Main Features and Functionality
CDN functionality is integrated into JFrog Cloud and is available for the following subscription types.
|CDN for Public Content|
|CNAME with own SSL|
|CDN CNAME/ SSL, Signed URL|
|IP Allow List|
|CDN for Private Content (permissions, access tokens)|
Downloading Artifacts from Artifactory with CDN
The following workflow occurs when users download artifacts from the Artifactory with CDN:
- The user submits a download artifact request to Artifactory.
- Artifactory sends back a redirected CDN URL to the user.
- A redirected download request is automatically routed by the user to the nearest CDN.
The requested artifact is downloaded to the user.
CDN Redirect in JFrog Cloud
Some JFrog customers secure their networks by limiting clients' egress traffic based on a domain-based Allow List. Therefore, when enabling CDN redirect, calls to cloudfront.net will get blocked unless explicitly allowed. While adding the entire cloudfront.net domain to the Allow List is technically possible, this setup is permissive and insecure.
Additionally, customers who already use a CNAME on top of their JFrog service would like to be able to extend the coverage of their CNAME to the CDN as well.
Adding Redirect URLs to the JFrog Allow List
To support these issues, JFrog Cloud enables you to add redirect URLs to the Allow List.
To extend your custom CNAME to point at the CloudFront domain (CDN CNAME endpoint): Contact JFrog Support. You will need to provide JFrog with an SSL certificate and to request to apply the CNAME over the CDN URL as well.
You will need to provide this information in PEM format, which must include the chain, certificate and key.
While CloudFront supports both 1024-bit and 2048-bit RSA keys for the certificate, you should use 2048-bit keys, which use stronger encryption algorithms. For more information, see Amazon CloudFront public key requirements size.
To add your dedicated CloudFront CDN endpoint to your Allow List:
- Find your CloudFront CDN endpoint.
- Add that domain to the Allow List.