Looking for custom PHP Content Delivery Network (CDN) script for my server
REF: https://en.wikipedia.org/wiki/Content_delivery_network
A content delivery network or content distribution network is a system of computers where our website is stored so it’s data (images/videos) can be served from multiple locations. However I dont want to use any online paid/unpaid CDN services but would like to setup CDN on my own high speed server. I did google a lot but dont see any such CDN script which i can install on my server.
I am looking for such script which can support High level cache-control.
Can you please share if you know any good CDN script developed in PHP?
Answer
This isn't done in PHP, this done in Apache.
What I've done on my own home server (that's probably what you want) is set up a cookieless sub-domain for serving content, and enable caching and GZip. The following Apache configurations are all located in a .htaccess file in the website directory.
# GZIP compression
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(eot|ico|gif|jpe?g|php|png|ttf|svg|woff)$ no-gzip dont-vary
# Fonts on a cookieless subdomain
<FilesMatch "\.(eot|ttf|svg|woff)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
# Cookieless Static Content
<FilesMatch "\.(css|eot|ico|gif|jpe?g|js|png|ttf|svg|woff)$">
Header unset Cookie
Header unset Set-Cookie
</FilesMatch>
# Caching
ExpiresActive On
ExpiresDefault A0
<FilesMatch "\.(eot|ico|gif|jpe?g|png|ttf|svg|woff)$">
# 2 year caching for images and stuff
ExpiresDefault A31536000
Header append Cache-Control "public"
</FilesMatch>
<FilesMatch "\.(css|js)$">
# 1 week caching for styles and scripts
ExpiresDefault A604800
Header append Cache-Control "public"
</FilesMatch>
#Other Header Manipulation
FileETag MTime Size
Header unset X-Powered-By
AddDefaultCharset UTF-8
DefaultLanguage en-US
So long as you don't mind caching and GZip on your primary domain (which you shouldn't), just link to your cookieless content using your designated cookielesss sub-domain, and Apache takes care of the rest.
Update
I added a few things I've learned about since posting this answer, such as:
- Allowing any domain to link to fonts so that they may be served without cookies.
- Setting the ETAG header since it should be set.
- A few other header fields that aren't bad to include/get rid of.
However, there's one last security concern to keep in mind if you're using HTTPS, and that is BREACH. To protect against this decryption technique, you can remove gzip compression from any page that displays dynamic content (GZIPping static content like static HTML, CSS, or JS is still ok). To avoid compressing a certain file type (like PHP), add it to the SetEnvIfNoCase directive near the start of this config.
Alternatively, you can keep compression enabled and use the GCM cipher method since the BREACH family of attacks only work on the CBC cipher method. As much as I hate to be "that guy", the manual is really the best reference for this if you want to get into configuring such things. It's a fairly complicated topic and the manual does a good job of explaining the basics.