Edge Connector
Edge Connector centralizes connection settings, allowing you to reuse them across multiple applications, and provides granular control over performance, security, and routing through a unified interface for connecting Edge Applications to an origin, natively incorporating features such as load balancing, HMAC authentication, and Origin Shield.
Implementation
| Scope | Resource |
|---|---|
| Edge Application first steps | First steps |
| Load Balancer module | Load Balancer |
Connector Type
There are three options for you to connect your origin:
- HTTP: Connect to external origins via secure HTTP protocol for data delivery.
- Edge Storage: Link your Edge Storage bucket.
- Live Ingest: Designed for live video stream ingestion, this feature allows you to select the ingestion region to optimize latency.
HTTP
Allows you to connect to generic HTTP servers, offering several configuration options, including:
- Connection Options: Provides control over DNS resolution, transport policy (HTTP/HTTPS), HTTP version, host, path prefix, redirect behavior, and headers for real IP and port.
- Advanced Modules: Enables features such as load balancing when using multiple origins (using methods like round-robin, least connections, IP hash, and support for retries and timeouts), Origin Shield (with IP ACL), and HMAC for additional security when communicating with the backend.
Host Header
The Host header is used by your origin to identify the virtualhost and locate your content or application. When configuring an origin in Azion Console, you have the option to customize the value sent by Azion in the Host header.
If the Host Header field is left blank, Azion will use the same address specified in the Address field as the default. If your origin is configured to respond to a virtualhost using the same address as configured in DNS, you can leave the Host Header field empty.
However, if your origin responds to a virtualhost at an address different from the one set in DNS, you must fill in a custom value for the Host header in FQDN format, for example, www.yourdomain.com.
Alternatively, you can use the ${host} variable in the Host Header field to instruct the edge nodes to pass on the Host header received from your visitors to the origin. This setting is useful if you have multiple virtualhosts being served by the same origin.
Path
Path allows you to specify a custom path from which edge nodes will request your origin content. Azion appends the Path to the URI when forwarding the request to your origin, but it doesn’t append the URI for user requests. For instance, if you determine that the path of your origin is under /secure and you have configured your application to be delivered through yourdomain.com, the /secure path won’t be part of the request to the end user.
Address
To define an origin for your content, you need to specify the address of your server as either a domain name in FQDN format or an IPv4/IPv6 address. If you have defined the Origin Protocol Policy as Enforce HTTP or Enforce HTTPS, you can customize the origin port using the HTTP port and HTTPS port fields.
Protocol Policy
Azion’s delivery architecture offers you the flexibility to tailor the type of connection between the edge nodes and your origin based on your specific requirements:
- Preserve HTTP/HTTPS protocol: This option maintains the same connection protocol (HTTP or HTTPS) and ports used by your users when accessing your content on Azion. It ensures continuity from Azion to your origin server.
- Enforce HTTP: With this setting, the connection between Azion’s edge nodes and your origin will be exclusively through HTTP, regardless of the connection protocol and ports used by your users to access Azion’s content. You can customize a specific port for your origin in the Address field, deviating from the default port (80 for HTTP) if desired.
- Enforce HTTPS: This option mandates the connection between Azion’s edge nodes and your origin to be exclusively through HTTPS, regardless of the connection protocol and ports used by your users to access Azion’s content. You can customize a specific port for your origin in the Address field, different from the default port (443 for HTTPS) if required.
HMAC Authentication
HMAC (Hash-Based Message Authentication Codes) is the built-in support for AWS S3 or compatible authentication.
You should include in the HMAC access credentials given by your storage provider: Region, Access Key, and Secret Key.
Timeouts
The connection_timeout parameter specifies the timeout, in seconds, for establishing a connection to the origin. The read_write_timeout parameter defines the timeout, in seconds, for read and write operations. This value represents the maximum interval allowed between the last byte sent or received on the active connection to the origin.
Modules
Load Balancer
When HTTP is selected as a connector type, you can configure the Balancing Method to determine how large amounts of requests are distributed among addresses, add multiple Addresses to your Edge Connector, and change the Server Role and Weight of each address.
Learn more about Load BalancerOrigin Shield
Origin Shield is a security feature that provides a dynamic Network List, Azion Origin Shield, containing all IP/CIDR addresses used by Azion’s network infrastructure.
This list serves as a data source for enforcing a strict IP Access Control List (ACL) on your origin servers. By configuring your origin’s firewall to permit inbound traffic exclusively from the addresses specified in this list, you establish a Layer 3/4 security perimeter, ensuring that only Azion’s edge servers can connect to your origin and blocking all direct access from external sources.
Clients are responsible for automating updates to their security policies to keep them aligned with the current Origin Shield addresses. To activate it, enable Origin IP ACL for at least one Edge Connector in your account.
Attributes
Below are the attributes for the Edge Connector API when using the HTTP connector type.
| Attribute | Description | Example/Values |
|---|---|---|
addresses | List of backend addresses with configuration details. | – |
active | Indicates if the address is active. | true, false |
address | Backend address (hostname or IP). | "string" |
http_port | HTTP port for the backend address. | 80 |
https_port | HTTPS port for the backend address. | 443 |
modules | Modules applied at the address level. | – |
load_balancer | Load balancer configuration for this address. | – |
server_role | Server role for load balancing. | "primary" |
weight | Server weight used in load balancing. | 1 |
connection_options | Specifies connection options for backend connections. | – |
dns_resolution | DNS resolution policy for the backend connection. | "preserve" |
transport_policy | Transport protocol preference (HTTP/HTTPS). | "preserve" |
http_version_policy | HTTP version to use for the connection. | "http1_1" |
host | Host header sent to the backend. | "${host}" |
path_prefix | Additional prefix to be added to the path. | "" |
following_redirect | Indicates if redirects from the backend are followed. | false |
real_ip_header | Header used to transmit the real client IP address. | "X-Real-IP" |
real_port_header | Header used to transmit the client source port. | "X-Real-PORT" |
modules | Advanced modules for backend connection handling. | – |
load_balancer | Load balancer settings. | – |
enabled | Indicates if load balancing is enabled. | false |
config | Load balancer configuration options. | – |
method | Load balancing method. | "round_robin" |
max_retries | Maximum number of retries for backend connections. | 0 |
connection_timeout | Timeout in seconds for establishing a connection. | 60 |
read_write_timeout | Timeout in seconds for read/write operations. | 120 |
origin_shield | Origin Shield settings. | – |
enabled | Indicates if Origin Shield is enabled. | false |
config | Origin Shield configuration options. | – |
origin_ip_acl | IP ACL configuration for Origin Shield. | – |
enabled | Enables IP ACL for Origin Shield. | false |
hmac | HMAC configuration for Origin Shield. | – |
enabled | Indicates if HMAC security is enabled. | false |
config | HMAC configuration options. | – |
type | HMAC type. | "aws4_hmac_sha256" |
attributes | HMAC credential set. | – |
region | AWS region for HMAC. | "string" |
service | AWS service for HMAC. | "s3" |
access_key | AWS access key for HMAC. | "string" |
secret_key | AWS secret key for HMAC. | "string" |
Edge Storage
When Edge Storage is selected as an origin type, it connects directly with an Azion Edge Storage bucket where you must add the bucket name and prefix.
The bucket name is defined when you create or modify an Edge Storage bucket.
The prefix is the path to the folder within the bucket that stores the objects. This field can be left blank if you wish your application’s origin to be the root of the bucket.
Attributes
Below are the attributes for the Edge Connector API when using the Edge Storage connector type.
| Attribute | Type | Description |
|---|---|---|
| bucket | String | The name of the bucket. |
| prefix | String | The prefix path for the bucket. |
Live Ingest
This connector type can be used for scenarios where content providers require high fidelity and low latency, such as live events, e-sports, and educational content. It supports ingestion of live video streams and enables selection of the ingestion region to optimize latency. The platform uses a network of edge locations to improve delivery efficiency and scalability, and provides security features for stream protection. To use this connector type, select your preferred ingestion region to minimize latency, start streaming your live video using the appropriate endpoint, and monitor performance to ensure optimal delivery.
Go to Live Ingest Solution