Cloud customer?
Start for Free >
Upgrade in MyJFrog >
What's New in Cloud >





Overview

The JFrog Cloud with Amazon's CloudFront CDN solution allows Enterprise users to manage, control and distribute high volumes of software distribution across multiple locations. 

The main advantages of using Artifactory with CDN are:

  • Integrated advanced CDN solution without having to deal with the complexity of setting up a separate external CDN Caching system.
  • Powerful fine-grained permissions model and authentication capabilities, as well as allow access to content via signed URLs. 
  • Full control of which content is accessible via CDN as the CDN can be enabled at the repository level and can be managed using the UI or via the REST API.
  • Apply country and IP filtering.

Supported Cloud Vendors and Regions

CDN is supported on AWS only, including AWS marketplace customers. All AWS regions are supported except for North California and China.

For Enterprise customers, CDN redirects will only work for anonymous users.

JFrog Subscription Levels

CLOUD (SaaS)
ENTERPRISE
ENTERPRISE+
Page Contents


Main Features and Functionality

CDN functionality is integrated into JFrog Cloud and is available for the following subscription types.

Subscription/FeatureEnterpriseEnterprise+
CDN for Public Content(tick)(tick)
CNAME with own SSL(tick)(tick)
CDN CNAME/ SSL, Signed URL(tick)(tick)
IP Allow List(tick)(tick)
CDN for Private Content (permissions, access tokens)(error)(tick)

Downloading Artifacts from Artifactory with CDN

The following workflow occurs when users download artifacts from the Artifactory with CDN:

  1. The user submits a download artifact request to Artifactory.
  2. Artifactory sends back a redirected CDN URL to the user.
  3. A redirected download request is automatically routed by the user to the nearest CDN.
  4. The requested artifact is downloaded to the user.


CDN Redirect in JFrog Cloud

Background

Some JFrog customers secure their networks by limiting clients' egress traffic based on a domain-based Allow List. Therefore, when enabling CDN redirect, calls to cloudfront.net will get blocked unless explicitly allowed. While adding the entire cloudfront.net domain to the Allow List is technically possible, this setup is permissive and insecure.

Additionally, customers who already use a CNAME on top of their JFrog service would like to be able to extend the coverage of their CNAME to the CDN as well.

Adding Redirect URLs to the JFrog Allow List

To support these issues, JFrog Cloud enables you to add redirect URLs to the Allow List.

  • To extend your custom CNAME to point at the CloudFront domain (CDN CNAME endpoint): Contact JFrog Support. You will need to provide JFrog with an SSL certificate and to request to apply the CNAME over the CDN URL as well.

    Requirements

    You will need to provide this information in PEM format, which must include the chain, certificate and key.

    While CloudFront supports both 1024-bit and 2048-bit RSA keys for the certificate, you should use 2048-bit keys, which use stronger encryption algorithms. For more information, see Amazon CloudFront public key requirements size.

  • To add your dedicated CloudFront CDN endpoint to your Allow List:

    1. Find your CloudFront CDN endpoint.
    2. Add that domain to the Allow List.
  • No labels
Copyright © 2022 JFrog Ltd.