently, the only action possible to set for matching requests is **Bypass WAF** (matching requests will not be evaluated by WAF and will proceed directly to the Load Balancer origin.) In the future, more actions will be added. - -4. Click **Add** to add the exclusion. + Currently, the only action possible to set for matching requests is **Bypass WAF** (matching requests will not be evaluated by WAF and will proceed directly to the backend.) In the future, more actions will be added. - You are returned to your Edge Services pipeline overview. +5. Click **Add** to add the exclusion. -5. **Optional** Click **Add exclusions** to add more exclusions, if you wish (maximum 100). Follow steps 3 to 4 each time. +6. Optionally, repeat steps 3 to 5 to add more exclusions (up to 100). -6. Click **Save changes** to exit Edit mode and save all the exclusions you added. +7. Click **Save changes** to save all the exclusions you added. ## How to edit exclusions -1. In the Scaleway console, navigate to the Edge Services dashboard for the Load Balancer pipeline on which you want to edit WAF exclusions. +1. Click **Edge Services** in the **Network** section of the [Scaleway console](https://console.scaleway.com/) side menu. A listing of your pipelines displays. -2. In the WAF panel, click next to the exclusion you want to edit. +2. Click the name of the desired pipeline, then open the **Settings** tab. -3. Make edits to the filters as required. Remember, you cannot add more than one filter of each type (maximum of one path regex and one HTTP method filter per exclusion). +3. In the WAF panel, click next to the exclusion you want to edit. -4. Click **Confirm** when you have finished editing. +4. Make edits to the filters as required. You cannot add more than one filter of each type (maximum of one path regex and one HTTP method filter per exclusion). - You are returned to your Edge Services pipeline overview, but you are still in Edit mode. +5. Click **Confirm** when you have finished editing. -5. Continue to edit or delete other exclusions as necessary. +6. Continue to edit or delete other exclusions as necessary. -6. Click **Save changes** to exit Edit mode and save all your changes. +7. Click **Save changes** to exit Edit mode and save all your changes. ## How to delete exclusions -1. In the Scaleway console, navigate to the Edge Services dashboard for the Load Balancer pipeline on which you want to delete WAF exclusions. +1. Click **Edge Services** in the **Network** section of the [Scaleway console](https://console.scaleway.com/) side menu. A listing of your pipelines displays. + +2. Click the name of the desired pipeline, then open the **Settings** tab. -2. In the WAF panel, click next to the exclusion you want to delete. +3. In the WAF panel, click **Edit exclusions** to enter Edit mode. - WAF goes into Edit mode, and a pop-up displays, asking you to confirm the deletion. +4. Click the icon next to the exclusion you want to delete. -3. Click **Delete**. + A pop-up displays, asking you to confirm the deletion. - You are returned to your Edge Services pipeline overview, but you are still in Edit mode. +5. Click **Delete**. -4. Continue to edit or delete other exclusions as necessary. +6. Continue to edit or delete other exclusions as necessary. -6. Click **Save changes** to exit Edit mode and save all your changes and deletions. +7. Click **Save changes** to exit Edit mode and save all your changes and deletions. ## How to edit WAF configuration You can edit WAF's paranoia level and mode (log or block) at any time. -1. In the Scaleway console, navigate to the Edge Services dashboard for the Load Balancer pipeline on which you want to edit WAF. +1. Click **Edge Services** in the **Network** section of the [Scaleway console](https://console.scaleway.com/) side menu. A listing of your pipelines displays. -2. In the WAF panel, click . +2. Click the name of the desired pipeline, then open the **Settings** tab. -3. Edit the paranoia level and mode as required. +3. In the WAF panel, click . -4. Click **Save**. +4. Edit the paranoia level and mode as required. - Your edits are saved, and you are returned to the Edge Services pipeline dashboard. +5. Click **Save**. + + Your edits are saved, and you are returned to the Edge Services pipeline settings. ## How to disable WAF You can disable WAF at any time. -1. In the Scaleway console, navigate to the Edge Services dashboard for the Load Balancer pipeline on which you want to disable WAF. - -2. In the WAF panel, click **Disable WAF**. +1. Click **Edge Services** in the **Network** section of the [Scaleway console](https://console.scaleway.com/) side menu. A listing of your pipelines displays. - A pop-up displays, informing you that WAF will no longer evaluate, block or log requests to your Load Balancer origin. +2. Click the name of the desired pipeline, then open the **Settings** tab. -3. Click **Disable** to confirm. +3. In the WAF panel, click **Disable WAF**. A confirmation pop-up displays. - WAF is disabled and you are returned to your Edge Services' pipeline overview. +4. Click **Disable** to confirm. +WAF is disabled for your Edge Services pipeline. \ No newline at end of file diff --git a/pages/edge-services/how-to/create-pipeline-bucket.mdx b/pages/edge-services/how-to/create-pipeline-bucket.mdx deleted file mode 100644 index 477a797016..0000000000 --- a/pages/edge-services/how-to/create-pipeline-bucket.mdx +++ /dev/null @@ -1,70 +0,0 @@ ---- -title: How to create an Edge Services pipeline for an Object Storage bucket -description: This page explains how to configure an Edge Services pipeline for a Scaleway Object Storage bucket. Set up your own custom domain to point to your bucket, and enable a caching service for faster and more efficient delivery. -dates: - validation: 2025-10-27 - posted: 2024-07-24 -tags: object-storage edge-services cdn network cache domain https ---- -import EdgeServicesBucketBenefits from '@macros/edge-services/edge-services-bucket-benefits.mdx' -import Requirements from '@macros/iam/requirements.mdx' - -import image from './assets/scaleway-edge-create-pipeline-os.webp' - - -Edge Services is an additional feature for Scaleway Load Balancers and Object Storage buckets. Creating an Edge Services pipeline towards your Object Storage bucket brings you a number of possible benefits: - - - -Read on to learn how to create an Edge Services pipeline for your Object Storage bucket. - - - -- A Scaleway account logged into the [console](https://console.scaleway.com) -- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization -- An active [Edge Services subscription](/edge-services/how-to/subscribe-edge-services/) -- An [Object Storage bucket](/object-storage/how-to/create-a-bucket/) - -## How to create an Edge Services pipeline - - -You can create an Edge Services pipeline [from the Object Storage section of the console](/object-storage/how-to/get-started-edge-services/), by navigating to your bucket's dashboard and clicking the **Edge Services** tab. However, in this documentation, we describe how to create a pipeline directly from the **Edge Services** section of the console. - - -1. Click **Edge Services** in the **Network** section of the [Scaleway console](https://console.scaleway.com/) side menu. - -2. Click **Create pipeline**. The pipeline creation wizard displays. - - - -3. Select **Object Storage** as the origin type. - -4. Choose the bucket you want this pipeline to serve content for, under **Origin bucket**. - -5. Enter a name for the pipeline, or leave the randomly generated name in place. - -6. Optionally, configure **Advanced Settings:** - - **Cache**: When enabled, content from your origin bucket is cached with Edge Services and served directly to users from Edge Services' servers. Set a **Lifetime** value, in seconds, to dictate how long objects should remain in the cache before being freshly retrieved from the origin. [Find out more about caching](/edge-services/how-to/configure-cache/). - -7. Check the summary cost for the pipeline, and click **Create Edge Services pipeline**. - - You are returned to the **Pipelines** tab, where the newly created pipeline now displays. - - Click on the pipeline to go to its **Overview** page and start configuration. - - - - Your bucket's [visibility](/object-storage/concepts/#visibility) can be set to **private**, but any objects within it that you want to expose via Edge Services must be set to [public](/object-storage/how-to/manage-object-visibility/). However, in the case that you are using Edge Services with bucket website, objects can remain private. - - - -## How to access your bucket via Edge Services - -Once you have created an Edge Services pipeline for your bucket, you can access your bucket and its content via the following endpoints. Make sure that you replace `bucket-name` or `pipeline-id` with relevant details for your bucket/pipeline. - -| Endpoint | Where to find this endpoint in the console | Notes | -|-----------------------------------------|--------------------------|-----------------------------------------------------------------------------------| -| `https://bucket-name.s3.nl-ams.scw.cloud` | The **Bucket settings** tab | Edge Services is bypassed when the bucket is accessed via this endpoint | -| `https://pipeline-id.svc.edge.scw.cloud` | The **Edge Services** tab | Edge Services serves bucket content when this endpoint is used | - -The two endpoints shown above are available as standard. However, with Edge Services, you can also choose to configure a **custom domain** from which your bucket can be accessed. Read more about this in [How to configure a custom domain](/edge-services/how-to/configure-custom-domain/). \ No newline at end of file diff --git a/pages/edge-services/how-to/create-pipeline-lb.mdx b/pages/edge-services/how-to/create-pipeline-lb.mdx deleted file mode 100644 index 5d1ffbef0a..0000000000 --- a/pages/edge-services/how-to/create-pipeline-lb.mdx +++ /dev/null @@ -1,137 +0,0 @@ ---- -title: How to create an Edge Services pipeline for a Load Balancer -description: This page explains how to configure an Edge Services pipeline on your Load Balancer, enabling a caching service for faster and more efficient delivery. -dates: - validation: 2025-11-19 - posted: 2024-07-24 -tags: load-balancer edge-services cdn network cache domain https ---- -import EdgeServicesLbBenefits from '@macros/edge-services/edge-services-lb-benefits.mdx' -import Requirements from '@macros/iam/requirements.mdx' - -import image from './assets/scaleway-edge-create-pipeline-lb.webp' -import image2 from './assets/scaleway-edit-edge-lb-pipeline.webp' - - -Edge Services is an additional feature for Scaleway Load Balancers and Object Storage buckets. - - - - - -- A Scaleway account logged into the [console](https://console.scaleway.com) -- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization -- An active [Edge Services subscription](/edge-services/how-to/subscribe-edge-services/) -- A [Load Balancer](/load-balancer/how-to/create-load-balancer/) - -## How to create an Edge Services pipeline for Load Balancer - - -You can create an Edge Services pipeline from the Load Balancer section of the console, via the **Edge Services** tab there. However, in this documentation, we describe how to create a pipeline directly from the **Edge Services** section of the console. - - -1. Click **Edge Services** in the **Network** section of the [Scaleway console](https://console.scaleway.com/) side menu. - -2. Click **Create pipeline**. The pipeline creation wizard displays. - - -3. Configure the [origin](/edge-services/concepts/#origin) for this pipeline: - - Select **Load Balancer** as the origin type. - - Select the **origin Load Balancer** from the dropdown list. The Edge Services pipeline will connect to this Load Balancer when requesting content. - - Select a **frontend** associated with the origin Load Balancer from the dropdown list. The Edge Services pipeline will connect to the Load Balancer on this port when requesting content. We recommend that you select an HTTPS port, e.g. `443`. Note that if you are creating multiple pipelines for the same origin Load Balancer, each one must be configured for a different frontend. - - - For Kubernetes Load Balancers, see our [dedicated documentation](#help-for-kubernetes-load-balancers) for help selecting the correct Load Balancer and frontend. - - Note that you cannot use a [private Load Balancer](/load-balancer/concepts/#private-load-balancer) as an Edge Services origin. Load Balancers must have a public IP address to be compatible with Edge Services. You can use [ACLs](/load-balancer/concepts/#acl) to filter traffic towards public Load Balancers. - - -4. Define the protocol and origin host for this pipeline: - - Select the protocol that Edge Services should use when making requests to the origin, either `HTTP` or `HTTPS` (recommended). Choose the protocol that corresponds with your Load Balancer setup. - - Optionally, enter an [origin host](/edge-services/concepts/#origin-host) associated with your Load Balancer for this pipeline. When specified, this host replaces the Load Balancer IP address in the HTTP Host Header of the requests made from Edge Services to your Load Balancer. If no origin host is specified, the Host from the incoming request will be used. - -5. Enter a name for this Edge Services pipeline, or leave the auto-generated name in place. - -6. Optionally, configure **Advanced Settings:** - - **Cache**: When enabled, content from your Load Balancer origin is cached with Edge Services and served directly to users from Edge Services' servers. Set a **Lifetime** value, in seconds, to dictate how long objects should remain in the cache before being freshly retrieved from the origin. [Find out more about caching](/edge-services/how-to/configure-cache/). - - **WAF**: When enabled, requests to your Load Balancer origin are evaluated by a **W**eb **A**pplication **F**irewall. Malicious requests are blocked or logged, depending on your settings. Set a paranoia level to determine WAF's aggressivity, and a mode (block or log) for dealing with malicious requests. [Find out more about WAF](/edge-services/reference-content/understanding-waf/). - - The summary cost for the creation of this pipeline is displayed, notably whether it falls within the limits of your current [subscription plan](/edge-services/reference-content/understanding-pricing/) - -7. Click **Create Edge Services pipeline** to finish. - - You are returned to the **Pipelines** tab, where the newly created pipeline now displays. - - Click on the pipeline to go to its **Overview** page and start configuration. From the **Overview**, you can see the endpoint from which you can access your Load Balancer origin via Edge Services, e.g. `https://pipeline-id.svc.edge.scw.cloud`. - -## Troubleshooting pipeline creation - -If you see the message `Edge Services was unable to contact the host via the Load Balancer. Please check your origin configuration settings and try again`, check the following elements of your configuration: - -- **Protocol**: Ensure you did not select the wrong protocol, e.g. HTTP selected while the frontend chosen is configured to receive HTTPS, or the opposite. -- **Origin host**: Ensure that you entered the correct origin host, with no typos, for a host that exists behind the selected Load Balancer. -- **Load Balancer ACLs**: Ensure that there are no [ACLs](/load-balancer/how-to/create-manage-acls/) configured on your Load Balancer which are blocking traffic from Edge Services. - -## WebSocket support - -If you want Edge Services to be able to forward WebSocket requests to the Load Balancer, you must enable a specific parameter via the Edge Services API. - -Make a call to the [Update backend stage](https://www.scaleway.com/en/developers/api/edge-services/#path-backend-stages-update-backend-stage) endpoint, to enable the `has_websocket` parameter in the `scaleway_lb` object. - -If you do not enable `has_websocket`, WebSocket requests will not be forwarded to the Load Balancer. This means that any client attempting to establish a WebSocket connection to the Load Balancer origin via Edge Services will experience a failed connection or a 400/500 HTTP error. - -This parameter cannot yet be set via the Scaleway console. - -## Help for Kubernetes Load Balancers - -If you are setting up an Edge Services pipeline for a [Kubernetes Kapsule](/kubernetes) Load Balancer, follow these steps to determine which Load Balancer and frontend to configure for your pipeline: - -1. Run `kubectl describe svc`. - - An output displays. - -2. Locate the section of the output that relates to your LoadBalancer service. It should look something like this: - - ``` - Name: myloadbalancer - Namespace: default - Labels: app=mydeployment - Annotations: service.beta.kubernetes.io/scw-loadbalancer-id: fr-par-1/a92de52e-262f-99f9-be66-5220003a2e42 - Selector: app=mydeployment - Type: LoadBalancer - IP Family Policy: SingleStack - IP Families: IPv4 - IP: 10.32.220.60 - IPs: 10.32.220.60 - LoadBalancer Ingress: 51.159.25.111 - Port: http 8000/TCP - TargetPort: 8000/TCP - NodePort: http 32041/TCP - Endpoints: - Session Affinity: None - External Traffic Policy: Cluster - ``` -3. Find the `service.beta.kubernetes.io/scw-loadbalancer-id` annotation, and note your Load Balancer ID (e.g. `a92de52e-262f-99f9-be66-5220003a2e42`). Check your Load Balancer list in the [console](https://console.scaleway.com/load-balancer/lbs) to find the Load Balancer name that corresponds to this ID. This is the Load Balancer you should select for the Edge Services pipeline. - -4. Find the **NodePort** line and note the port mentioned (in the case above, `32041`). In the [console](https://console.scaleway.com/load-balancer/lbs), find the frontend of the Load Balancer from step 3 that corresponds with this port. This is the frontend and port you should select for the Edge Services pipeline. - -## How to edit an Edge Services pipeline origin - -You can edit the protocol, origin host, and name of an Edge Services pipeline as follows. - -1. Click **Load Balancers** in the **Network** section of the Scaleway console side menu. The list of your Load Balancers displays. - -2. Click the **Edge Services** tab. - -3. Click the Edge Services pipeline you want to edit. The **Overview** page for the pipeline displays. - -4. In the top right corner, click **Edit**. A pop-up displays. - - - -5. Make the edits required. You can: - - Change the **protocol** - - Change the **origin host** - - Change the pipeline **name** - -6. Click **Save**. \ No newline at end of file diff --git a/pages/edge-services/how-to/create-pipeline.mdx b/pages/edge-services/how-to/create-pipeline.mdx new file mode 100644 index 0000000000..74748fa0c7 --- /dev/null +++ b/pages/edge-services/how-to/create-pipeline.mdx @@ -0,0 +1,133 @@ +--- +title: How to create an Edge Services pipeline +description: This page explains how to create an Edge Services pipeline for a Scaleway backend, such as an Object Storage bucket or a Load Balancer, to enable caching, WAF, and secure content delivery at the edge. +dates: + validation: 2026-06-09 + posted: 2024-07-24 +tags: object-storage load-balancer edge-services cdn network cache domain https waf +--- +import Requirements from '@macros/iam/requirements.mdx' + +Edge Services boosts performance and security for Scaleway resources at the edge. You create a pipeline towards a [backend](/edge-services/concepts/#backend), such as an Object Storage bucket or a Load Balancer, to bring you a number of possible benefits: + +- Customize your backend's endpoint using a subdomain of your own domain +- Add your own SSL/TLS certificate, safeguarded in [Scaleway Secret Manager](/secret-manager/quickstart/), or generate a managed Let's Encrypt certificate, so your subdomain can serve content over HTTPS +- Enhance performance by caching content, to be served directly by Edge Services from the cache +- Finely control your cached objects via purging (cache invalidation) +- Configure a [Web Application Firewall (WAF)](/edge-services/how-to/configure-waf/) to protect your backend from threats and malicious activity + + + +- A Scaleway account logged into the [console](https://console.scaleway.com) +- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization +- An active [Edge Services subscription](/edge-services/how-to/subscribe-edge-services/) +- An [Object Storage bucket](/object-storage/how-to/create-a-bucket/) or a [Load Balancer](/load-balancer/how-to/create-load-balancer/) to use as a backend + +## How to create an Edge Services pipeline + +1. Click **Edge Services** in the **Network** section of the [Scaleway console](https://console.scaleway.com/) side menu. + +2. Click **Create pipeline**. The pipeline creation wizard displays. + +3. Under **Configure backend**, select the **Backend type** for this pipeline, then configure the backend depending on the type you selected: + + + + + - Select the **Region** of the bucket you want this pipeline to serve content for. + - Select the **bucket** itself from the dropdown list. + + + + + - Select the **Zone** of the Load Balancer you want this pipeline to serve content for. + - Select the **Load Balancer** from the dropdown list. The Edge Services pipeline will connect to this Load Balancer when requesting content. + - Select a **frontend** associated with the Load Balancer from the dropdown list. The Edge Services pipeline will connect to the Load Balancer on this port when requesting content. We recommend that you select an HTTPS port, e.g. `443`. Note that if you are creating multiple pipelines for the same Load Balancer, each one must be configured for a different frontend. + - Select the **Protocol** that Edge Services should use when making requests to the backend, either `HTTP` or `HTTPS` (recommended). Choose the protocol that corresponds with your Load Balancer setup. + - Optionally, enter a [Destination host](/edge-services/concepts/#destination-host) associated with your Load Balancer for this pipeline. When specified, this host replaces the Load Balancer IP address in the HTTP `Host` Header of the requests made from Edge Services to your Load Balancer. If no destination host is specified, the host from the incoming request will be used. + + + For Kubernetes Load Balancers, see our [dedicated documentation](#help-for-kubernetes-load-balancers) for help selecting the correct Load Balancer and frontend. + + Note that you cannot use a [private Load Balancer](/load-balancer/concepts/#private-load-balancer) as an Edge Services backend. Load Balancers must have a public IP address to be compatible with Edge Services. You can use [ACLs](/load-balancer/concepts/#acl) to filter traffic toward public Load Balancers. + + + + + +4. Under **Configure options**, set the options you want for this pipeline: + - **Cache**: When enabled, content from your backend is cached with Edge Services and served directly to users from Edge Services' servers. Set a **Lifetime** value to dictate how long objects should remain in the cache before being freshly retrieved from the backend. A value of `0` means objects will not be cached, unless they have a caching directive. [Find out more about caching](/edge-services/how-to/configure-cache/). + - **WAF**: When enabled, requests to your backend are evaluated by a **W**eb **A**pplication **F**irewall. Malicious requests are blocked or logged, depending on your settings. Set a paranoia level to determine WAF's aggressivity, and a mode (block or log) for dealing with malicious requests. [Find out more about WAF](/edge-services/reference-content/understanding-waf/). + +5. Enter a name for the pipeline, or keep the randomly generated one. + +6. Check the cost summary for the pipeline, notably whether it falls within the limits of your current [subscription plan](/edge-services/reference-content/understanding-pricing/), then click **Create Edge Services pipeline**. + + You are returned to the **Pipelines** tab, where the newly created pipeline now displays. + + + + For Object Storage backends, your bucket's [visibility](/object-storage/concepts/#visibility) can be set to **private**, but any objects within it that you want to expose via Edge Services must be set to [public](/object-storage/how-to/manage-object-visibility/). However, if you are using Edge Services with bucket website, objects can remain private. + + +## How to access your bucket via Edge Services + +Once you have created an Edge Services pipeline for an Object Storage bucket, you can access your bucket and its content via the following endpoints. Make sure that you replace `bucket-name` or `pipeline-id` with relevant details for your bucket/pipeline. + +| Endpoint | Where to find this endpoint in the console | Notes | +|-----------------------------------------|--------------------------|-----------------------------------------------------------------------------------| +| `https://bucket-name.s3.nl-ams.scw.cloud` | The **Bucket settings** tab | Edge Services is bypassed when the bucket is accessed via this endpoint | +| `https://pipeline-id.svc.edge.scw.cloud` | The **Edge Services** tab | Edge Services serves bucket content when this endpoint is used | + +The endpoints shown above are available as standard. However, with Edge Services, you can also choose to configure a **custom domain** from which your bucket can be accessed. Read more about this in [How to configure a custom domain](/edge-services/how-to/configure-custom-domain/). + +## Troubleshooting pipeline creation + +If you see the message `Edge Services was unable to contact the host via the Load Balancer. Check your backend configuration settings and try again`, check the following elements of your Load Balancer configuration: + +- **Protocol**: Ensure you did not select the wrong protocol, e.g. HTTP selected while the frontend chosen is configured to receive HTTPS, or the opposite. +- **Destination host**: Ensure that you entered the correct destination host, with no typos, for a host that exists behind the selected Load Balancer. +- **Load Balancer ACLs**: Ensure that there are no [ACLs](/load-balancer/how-to/create-manage-acls/) configured on your Load Balancer which are blocking traffic from Edge Services. + +## WebSocket support + +If you want Edge Services to be able to forward WebSocket requests to a Load Balancer, you must enable a specific parameter via the Edge Services API. + +Make a call to the [Update backend stage](https://www.scaleway.com/en/developers/api/edge-services/#path-backend-stages-update-backend-stage) endpoint, to enable the `has_websocket` parameter in the `scaleway_lb` object. + +If you do not enable `has_websocket`, WebSocket requests will not be forwarded to the Load Balancer. This means that any client attempting to establish a WebSocket connection to the Load Balancer backend via Edge Services will experience a failed connection or a 400/500 HTTP error. + +This parameter cannot yet be set via the Scaleway console. + +## Help for Kubernetes Load Balancers + +If you are setting up an Edge Services pipeline for a [Kubernetes Kapsule](/kubernetes) Load Balancer, follow these steps to determine which Load Balancer and frontend to configure for your pipeline: + +1. Run `kubectl describe svc`. + + An output displays. + +2. Locate the section of the output that relates to your `LoadBalancer` service. It should look something like this: + + ``` + Name: myloadbalancer + Namespace: default + Labels: app=mydeployment + Annotations: service.beta.kubernetes.io/scw-loadbalancer-id: fr-par-1/a92de52e-262f-99f9-be66-5220003a2e42 + Selector: app=mydeployment + Type: LoadBalancer + IP Family Policy: SingleStack + IP Families: IPv4 + IP: 10.32.220.60 + IPs: 10.32.220.60 + LoadBalancer Ingress: 51.159.25.111 + Port: http 8000/TCP + TargetPort: 8000/TCP + NodePort: http 32041/TCP + Endpoints: + Session Affinity: None + External Traffic Policy: Cluster + ``` +3. Find the `service.beta.kubernetes.io/scw-loadbalancer-id` annotation, and note your Load Balancer ID (e.g. `a92de52e-262f-99f9-be66-5220003a2e42`). Check your Load Balancer list in the [console](https://console.scaleway.com/load-balancer/lbs) to find the Load Balancer name that corresponds to this ID. This is the Load Balancer you should select for the Edge Services pipeline. + +4. Find the **NodePort** line and note the port mentioned (in the example above, `32041`). In the [console](https://console.scaleway.com/load-balancer/lbs), find the frontend of the Load Balancer from step 3 that corresponds to this port. This is the frontend and port you should select for the Edge Services pipeline. \ No newline at end of file diff --git a/pages/edge-services/how-to/delete-pipeline.mdx b/pages/edge-services/how-to/delete-pipeline.mdx index 1d4e3931e7..a729ed717e 100644 --- a/pages/edge-services/how-to/delete-pipeline.mdx +++ b/pages/edge-services/how-to/delete-pipeline.mdx @@ -2,7 +2,7 @@ title: How to delete an Edge Services pipeline description: Learn how to delete a Scaleway Edge Services pipeline with this step-by-step guide. Follow our instructions to ensure a smooth process and manage your domains and SSL/TLS certificates effectively. dates: - validation: 2025-10-27 + validation: 2026-06-08 posted: 2024-07-24 tags: load-balancer edge-services cdn network pipeline --- @@ -17,14 +17,14 @@ You can delete an Edge Services pipeline at any time by following the steps belo - [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization - An Edge Services pipeline -1. Click **Edge Services** in the **Network** section of the [Scaleway console](https://console.scaleway.com/) side menu. The **Pipelines** tab displays. +1. Click **Edge Services** in the **Network** section of the [Scaleway console](https://console.scaleway.com/) side menu. A listing of your pipelines displays. -2. Click the pipeline that you want to delete. You are taken to the pipeline's **Overview** page +2. Click the name of the pipeline you want to delete, then open the **Settings** tab. -4. In the **Delete Edge Services pipeline** panel at the bottom of the screen, click **Delete Edge Services pipeline**. +3. In the **Delete pipeline** panel at the bottom of the screen, click **Delete Edge Services pipeline**. A pop-up displays, asking you to confirm that you want to delete the pipeline. - - The Load Balancer/Object Storage bucket will no longer be accessible via its Edge Services endpoint, or any customized domains pointing to this endpoint. + - The pipeline backend will no longer be accessible via its Edge Services endpoint, or any customized domains pointing to this endpoint. - Any files stored in the Edge Services cache will be removed. @@ -33,6 +33,6 @@ You can delete an Edge Services pipeline at any time by following the steps belo - Delete any SSL/TLS certificates you imported into Secret Manager for this pipeline (if no longer required elsewhere), so that you are no longer billed for them. If you generated a managed Let's Encrypt certificate however, Scaleway takes care of the deletion for you. -5. Click **Confirm**. +4. Click **Confirm**. - The Edge Services pipeline is deleted. You can create a new pipeline for this origin at any time, but you will need to reconfigure your custom domain, and the cache will initially be empty. \ No newline at end of file + The Edge Services pipeline is deleted. You can create a new pipeline for this backend at any time, but you will need to reconfigure your custom domain, and the cache will initially be empty. \ No newline at end of file diff --git a/pages/edge-services/how-to/index.mdx b/pages/edge-services/how-to/index.mdx index 68faf78c11..f55538a130 100644 --- a/pages/edge-services/how-to/index.mdx +++ b/pages/edge-services/how-to/index.mdx @@ -1,4 +1,4 @@ --- title: Edge Services - How Tos -description: Learn how to set up and optimize Scaleway Edge Services. These how to guides cover pipeline creation, customization of your domain, cache configuration, and advanced features for improved performance of your Object Storage bucket and Load Balancer origins. +description: Learn how to set up and optimize Scaleway Edge Services. These how-to guides cover pipeline creation, customization of your domain, cache configuration, and advanced features for improved performance of your backends. --- diff --git a/pages/edge-services/how-to/monitor-cockpit.mdx b/pages/edge-services/how-to/monitor-cockpit.mdx index f135ef3d03..ccec4268d7 100644 --- a/pages/edge-services/how-to/monitor-cockpit.mdx +++ b/pages/edge-services/how-to/monitor-cockpit.mdx @@ -2,7 +2,7 @@ title: How to monitor Edge Services with Scaleway Cockpit description: Get easy access to your Edge Services metrics via Scaleway Cockpit. Monitor ingress, egress, request rate and cache hit ratio in a convenient managed Grafana dashboard. dates: - validation: 2026-01-21 + validation: 2026-06-08 posted: 2024-07-24 tags: load-balancer edge-services cdn cache-hit-ratio grafana observability --- @@ -27,29 +27,29 @@ Alternatively, you can click the **Track your Edge Services metrics with Cockpit ### Understanding the metrics dashboard -The Grafana dashboard presents a number of different metrics. Use the drop-down in the top left to select which pipeline and origin to view Edge Services metrics for, and the time range drop-down in the top right to modify the time period to apply to the metrics. +The Grafana dashboard presents a number of different metrics. Use the drop-down in the top left to select which pipeline and backend to view Edge Services metrics for, and the time range drop-down in the top right to modify the time period to apply to the metrics. The screenshot below shows an example of Edge Services metrics for a given pipeline: -- **Request rate**: The number of requests made to Edge Services per second, for the specified origin, averaged over the specified time period. -- **Cache hit ratio**: The percentage of requests served from Edge Services' cache, compared to the total number of requests in total to Edge Services for this origin, over the specified time period. -- **Cache HIT/MISS**: A visual representation of the ratio of cache hits to misses, for the specified origin, over the specified time period. - - **Cache hit line**: The number of requests per second made to Edge Services for this origin, which were served directly from its cache. - - **Cache miss line**: The number of requests per second made to Edge Services for this origin, where the content was fetched from the origin rather than the cache. - - **Total line**: The number of requests per second made to Edge Services for this origin. +- **Request rate**: The number of requests made to Edge Services per second, for the specified backend, averaged over the specified time period. +- **Cache hit ratio**: The percentage of requests served from Edge Services' cache, compared to the total number of requests to reach Edge Services for this backend, over the specified time period. +- **Cache HIT/MISS**: A visual representation of the ratio of cache hits to misses, for the specified backend, over the specified time period. + - **Cache hit line**: The number of requests per second made to Edge Services for this backend, which were served directly from its cache. + - **Cache miss line**: The number of requests per second made to Edge Services for this backend, where the content was fetched from the backend rather than the cache. + - **Total line**: The number of requests per second made to Edge Services for this backend. -- **Egress (to client)**: The total volume of data served to clients from Edge Services, for the specified origin, over the specified time period. -- **Ingress (from origin)**: The total volume of data from the origin server to Edge Services over the specified time period. This represents the traffic that occurs when Edge Services retrieves content from the origin server in order to fulfill requests. -- **Edge Services throughput**: A visual representation of the rate of data transfer for the specified origin with Edge Services over the specified time period. +- **Egress (to client)**: The total volume of data served to clients from Edge Services, for the specified backend, over the specified time period. +- **Ingress (from backend)**: The total volume of data from the backend server to Edge Services over the specified time period. This represents the traffic that occurs when Edge Services retrieves content from the backend server in order to fulfill requests. +- **Edge Services throughput**: A visual representation of the rate of data transfer for the specified backend with Edge Services, over the specified time period. - **Output bitrate line**: The rate at which data is being delivered from Edge Services to end users. - - **Input bitrate line**: The rate at which Edge Services is fetching data from the origin server. Peaks in this line may represent times when Edge Services had to fetch content from the origin server, rather than being able to serve it directly from its own cache. + - **Input bitrate line**: The rate at which Edge Services is fetching data from the backend server. Peaks in this line may represent times when Edge Services had to fetch content from the backend server, rather than being able to serve it directly from its own cache. -- **Requests served**: The total number of requests that Edge Services has successfully served, for the specified origin, over the specified time period. +- **Requests served**: The total number of requests that Edge Services has successfully served, for the specified backend, over the specified time period. - **Edge Services response statuses**: A visual representation of the distribution of HTTP response statuses for requests served by Edge Services over the specified time period. Consult [the full list of HTTP status codes](https://en.wikipedia.org/wiki/List_of_HTTP_status_codes) for more information if necessary. -- **Request origin country**: The proportion of requests (to Edge Services for the specified origin over the specified time period) originating from different countries. +- **Request backend country**: The proportion of requests (to Edge Services for the specified backend, over the specified time period) originating from different countries. - **End users location**: A visual representation of where Edge Services end users have been making requests from geographically. - **Total WAF processed requests**: The total number of requests evaluated by WAF. - **Detailed WAF processed requests**: A visual representation of the requests evaluated by WAF over time, distributed in WAF actions. @@ -77,7 +77,7 @@ The screenshot below shows an example of Edge Services logs for a given pipeline - **Path**: Specific resource path that the client is requesting. - **Version**: HTTP protocol version used in the request, e.g. `HTTP/2`. - **Code Client** HTTP status code returned to the client, e.g. `503`, `200`, `403`. -- **Code origin**: HTTP status code generated by the origin/backend server that processed the request. +- **Code backend**: HTTP status code generated by the backend/backend server that processed the request. - **Content type**: Type of content returned in the response, e.g. `text/html`, `application/json`. - **SSL**: Whether the client request was encrypted with SSL/TLS, and which version e.g. `TLSv1.3`. - **Country**: Country from which the request originated. diff --git a/pages/edge-services/how-to/subscribe-edge-services.mdx b/pages/edge-services/how-to/subscribe-edge-services.mdx index 4309d91ae2..d4b103a91e 100644 --- a/pages/edge-services/how-to/subscribe-edge-services.mdx +++ b/pages/edge-services/how-to/subscribe-edge-services.mdx @@ -2,22 +2,21 @@ title: How to subscribe to Edge Services description: Find out how to take your first steps with Scaleway Edge Services by subscribing to a pricing plan. Learn how to choose the best plan for your needs and change your plan at the click of a button. dates: - validation: 2025-06-26 + validation: 2026-06-08 posted: 2024-10-15 tags: object-storage edge-services subscription-plan subscribe billing pricing --- import Requirements from '@macros/iam/requirements.mdx' - Edge Services is an additional feature for Scaleway Load Balancers and Object Storage buckets. It provides: -- A [caching service](/edge-services/how-to/configure-cache/) to improve performance by reducing load on your [origin](/edge-services/concepts/#origin) -- A [Web Application Firewall (WAF)](/edge-services/how-to/configure-waf/) to protect your origin from threats and malicious activity +- A [caching service](/edge-services/how-to/configure-cache/) to improve performance by reducing load on your [backend](/edge-services/concepts/#) +- A [Web Application Firewall (WAF)](/edge-services/how-to/configure-waf/) to protect your backend from threats and malicious activity - A customizable and secure [endpoint](/edge-services/concepts/#endpoint) for accessing content via Edge Services, which can be set to a subdomain of your choice To use Edge Services, you must subscribe to a [pricing plan](https://www.scaleway.com/en/pricing/network/#edge-services). Within its monthly price, each pricing plan includes: - A fixed number of Edge Services [pipelines](/edge-services/concepts/#pipeline). You can create pipelines for either Load Balancers, Object Storage buckets, or a mixture of both, with your subscription plan. -- A certain amount of egress cache data (the quantity of data transferred from Edge Services' caches, not including the transfer from the origin bucket or Load Balancer). +- A certain amount of egress cache data (the quantity of data transferred from Edge Services' caches, not including the transfer from the bucket or Load Balancer). - A certain amount of WAF requests (the number of requests that can be filtered through WAF across all your pipelines) @@ -37,10 +36,6 @@ Find out more about how Edge Service subscription plans and billing works on our - A Scaleway account logged into the [console](https://console.scaleway.com) - [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization - -You can subscribe to Edge Services from the Object Storage or Load Balancer dashboards of the Scaleway console. However, the instructions below detail how to subscribe from the dedicated Edge Services section of the console.

Whichever path you use, the same pricing plans and subscription mechanisms apply. Subscribing from the Object Storage or Load Balancer dashboards does **not** limit you to only creating pipelines for that product with your subscription. Subscription plans are scoped to a single Scaleway [Project](/organizations-and-projects/concepts/#project). -
- 1. Click **Edge Services** in the **Network** section of the [Scaleway console](https://console.scaleway.com/) side menu. 2. Click **Subscribe to Edge Services**. diff --git a/pages/edge-services/how-to/terminate-edge-services.mdx b/pages/edge-services/how-to/terminate-edge-services.mdx index c241c4c37f..b860bd44bd 100644 --- a/pages/edge-services/how-to/terminate-edge-services.mdx +++ b/pages/edge-services/how-to/terminate-edge-services.mdx @@ -2,7 +2,7 @@ title: How to terminate an Edge Services subscription description: Find out how to terminate your Scaleway Edge Services subscription whenever you want, at the click of a button. dates: - validation: 2025-10-27 + validation: 2026-06-08 posted: 2024-10-15 tags: object-storage edge-services subscription-plan subscribe billing pricing terminate cancel --- @@ -32,6 +32,6 @@ You can terminate your Edge Services subscription at any time, as long as you ha A pop-up displays, asking you to confirm that you want to terminate your subscription. -4. Type **DELETE** in the box, and click **Terminate** to confirm. +4. Type **TERMINATE** in the box, and click **Terminate** to confirm. Your Edge Services subscription is terminated. You can subscribe again at any time. \ No newline at end of file diff --git a/pages/edge-services/index.mdx b/pages/edge-services/index.mdx index b3e85e2d0c..f4fe373769 100644 --- a/pages/edge-services/index.mdx +++ b/pages/edge-services/index.mdx @@ -12,7 +12,7 @@ description: Dive into Scaleway Edge Services with our quickstart guides, how-to diff --git a/pages/edge-services/menu.ts b/pages/edge-services/menu.ts index 7809ba7047..39e78099dc 100644 --- a/pages/edge-services/menu.ts +++ b/pages/edge-services/menu.ts @@ -23,12 +23,8 @@ export const edgeServicesMenu = { slug: 'subscribe-edge-services', }, { - label: 'Create an Object Storage pipeline', - slug: 'create-pipeline-bucket', - }, - { - label: 'Create a Load Balancer pipeline', - slug: 'create-pipeline-lb', + label: 'Create a pipeline', + slug: 'create-pipeline', }, { label: 'Configure a custom domain', diff --git a/pages/edge-services/quickstart.mdx b/pages/edge-services/quickstart.mdx index 7d7d1cea3f..a6ec7d0f4f 100644 --- a/pages/edge-services/quickstart.mdx +++ b/pages/edge-services/quickstart.mdx @@ -1,29 +1,24 @@ --- title: Edge Services - Quickstart -description: Quickly set up Scaleway Edge Services for Object Storage buckets or Load Balancer origins with our guide. Learn to configure pipelines, customize endpoints, and manage caching for optimal performance. +description: Quickly set up Scaleway Edge Services pipeline to serve cached content with our guide. Learn to configure pipelines, customize endpoints, and manage caching for optimal performance. tags: edge-services edge services pipeline custom-domain cache dates: - validation: 2025-06-26 + validation: 2026-06-09 creation: 2024-07-24 --- import Requirements from '@macros/iam/requirements.mdx' import image from './assets/scaleway-edge-services-pipeline.webp' -import image2 from './assets/scaleway-edge-create-pipeline-lb.webp' -import image3 from './assets/scaleway-edge-create-pipeline-os.webp' -import image4 from './assets/scaleway-edge-services-dashboard.webp' -import image5 from './assets/scaleway-edge-services-configure-domain.webp' -import image6 from './assets/scaleway-cname-success.webp' +Edge Services is a comprehensive solution for exposing HTTP services to the internet with built-in security, reliability, and performance. Creating Edge Services [pipelines](/edge-services/concepts/#pipeline) towards your Scaleway resources provides: -Edge Services is an additional feature for Scaleway Load Balancers and Object Storage buckets. It provides: -- A [caching service](/edge-services/how-to/configure-cache/) to improve performance by reducing load on your [origin](/edge-services/concepts/#origin) -- A [Web Application Firewall (WAF)](/edge-services/how-to/configure-waf/) to protect your origin from threats and malicious activity -- A customizable and secure [endpoint](/edge-services/concepts/#endpoint) for accessing content via Edge Services, which can be set to a subdomain of your choice +- A [caching service](/edge-services/how-to/configure-cache/) to improve performance by reducing load on your [backend](/edge-services/concepts/#backend), and +- A [Web Application Firewall](/edge-services/how-to/configure-waf/) to protect your backend from threats and malicious activity, and +- A customizable and secure endpoint for accessing content via Edge Services, which can be set to a subdomain of your choice and secured with an SSL/TLS certificate. -To use Edge Services, you must take out a subscription plan, which then enables you to create a certain number of Edge Services pipelines towards your Load Balancer origins or Object Storage buckets. +To use Edge Services, you must take out a subscription plan, which then enables you to create a certain number of Edge Services pipelines towards your backends. - + @@ -49,87 +44,60 @@ Find out more about how Edge Service subscription plans and billing works on our ## How to create an Edge Services pipeline -You can create [pipelines](/edge-services/concepts/#pipeline) for either Object Storage buckets or Load Balancer origins. +You can create a [pipeline](/edge-services/concepts/#pipeline) for any of your backends. 1. Click **Edge Services** in the **Network** section of the [Scaleway console](https://console.scaleway.com/) side menu. 2. Click **Create pipeline**. The pipeline creation wizard displays. -3. Choose an **origin type**, the type of resource which Edge Services will connect to fetch content to serve. This can either be **Load Balancer** or **Object Storage**. - - Follow the steps below depending on whether you are creating a Load Balancer or Object Storage pipeline.
+3. Under **Configure backend**, select the **Backend type** for this pipeline, then configure the backend depending on the type you selected: - - - - 4. Configure the [origin](/edge-services/concepts/#origin) for this pipeline: - - Select **Load Balancer** as the origin type. - - Select the **origin Load Balancer** from the dropdown list. The Edge Services pipeline will connect to this Load Balancer when requesting content. - - Select a **frontend** associated with the origin Load Balancer from the dropdown list. The Edge Services pipeline will connect to the Load Balancer on this port when requesting content. We recommend that you select an HTTPS port, e.g. `443`. Note that if you are creating multiple pipelines for the same origin Load Balancer, each one must be configured for a different frontend. - - - For Kubernetes Load Balancers, see our [dedicated documentation](/edge-services/how-to/create-pipeline-lb/#help-for-kubernetes-load-balancers) for help selecting the correct Load Balancer and frontend. - - - - 5. Define the protocol and origin host for this pipeline: - - Select the protocol that Edge Services should use when making requests to the origin, either `HTTP` or `HTTPS` (recommended). Choose the protocol that corresponds with your Load Balancer setup. - - Optionally, enter an [origin host](/edge-services/concepts/#origin-host) associated with your Load Balancer for this pipeline. When specified, this host replaces the Load Balancer IP address in the HTTP Host Header of the requests made from Edge Services to your Load Balancer. If no origin host is specified, the Host from the incoming request will be used. - - 6. Enter a name for this Edge Services pipeline, or leave the auto-generated name in place. - - 7. Optionally, configure **Advanced Settings:** - - **Cache**: When enabled, content from your Load Balancer origin is cached with Edge Services and served directly to users from Edge Services' servers. Set a **Lifetime** value, in seconds, to dictate how long objects should remain in the cache before being freshly retrieved from the origin. [Find out more about caching](/edge-services/how-to/configure-cache/). - - **WAF**: When enabled, requests to your Load Balancer origin are evaluated by a **W**eb **A**pplication **F**irewall. Malicious requests are blocked or logged, depending on your settings. Set a paranoia level to determine WAF's aggressivity, and a mode (block or log) for dealing with malicious requests. [Find out more about WAF](/edge-services/reference-content/understanding-waf/). - - 8. Check the summary cost for the pipeline, and click **Create Edge Services pipeline**. + - Select the **Zone** of the Load Balancer you want this pipeline to serve content for. + - Select the **Load Balancer** from the dropdown list. The Edge Services pipeline will connect to this Load Balancer when requesting content. + - Select a **frontend** associated with the Load Balancer from the dropdown list. The Edge Services pipeline will connect to the Load Balancer on this port when requesting content. We recommend that you select an HTTPS port, e.g. `443`. Note that if you are creating multiple pipelines for the same Load Balancer, each one must be configured for a different frontend. + - Select the **Protocol** that Edge Services should use when making requests to the backend, either `HTTP` or `HTTPS` (recommended). Choose the protocol that corresponds with your Load Balancer setup. + - Optionally, enter a [Destination host](/edge-services/concepts/#destination-host) associated with your Load Balancer for this pipeline. When specified, this host replaces the Load Balancer IP address in the HTTP Host Header of the requests made from Edge Services to your Load Balancer. If no destination host is specified, the Host from the incoming request will be used. + + + For Kubernetes Load Balancers, see our [dedicated documentation](/edge-services/how-to/create-pipeline/#help-for-kubernetes-load-balancers) for help selecting the correct Load Balancer and frontend. + + - Select the **Region** of the bucket you want this pipeline to serve content for. + - Select the **bucket** itself from the dropdown list. - - - 4. Select **Object Storage** as the origin type. - - 5. Choose the bucket you want this pipeline to serve content for, under **Origin bucket**. - - 6. Enter a name for the pipeline, or leave the randomly generated name in place. - - 7. Optionally, configure **Advanced Settings:** - - **Cache**: When enabled, content from your origin bucket is cached with Edge Services and served directly to users from Edge Services' servers. Set a **Lifetime** value, in seconds, to dictate how long objects should remain in the cache before being freshly retrieved from the origin. [Find out more about caching](/edge-services/how-to/configure-cache/). + + - 8. Check the summary cost for the pipeline, and click **Create Edge Services pipeline**. +4. Under **Configure options**, set the options you want for this pipeline: + - **Cache**: When enabled, content from your backend is cached with Edge Services and served directly to users from Edge Services' servers. Set a **Lifetime** value to dictate how long objects should remain in the cache before being freshly retrieved from the backend. A value of `0` means objects will not be cached, unless they have a caching directive. [Find out more about caching](/edge-services/how-to/configure-cache/). + - **WAF**: When enabled, requests to your backend are evaluated by a **W**eb **A**pplication **F**irewall. Malicious requests are blocked or logged, depending on your settings. Set a paranoia level to determine WAF's aggressivity, and a mode (block or log) for dealing with malicious requests. [Find out more about WAF](/edge-services/reference-content/understanding-waf/). - - Your bucket's [visibility](/object-storage/concepts/#visibility) can be set to **private**, but any objects within it that you want to expose via Edge Services must be set to [**public** visibility](/object-storage/how-to/manage-object-visibility/). However, in the case that you are using Edge Services with bucket website, objects can remain private. - +5. Enter a name for the pipeline, or keep the randomly generated one. - - +6. Check the cost summary for the pipeline, then click **Create Edge Services pipeline**. You are returned to the **Pipelines** tab, where the newly created pipeline now displays. Click on the pipeline to go to its **Overview** page and start configuration. -## How to configure a custom domain + + For Object Storage backends, your bucket's [visibility](/object-storage/concepts/#visibility) can be set to **private**, but any objects within it that you want to expose via Edge Services must be set to [public](/object-storage/how-to/manage-object-visibility/). However, in the case that you are using Edge Services with bucket website, objects can remain private. + -If you already own a domain, you can customize an Edge Services pipeline endpoint with a subdomain of your choice, e.g. `subdomain.mydomain.com`. This means you can access your Object Storage bucket or Load Balancer origin through Edge Services via your own subdomain rather than the standardized Edge Services endpoint. +## How to configure a custom domain -1. In the Scaleway console, navigate to the Edge Services dashboard for the Object Storage bucket or Load Balancer pipeline whose domain you want to customize: +If you already own a domain, you can customize an Edge Services pipeline endpoint with a subdomain of your choice, e.g. `subdomain.mydomain.com`. This means you can access your backend through Edge Services via your own subdomain rather than the standardized Edge Services endpoint. - +1. In the Scaleway console, navigate to the Edge Services dashboard for the pipeline whose domain you want to customize: 2. In the **Endpoint** panel, click **Configure domain**. The following screen displays: - - -3. Set a subdomain from which your Object Storage bucket or Load Balancer origin will be accessible via its Edge Services pipeline. You must already own the primary domain. For example, if you own `beautiful-domain.com`, choose any subdomain you like and enter `my-chosen-subdomain.beautiful-domain.com` into the box. +3. Set a subdomain from which your backend will be accessible via its Edge Services pipeline. You must already own the primary domain. For example, if you own `beautiful-domain.com`, choose any subdomain you like and enter `my-chosen-subdomain.beautiful-domain.com` into the box. It is **not** possible to use only a root domain (aka primary domain or apex domain), you must use a subdomain. This is because CNAME records, essential to point your domain to your Edge Services endpoint, cannot by definition be created for root domains, only for subdomains. - For example, - ✅ Use: `blog.mywebsite.com` - ❌ Don't use: `mywebsite.com`. 4. This step depends on whether the domain used in the previous step is managed with [Scaleway Domains and DNS](/domains-and-dns/), or an external domain provider. Choose the appropriate tab below. @@ -153,8 +121,6 @@ If you already own a domain, you can customize an Edge Services pipeline endpoin Back in the Scaleway console, click the `Verify CNAME` button to check whether your CNAME record has been correctly configured. Edge Services will carry out a check, and if it is successful the following message displays: - - If the check fails, an error message will display. See the documentation linked above for help troubleshooting such errors. Note that it may take a short time for the DNS record to be propagated and the check to pass. @@ -174,15 +140,15 @@ If you already own a domain, you can customize an Edge Services pipeline endpoin 6. Click **Customize domain** to finish. -Your customized domain is set up, and you are returned to the Edge Services dashboard. The customized domain displays in the Endpoint panel. When you access your Object Storage or Load Balancer origin through this domain, its content will be served via Edge Services. +Your customized domain is set up, and you are returned to the Edge Services dashboard. The customized domain displays in the Endpoint panel. When you access your backend through this domain, its content will be served via Edge Services. ## How to configure caching and WAF Enabling a cache and/or a **W**eb **A**pplication **F**irewall on your Edge Services pipeline are both optional steps. -- Enabling a **cache** means that Edge Services stores copies of files from your origin, and can serve them directly to users from this cache rather then fetching them freshly from your bucket or Load Balancer origin each time. This reduces load on your origin and can improve performance. [Find out how to configure a cache](/edge-services/how-to/configure-cache/) +- Enabling a **cache** means that Edge Services stores copies of files from your backend, and can serve them directly to users from this cache rather then fetching them freshly from your backend each time. This reduces load on your backend and can improve performance. [Find out how to configure a cache](/edge-services/how-to/configure-cache/) -- Enabling **WAF** means that Edge Services can filter out and block potentially malicious requests to your origin. You can choose the [paranoia level](/edge-services/concepts/#paranoia-level) to be used when evaluating requests, and set exclusions to define traffic that shouldn't be filtered by WAF. [Find out how to configure WAF](/edge-services/how-to/configure-waf/) +- Enabling **WAF** means that Edge Services can filter out and block potentially malicious requests to your backend. You can choose the [paranoia level](/edge-services/concepts/#paranoia-level) to be used when evaluating requests, and set exclusions to define traffic that shouldn't be filtered by WAF. [Find out how to configure WAF](/edge-services/how-to/configure-waf/) ## How to delete an Edge Services pipeline @@ -190,10 +156,10 @@ Enabling a cache and/or a **W**eb **A**pplication **F**irewall on your Edge Serv 2. Click the pipeline that you want to delete. You are taken to the pipeline's **Overview** page. -4. In the **Delete Edge Services pipeline** panel at the bottom of the screen, click **Delete Edge Services pipeline**. +3. In the **Delete Edge Services pipeline** panel at the bottom of the screen, click **Delete Edge Services pipeline**. A pop-up displays, asking you to confirm that you want to delete the pipeline. - - The Load Balancer/Object Storage bucket will no longer be accessible via its Edge Services endpoint, or any customized domains pointing to this endpoint. + - The backend will no longer be accessible via its Edge Services endpoint, or any customized domains pointing to this endpoint. - Any files stored in the Edge Services cache will be removed. @@ -202,9 +168,9 @@ Enabling a cache and/or a **W**eb **A**pplication **F**irewall on your Edge Serv - Delete any SSL/TLS certificates you imported into Secret Manager for this pipeline (if no longer required elsewhere), so that you are no longer billed for them. If you generated a managed Let's Encrypt certificate however, Scaleway takes care of the deletion for you. -5. Click **Confirm**. +4. Click **Confirm**. - The Edge Services pipeline is deleted. You can create a new pipeline for this origin at any time, but you will need to reconfigure your custom domain, and the cache will initially be empty. + The Edge Services pipeline is deleted. You can create a new pipeline for this backend at any time, but you will need to reconfigure your custom domain, and the cache will initially be empty. ## How to terminate an Edge Services subscription diff --git a/pages/edge-services/reference-content/cname-record.mdx b/pages/edge-services/reference-content/cname-record.mdx index a290ccefca..7b7413ffff 100644 --- a/pages/edge-services/reference-content/cname-record.mdx +++ b/pages/edge-services/reference-content/cname-record.mdx @@ -3,7 +3,7 @@ title: CNAME records and DNS for Edge Services description: Learn how to set up and manage CNAME records for Scaleway Edge Services pipelines. Follow our detailed guide to configure your custom domain and enhance your cloud accessibility. tags: edge-services pipeline cname dns dates: - validation: 2025-08-11 + validation: 2026-06-09 --- import image from './assets/scaleway-edge-services-configure-domain.webp' @@ -26,7 +26,7 @@ When the client actually connects to `otherdomain.com`'s IP address, the web ser ## When and why do I need to create a CNAME record for Edge Services? -When you create an Edge Services pipeline to an [origin](/edge-services/concepts/#origin) (Object Storage bucket or Load Balancer), initially the origin content is served through the standard Edge Services endpoint, e.g. `pipeline-id.svc.edge.scw.cloud`. If you do not want to customize the standard Edge Services endpoint, you do not need to worry about CNAME records. +When you create an Edge Services pipeline to a [backend](/edge-services/concepts/#backend), initially the backend content is served through the standard Edge Services endpoint, e.g. `pipeline-id.svc.edge.scw.cloud`. If you do not want to customize the standard Edge Services endpoint, you do not need to worry about CNAME records (there is no need to create a CNAME record). However, if you choose to [customize your Edge Services endpoint with your own subdomain](/edge-services/how-to/configure-custom-domain/), a CNAME record must be created to point your subdomain to the Edge Services endpoint. @@ -37,7 +37,7 @@ However, if you choose to [customize your Edge Services endpoint with your own s ## How to create a CNAME record -Log into your domain provider, and locate the DNS settings for your domain. Create a new CNAME record pointing your subdomain to the Edge Services endpoint for your bucket or Load Balancer origin. This endpoint can be retrieved from the Scaleway console. +Log in to your domain provider, and locate the DNS settings for your domain. Create a new CNAME record pointing your subdomain to the Edge Services endpoint for your backend. This endpoint can be retrieved from the Scaleway console. The interface used by different domain providers varies, but creating your CNAME record may look like one of the following examples: diff --git a/pages/edge-services/reference-content/ssl-tls-certificate.mdx b/pages/edge-services/reference-content/ssl-tls-certificate.mdx index 75f96820c3..027909b4d9 100644 --- a/pages/edge-services/reference-content/ssl-tls-certificate.mdx +++ b/pages/edge-services/reference-content/ssl-tls-certificate.mdx @@ -3,12 +3,12 @@ title: SSL/TLS Certificates for Edge Services description: Discover how to configure SSL/TLS certificates for Scaleway Edge Services pipelines. Follow our comprehensive guide to secure your custom domains and ensure data protection. tags: edge-services pipeline ssl-tls certificate ssl tls pem certificate-authority root-certificate pem chain ca dates: - validation: 2025-08-11 + validation: 2026-06-09 --- import image from './assets/scaleway-cert-expired.webp' -This document contains information to help you with SSL/TLS certificates that enable your origin bucket or Load Balancer content to be served over HTTPS, through your customized [Edge Services](/edge-services/) domain. +This document contains information to help you with SSL/TLS certificates that enable your backend content to be served over HTTPS, through your customized [Edge Services](/edge-services/) domain. ## Introduction @@ -24,14 +24,14 @@ The private key is also used by the host for generating digital signatures, whil ### When and why do I need an SSL/TLS certificate for Edge Services? -When you create an Edge Services pipeline, initially your [origin's](/edge-services/concepts/#origin) content is served through the standard Edge Services endpoint, e.g. `https://pipeline-id.svc.edge.scw.cloud`. Scaleway's own SSL/TLS certificate, which covers this subdomain, is used to establish the encrypted connection between client and host. If you do not want to customize the standard Edge Services endpoint, you do not need to worry about creating SSL/TLS certificates. +When you create an Edge Services pipeline, initially your [backend's](/edge-services/concepts/#backend) content is served through the standard Edge Services endpoint, e.g. `https://pipeline-id.svc.edge.scw.cloud`. Scaleway's own SSL/TLS certificate, which covers this subdomain, is used to establish the encrypted connection between client and host. If you do not want to customize the standard Edge Services endpoint, you do not need to worry about creating SSL/TLS certificates. However, if you choose to [customize your Edge Services endpoint with your own subdomain](/edge-services/how-to/configure-custom-domain/), Scaleway's own SSL/TLS certificate can no longer be used to establish encrypted connections to your subdomain. Client connections are now initially going to a different domain which needs to be "guaranteed" by its own certificate (despite the CNAME record for the subdomain pointing to the Scaleway endpoint). Therefore, when you customize your Edge Services endpoint with a subdomain, you are prompted to generate or upload an SSL/TLS certificate for that subdomain. -Even if you have an Edge Services pipeline for a Load Balancer origin, and you have already configured your Load Balancer with a certificate for HTTPS (using Let's Encrypt or a custom certificate), you will still need to follow the steps of this document to provide a certificate for your Edge Services pipeline's customized domain. +Even if you have an Edge Services pipeline for a Load Balancer, and you have already configured your Load Balancer with a certificate for HTTPS (using Let's Encrypt or a custom certificate), you will still need to follow the steps of this document to provide a certificate for the customized domain of your Edge Services pipeline. ## How can I provide an SSL/TLS certificate for my Edge Services customized domain? diff --git a/pages/edge-services/reference-content/understanding-ga.mdx b/pages/edge-services/reference-content/understanding-ga.mdx index 13538ffcbc..af71fce748 100644 --- a/pages/edge-services/reference-content/understanding-ga.mdx +++ b/pages/edge-services/reference-content/understanding-ga.mdx @@ -28,7 +28,7 @@ Check out the [Edge Services pricing page](https://www.scaleway.com/en/pricing/n Edge Services is billed via **subscription**. Three different subscription plans are available, each including different amounts of monthly usage for **cache size** and **number of pipelines**. If your consumption of Edge Services in a given month exceeds the cache size and number of pipelines included in your subscription, you are billed for this extra usage on top of your plan. -An Edge Services pipeline consists of an origin for which Edge Services requests and caches content, and an endpoint from which this content is served via Edge Services. In the case of Object Storage during Public Beta, a pipeline corresponded to a bucket Edge Services was enabled on. If Edge Services was enabled on three different buckets, this equaled three pipelines. In the case of Load Balancer, pipelines were already an explicit concept in the console. +An Edge Services pipeline consists of a backend, for which Edge Services requests and caches content, and an endpoint from which this content is served via Edge Services. Previously, during the Object Storage Public Beta, a pipeline corresponded to a bucket that Edge Services was enabled on. If Edge Services was enabled on three different buckets, this meant three pipelines. With Load Balancer, pipelines were already an explicit concept in the console. At the start of October 2024, current Edge Services users received an email with full details of the three subscription plans. diff --git a/pages/edge-services/reference-content/understanding-pricing.mdx b/pages/edge-services/reference-content/understanding-pricing.mdx index e3b692bb2e..21e9461be9 100644 --- a/pages/edge-services/reference-content/understanding-pricing.mdx +++ b/pages/edge-services/reference-content/understanding-pricing.mdx @@ -3,7 +3,7 @@ title: Understanding Edge Services pricing description: Find answers to all your questions about how pricing for Edge Services works, how to calculate your billing, and the different subscription plans available. Different scenarios are presented, with explanations of how you would be billed in each one. tags: edge-services general-availability pricing billing subscription-plan pro-rata dates: - validation: 2025-06-26 + validation: 2026-06-09 creation: 2024-10-16 --- import image from './assets/scaleway-current-conso.webp' @@ -22,7 +22,7 @@ Edge Services billing is based on [monthly subscription plans](https://www.scale When you subscribe to a plan, you are billed its flat monthly fee, which allows you to: -- Run a fixed maximum number of Edge Services [pipelines](/edge-services/concepts/#pipeline) for the month. They can be for Object Storage or Load Balancer origins, or a mixture of both. +- Run a fixed maximum number of Edge Services [pipelines](/edge-services/concepts/#pipeline) for the month. They can target any of your backends, in any combination. - Egress a fixed maximum amount of data from all your pipelines' [caches](/edge-services/concepts/#cache). - Filter a fixed maximum amount of requests through [WAF](/edge-services/concepts/#waf) @@ -32,7 +32,7 @@ The Starter plan does not include WAF. To use WAF on this plan, you must pay an If you subscribe to a plan, and exceed its monthly limits for pipelines, cache data, or WAF requests you will incur additional charges that month. -Essentially, your Edge Services monthly bill is made up of your **monthly subscription plan price** + **any additional pipeline charges incurred** + **any additional cache charges incurred** + **optional WAF add-on** (Started plan only) + **any additional WAF charges incurred**. +Essentially, your Edge Services monthly bill is made up of your **monthly subscription plan price** + **any additional pipeline charges incurred** + **any additional cache charges incurred** + **optional WAF add-on** (Starter plan only) + **any additional WAF charges incurred**. For full details of the price and limits of each plan, refer to the [pricing page](https://www.scaleway.com/en/pricing/network/#edge-services). Subscription plans are scoped to a single Scaleway [Project](/organizations-and-projects/concepts/#project). @@ -93,7 +93,7 @@ e.g. `(4 / 30) * 5 = €0.67` + `(4 / 30) * 15 = €2` = `€2.67` ### Additional cache charges -Cache consumption is based on the volume of data egressed from all your Edge Services pipelines' caches combined, in a given month. The transfer of data from the origin bucket or Load Balancer into the cache, or directly from the origin to a user, does not count towards the limit of your plan, and does not incur any additional charges. +Cache consumption is based on the total volume of data egressed from the caches of all your Edge Services pipelines, in a given month. The transfer of data from the backend into the cache, or directly from the backend to a user, does not count toward the limit of your plan, and does not incur any additional charges. For every extra GB of data that is egressed from your Edge Services caches in a month, **beyond** the limit of your monthly plan, an additional charge applies. @@ -113,7 +113,7 @@ e.g. `0.0135 * 200 = €2.70` ### Additional WAF charges -WAF consumption is based on the number of requests processed by all your Edge Services pipelines' Web Application Firewalls combined, in a given month. Requests that are served by the cache are **not** processed by WAF, as WAF protects only your origin. +WAF consumption is based on the total number of requests processed by the Web Application Firewalls of all your Edge Services pipelines, in a given month. Requests that are served by the cache are **not** processed by WAF, as WAF protects only your backend. For every million requests processed by Edge Services WAF in a month, **beyond** the limit of your monthly plan (or add-on, in the case of the Starter plan), an additional charge applies. diff --git a/pages/edge-services/reference-content/understanding-waf.mdx b/pages/edge-services/reference-content/understanding-waf.mdx index a6dd0ffcf1..669d615b6f 100644 --- a/pages/edge-services/reference-content/understanding-waf.mdx +++ b/pages/edge-services/reference-content/understanding-waf.mdx @@ -3,7 +3,7 @@ title: Understanding Edge Services Web Application Firewall (WAF) description: Learn how to protect your web applications with Scaleway Edge Services Web Application Firewall (WAF). Discover the principles, paranoia levels, and limitations of WAF, and find out how to define exclusions for optimal security and performance. tags: edge-services web-application-firewall waf paranoia-levels exclusions dates: - validation: 2025-06-26 + validation: 2026-06-09 creation: 2025-03-03 --- import image from './assets/scaleway-edge-services-waf-diag.webp' @@ -14,23 +14,23 @@ You can choose to enable the **W**eb **A**pplication **F**irewall (WAF) feature ## WAF overview -When enabled, WAF protects your origin from potential threats. +When enabled, WAF protects your backend from potential threats. -It does so by evaluating each request to your origin, to determine whether it is potentially malicious. Four different rulesets can be used to evaluate requests, each more aggressive than the last. The ruleset to use is determined by the **paranoia level** set by the user. +It does so by evaluating each request to your backend, to determine whether it is potentially malicious. Four different rulesets can be used to evaluate requests, each more aggressive than the last. The ruleset to use is determined by the **paranoia level** set by the user. -For requests judged to be malicious, WAF can either block them from passing to your origin (as shown in the diagram below), or simply log them but allow them to pass, depending on the settings you choose. +For requests judged to be malicious, WAF can either block them from passing to your backend (as shown in the diagram below), or simply log them but allow them to pass, depending on the settings you choose. -You can set **exclusions**, so that certain requests are not evaluated by WAF and are allowed to pass directly to your origin. Exclusion filters are based on the request path and/or HTTP request type. +You can set **exclusions**, so that certain requests are not evaluated by WAF and are allowed to pass directly to your backend. Exclusion filters are based on the request path and/or HTTP request type. - + ## WAF in an Edge Services pipeline -In an Edge Services pipeline, WAF sits before the origin stage. This means that WAF only protects your origin, it does not protect or filter requests towards the cache. +In an Edge Services pipeline, WAF sits before the backend stage. This means that WAF only protects your backend, it does not protect or filter requests toward the cache. - + -If you have both WAF and cache enabled, requests that can be served by the cache will not go through WAF. Only requests that cannot be served by the cache will be filtered by WAF, and allowed to pass to the origin or not depending on your WAF configuration. +If you have both WAF and cache enabled, requests that can be served by the cache will not go through WAF. Only requests that cannot be served by the cache will be filtered by WAF, and allowed to pass to the backend or not, depending on your WAF configuration. ## WAF ruleset and paranoia levels @@ -85,7 +85,6 @@ Each exclusion can consist of: ## WAF limitations - WAF only analyzes the first 16 384 bytes of the body of HTTP/S requests. -- WAF protects your origin only, and not your cache. +- WAF protects your backend only, and not your cache. - You can add a maximum of 100 WAF exclusions. -- You cannot currently specify exclusions at the individual rule level. Requests matching exclusion filters bypass WAF entirely. -- WAF can be configured via the console for Load Balancer pipelines only. To configure WAF for an Object Storage bucket pipeline, use the [API](https://www.scaleway.com/en/developers/api/edge-services/) +- You cannot currently specify exclusions at the individual rule level. Requests matching exclusion filters bypass WAF entirely. diff --git a/pages/edge-services/troubleshooting/cache-problems.mdx b/pages/edge-services/troubleshooting/cache-problems.mdx index 19030fd3e6..7b69db3ecd 100644 --- a/pages/edge-services/troubleshooting/cache-problems.mdx +++ b/pages/edge-services/troubleshooting/cache-problems.mdx @@ -21,7 +21,7 @@ You may find that even though your application includes proper cache headers (e. ### Cause -The issue often stems from unintended cache bypasses caused by cookies in client requests. For security reasons, Edge Services blocks caching for requests with cookies. This means the cache server bypasses the origin's Cache-control header when the client is using cookies for image requests, for example. +The issue often stems from unintended cache bypasses caused by cookies in client requests. For security reasons, Edge Services blocks caching for requests with cookies. This means the cache server bypasses the backend's `Cache-Control` header when the client is using cookies for image requests, for example. ### Solutions diff --git a/pages/load-balancer/how-to/use-edge-services.mdx b/pages/load-balancer/how-to/use-edge-services.mdx index f72eed3220..fbaaf14275 100644 --- a/pages/load-balancer/how-to/use-edge-services.mdx +++ b/pages/load-balancer/how-to/use-edge-services.mdx @@ -16,42 +16,4 @@ Edge Services is an additional feature for Scaleway Load Balancers and Object St -Read on to learn how to create an Edge Services pipeline for your Load Balancer origin. - - - -- A Scaleway account logged into the [console](https://console.scaleway.com) -- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization -- A [Load Balancer](/object-storage/how-to/create-a-bucket/) - -## How to subscribe to Edge Services - -To use Edge Services, you must subscribe to a [pricing plan](https://www.scaleway.com/en/pricing/network/#edge-services). Within its monthly price, each pricing plan lets you create a certain number of pipelines and consume a certain amount of cache data. - -Find out more about pricing plans and how to subscribe to Edge Services in our [dedicated documentation](/edge-services/how-to/subscribe-edge-services/). - -## How to create an Edge Services pipeline for Load Balancer - - -You can create an Edge Services pipeline from the **Edge Services** section of the console, however, in this documentation, we describe how to initiate pipeline creation directly from the **Load Balancers** dashboard. - - -1. Click **Load Balancers** in the **Network** section of the [Scaleway console](https://console.scaleway.com) side menu. A listing of your Load Balancers displays. - -2. Click the **Edge Services** tab. - -3. Click **Create Edge Services pipeline**. The pipeline creation wizard displays. - - - -4. [Follow step 3 onwards](/edge-services/how-to/create-pipeline-lb/#how-to-create-an-edge-services-pipeline-for-load-balancer) in our dedicated Edge Services documentation to finish creating your pipeline. - -## How to configure your pipeline - -See the dedicated Edge Services section of the documentation for help with: - -- [Customizing your Edge Services endpoint](/edge-services/how-to/configure-custom-domain/) -- [Configuring your Edge Services cache](/edge-services/how-to/configure-cache/) -- [Configuring WAF for Edge Services](/edge-services/how-to/configure-waf/) - -To go further, browse our full range of Edge Services documentation on the [Edge Services Overview](/edge-services/) page. \ No newline at end of file +To get started with Edge Services, refer to the dedicated [Quickstart documentation page](/edge-services/quickstart/). \ No newline at end of file diff --git a/pages/object-storage/how-to/get-started-edge-services.mdx b/pages/object-storage/how-to/get-started-edge-services.mdx index 1a866ec2b8..296fcdcb89 100644 --- a/pages/object-storage/how-to/get-started-edge-services.mdx +++ b/pages/object-storage/how-to/get-started-edge-services.mdx @@ -17,60 +17,5 @@ Edge Services is an additional feature for Scaleway Load Balancers and Object St -Read on to learn how to create an Edge Services pipeline for your Object Storage bucket. - - -- A Scaleway account logged into the [console](https://console.scaleway.com) -- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization -- An [Object Storage bucket](/object-storage/how-to/create-a-bucket/) - -## How to subscribe to Edge Services - -To use Edge Services, you must subscribe to a [pricing plan](https://www.scaleway.com/en/pricing/network/#edge-services). Within its monthly price, each pricing plan lets you create a certain number of pipelines and consume a certain amount of cache data. - -Find out more about pricing plans and how to subscribe to Edge Services in our [dedicated documentation](/edge-services/how-to/subscribe-edge-services/). - -## How to create an Edge Services pipeline - -Once you have subscribed to Edge Services, you are ready to create a pipeline. Follow the steps below. - - -You can create an Edge Services pipeline from the **Edge Services** section of the console, however, in this documentation, we describe how to create a pipeline directly from your bucket's dashboard in the **Object Storage** section. - - -1. Click **Object Storage** in the **Storage** section of the [Scaleway console](https://console.scaleway.com/) side menu. - -2. Click the name of the bucket you want to create an Edge Services pipeline for. - - -3. Click the **Edge Services** tab. - - - -4. Click **Create pipeline**. - - A pop-up asks you to confirm that you want to create a pipeline to expose the bucket via Edge Services. - -5. Click **Create pipeline** to confirm. - - Edge Services is enabled on your bucket, and a pipeline is automatically created. Various features are now visible on the Edge Services tab, ready to be configured. - - - - Your bucket's [visibility](/object-storage/concepts/#visibility) can be set to **private**, but any objects within it that you want to expose via Edge Services must be set to [**public** visibility](/object-storage/how-to/manage-object-visibility/). However, in the case that you are using Edge Services with bucket website, objects can remain private. - - - -## How to access your bucket via Edge Services - -Once you have created an Edge Services for your bucket, you can access your bucket and its content via its original Object Storage endpoint, and via its new customizable Edge Storage endpoint. Get full details in the [Edge Services](/edge-services/how-to/create-pipeline-bucket/#how-to-access-your-bucket-via-edge-services) section of the documentation. - -## How to configure your pipeline - -See the dedicated Edge Services section of the documentation for help with: - -- [Customizing your Edge Services endpoint](/edge-services/how-to/configure-custom-domain/) -- [Configuring your Edge Services cache](/edge-services/how-to/configure-cache/) - -To go further, browse our full range of Edge Services documentation on the [Edge Services Overview](/edge-services/) page. +To get started with Edge Services, refer to the dedicated [Quickstart documentation page](/edge-services/quickstart/).