Azion Edge Application allows you to build your web applications to run on Azion Edge Computing Platform.
See how to set up an edge application in the first steps documentation.
You can use Edge Caching, Application Acceleration and Edge Functions features to build more powerful web applications that are capable of handling large access peaks with better performance and security for your users.
1. How it Works
Azion works with a reverse proxy architecture through which your users connect to the Edge Nodes of our highly distributed global network, which will be able to cache your content or even execute functions of your application, in addition to having a wide array for optimization.
When users request content on the internet, their browser or application starts with DNS resolution to translate the requested domain to an IP address. When using Azion, you will set up the DNS for your web application to point to a generated address when creating a Domain at Azion.
Azion selects, through your SDN Router, the Edge Node closest to the user, reducing latency and increasing the speed of content transfer.
In this architecture, your content or web application needs to be available from an origin, which can be one or more web servers in your infrastructure, a cloud service or one of Azion’s Origin Services.
2. Edge Caching
Azion’s highly distributed global network allows you to deliver your content much more efficiently. Content that is cached – cache hit – on Azion’s Edge Nodes can be delivered directly to your users, from the nearest Edge Node, without having to access the origin. In addition to increasing performance and scalability for your content, you can save on your origin infrastructure.
A cache miss occurs when a content is requested and it is not in cache. Azion minimizes the effect of cache miss by maintaining a keepalive connection with the origin, whenever possible, avoiding the overhead of the TCP/IP handshake. Regardless of the volume of simultaneous requests made to Azion’s Edge Nodes, each Edge Node will search the content at the origin only once per cache miss, which substantially reduces the impact on your infrastructure.
Initially, proxy traffic was through two main web ports: 80 (HTTP) and 443 (HTTPS), which were configured by default. Currently, when setting up your edge application you can choose to use the default ports or other custom ports, enabling your edge application to receive requests on more HTTP and HTTPS ports as you prefer. In addition to ports 80 and 443, Azion provides the following options:
|Port HTTP||Port HTTPS|
|80 (default)||443 (default)|
To view and select the options of your preference, click the HTTP or HTTP&HTTPS check box and specify the web port that best suits your application.
4. Minimum TLS version
The TLS – Transport Layer Security – protocol allows you to encrypt web traffic. Currently the protocol offers some versions that can be used, such as: TLS 1.0 (Deprecated), 1.1 (Deprecated), 1.2 e 1.3.
You will be able to choose the minimum version of TLS that will be supported to encrypt the traffic.
When choosing recent versions of the protocol, be aware that some old devices or browsers will not be able to access the Edge Application.
To use the functionality, follow these steps:
- Access Real-Time Manager, click the Products menu, in Edge Computing select Edge Applications;
- Add or edit one Edge Application;
- To choose the minimum version of TLS it is necessary that the Delivery Protocol in the Main Settings tab is HTTP & HTTPS;
- Select the minimum version of the TLS protocol that will encrypt the traffic.
Minimum TLS Version functionality is available in the latest version of Edge Application Version 3. If the functionality isn’t visible, you have to update the version of your Edge Application to enable this and other features.
Additionally, by default, Azion blocks TLS Renegotiation and TLS Resumption. If you want to customize this setup, contact our Sales team.
Ciphers supported per TLS version
TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519)
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (ecdh_x25519) TLS_ECDHE_ECDSA_WITH_AES_128_CCM (ecdh_x25519) TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (ecdh_x25519) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) TLS_RSA_WITH_AES_128_CCM_8 (rsa 2048) TLS_RSA_WITH_AES_128_CCM (rsa 2048) TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 (ecdh_x25519) TLS_ECDHE_ECDSA_WITH_AES_256_CCM (ecdh_x25519) TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (ecdh_x25519) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (ecdh_x25519) TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (ecdh_x25519) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) TLS_RSA_WITH_AES_256_CCM_8 (rsa 2048) TLS_RSA_WITH_AES_256_CCM (rsa 2048) TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048)
TLS 1.1 and TLS 1.0
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (ecdh_x25519) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (ecdh_x25519) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048)
5. Edge Application Modules
Azion provides you with network, compute and security modules so that you can build high performance, scalable and secure web applications in a simple way and with no operational tasks. See the documentation for each product:
5. Support Documentation
Didn’t find what you were looking for? Open a support ticket.