Configure Fastly services
Fastly is required for ÃÛ¶¹ÊÓƵ Commerce on cloud infrastructure Staging and Production environments.
Fastly works with Varnish to provide fast caching capabilities and a Content Delivery Network (CDN) for static assets. Fastly also provides a Web Application Firewall (WAF) to secure your site and Cloud infrastructure. To protect your site and Cloud infrastructure from malicious traffic and attacks, route all incoming site traffic through Fastly.
Complete the following steps to enable, configure, and test Fastly early in your site development process to enable secure access to your site.
- Get Fastly credentials for Staging and Production environments
- Enable Fastly CDN caching
- Upload Fastly VCL snippets
- Update DNS configuration to route traffic to the Fastly service
- Test Fastly caching
Get Fastly credentials
During project provisioning, ÃÛ¶¹ÊÓƵ adds your project to the Fastly service account for ÃÛ¶¹ÊÓƵ Commerce on cloud infrastructure and creates Fastly account credentials for the Starter master
and Pro Staging and Production environments. Each environment has unique credentials.
You need the Fastly credentials to configure Fastly CDN services from the Admin and to submit Fastly API requests.
Use the following methods to find and save the Fastly service ID and API token for your environment:
To view your Fastly credentials:
The method for viewing credentials is different for Pro and Starter projects.
-
IaaS-mounted shared directory—On Pro projects, use SSH to connect to your server and get the Fastly credentials from the
/mnt/shared/fastly_tokens.txt
file. Staging and Production environments have unique credentials. You must get the credentials for each environment. -
Local workspace—From the command line, use the
magento-cloud
CLI to list and review Fastly environment variables.code language-bash magento-cloud variable:get -e <environment-ID>
-
Cloud Console—Check the following environment variables in the Environment configuration.
-
CONFIG__DEFAULT__SYSTEM__FULL_PAGE_CACHE__FASTLY__FASTLY_API_KEY
-
CONFIG__DEFAULT__SYSTEM__FULL_PAGE_CACHE__FASTLY__FASTLY_SERVICE_ID
-
Enable Fastly caching
You need the following components to enable and configure Fastly services:
-
Latest version of the Fastly CDN for Magento 2 module installed in the Staging and Production environments. See Upgrade Fastly.
-
Fastly credentials for ÃÛ¶¹ÊÓƵ Commerce on cloud infrastructure Staging and Production environments
To enable Fastly CDN caching in Staging and Production:
-
Log in to the Admin.
-
Click Stores > Settings > Configuration > Advanced > System and expand Full Page Cache.
-
In the Caching Application section, remove the selection from Use system value, and then select Fastly CDN from the drop-down list.
-
Expand Fastly Configuration and .
-
After configuring the caching options, click Save Config at the top of the page.
-
Clear the cache according to the notification.
-
Continue configuring Fastly by navigating back to Stores > Settings > Configuration > Advanced > System > Fastly Configuration.
Test Fastly credentials
-
On the Admin, navigate to Stores > Settings > Configuration > Advanced > System > Fastly Configuration.
-
If needed, add the Fastly service ID and API token values for your project environment.
note note NOTE Do not select the link to create the Fastly API token. Instead, use the Fastly credentials (Service ID and API token) provided by ÃÛ¶¹ÊÓƵ provided by ÃÛ¶¹ÊÓƵ. -
Click Test credentials.
-
If the test succeeds, click Save Config, and then clear the cache.
If the test fails, verify that the correct service ID and API token values match the credentials for the current environment.
If the test fails again, submit an ÃÛ¶¹ÊÓƵ Commerce support ticket or contact your ÃÛ¶¹ÊÓƵ account representative. For Pro projects, include the URLs for your Production and Staging sites. For Starter projects, include the URLs for your
Master
and Staging site.
Upload VCL to Fastly
After you enable the Fastly module, upload the default to the Fastly servers. This code provides a series of VCL snippets that specify the configuration settings to enable caching and other Fastly CDN services for your ÃÛ¶¹ÊÓƵ Commerce on cloud infrastructure.
To upload the Fastly VCL:
-
In the Fastly Configuration section, click Upload VCL to Fastly as the following figure shows.
-
After the upload completes, refresh the cache according to the notification at the top of the page.
Provision SSL/TLS certificates
ÃÛ¶¹ÊÓƵ provides a Domain-Validated Let’s Encrypt SSL/TLS certificate to serve secure HTTPS traffic from Fastly. ÃÛ¶¹ÊÓƵ provides one certificate for each Pro Production, Staging, and Starter Production environment to secure all domains in that environment. For detailed information about the certificate provided, see ÃÛ¶¹ÊÓƵ SSL (TLS) certificates for ÃÛ¶¹ÊÓƵ Commerce on cloud infrastructure.
To enable the SSL/TLS certificates for ÃÛ¶¹ÊÓƵ Commerce environments, ÃÛ¶¹ÊÓƵ automation completes the following steps:
- Validates domain ownership
- Provisions a Let’s Encrypt SSL/TLS certificate that covers specified top-level and subdomains for your stores
- Uploads the certificate to the Cloud environment when the site is live
This automation requires you to update the DNS configuration for your site to supply domain validation information. Use one of the following methods:
- DNS validation–For live sites, update your DNS configuration with CNAME records that point to the Fastly service
- ACME challenge CNAME records–Update your DNS configuration with ACME challenge CNAME records provided by ÃÛ¶¹ÊÓƵ for each domain in your environment
When domain validation completes, ÃÛ¶¹ÊÓƵ provisions the Let’s Encrypt TLS/SSL certificate, and uploads it to live Staging or Production environments. This process can take up to 12 hours. We recommend that you complete the DNS configuration updates several days in advance to prevent delays in site development and site launch.
Update DNS configuration with development settings
During the initial Fastly setup process, you can use the following URLs to configure and test Fastly caching in Staging and Production environments:
-
For Pro Staging and Production:
mcprod.<your-domain>.com
mcstaging.<your-domain>.com
-
For Starter Production only:
mcprod.<your-domain>.com
These default pre-production URLs are available after your project is provisioned. The value for "your-domain"
is the domain name you specified during the onboarding process.
To route traffic from your store URLs to the Fastly service update your DNS configuration. When you update the configuration, ÃÛ¶¹ÊÓƵ automatically provisions the required SSL/TLS certificates and uploads them to your Cloud environments. This provisioning can take up to 12 hours.
Prerequisites:
- Enable the Fastly module.
- Upload the default Fastly VCL code.
- Provide a list of top-level and subdomains for each environment to ÃÛ¶¹ÊÓƵ, or submit an ÃÛ¶¹ÊÓƵ Commerce Support ticket.
- Wait for confirmation that the specified domains have been added to your Cloud environments.
- On Starter projects, add the domains to your Fastly service configuration. See Manage domains.
- For information about updating the DNS configuration, check with your for the correct method for your domain service.
To update your DNS configuration for development:
-
Point pre-production URLs to the Fastly service by adding CNAME records:
prod.magentocloud.map.fastly.net
, for example:table 0-row-2 1-row-2 2-row-2 Domain or Subdomain CNAME mcprod.your-domain.com prod.magentocloud.map.fastly.net mcstaging.your-domain.com prod.magentocloud.map.fastly.net When the CNAME records are live, ÃÛ¶¹ÊÓƵ provisions certificates and uploads the SSL/TLS certificates.
note note NOTE If you plan to use apex domains ( your-domain.com
) for your Production site, you must configure DNS address records (A records) to point to the Fastly server IP addresses. See Update DNS configuration with production settings. -
Add ACME challenge CNAME records for domain validation and pre-provisioning of Production SSL/TLS certificates, for example:
table 0-row-2 1-row-2 2-row-2 3-row-2 4-row-2 Domain or Subdomain CNAME _acme-challenge.your-domain.com 0123456789abcdef.validation.magento.cloud _acme-challenge.www.your-domain.com 9573186429stuvwx.validation.magento.com _acme-challenge.mystore.your-domain.com 1234567898zxywvu.validation.magento.cloud _acme-challenge.subdomain.your-domain.com 1098765743lmnopq.validation.magento.cloud note note NOTE The ACME challenge records in this example are placeholders that are not intended to provision your ÃÛ¶¹ÊÓƵ Commerce staging and production sites. Get the correct ACME challenge record information for your project by contacting ÃÛ¶¹ÊÓƵ. After adding the CNAME records, ÃÛ¶¹ÊÓƵ validates the domains and provisions the SSL/TLS certificate for the environment. When you update the DNS configuration to route traffic from these domains to the Fastly service, ÃÛ¶¹ÊÓƵ uploads the certificate to the environment.
-
Update the ÃÛ¶¹ÊÓƵ Commerce Base URL.
-
Use SSH to log in to the Production environment.
code language-bash magento-cloud ssh
-
Use the Cloud CLI to change the base URL for your store.
code language-bash php bin/magento setup:store-config:set --base-url="https://mcstaging.your-domain.com/"
note note NOTE As an alternative to using the Cloud CLI, you can update the Base URL from the Admin -
-
Restart web browser.
-
Test your website.
Test Fastly caching
After you complete the DNS configuration changes, use the command-line tool to verify that Fastly cache is working.
To check the response headers:
-
In a terminal, use the following
curl
command to test your live site URL:code language-bash curl -vo /dev/null -H Fastly-Debug:1 https://<live-URL>
If you have not set a static route or completed the DNS configuration for the domains on your live site, use the
--resolve
flag, which bypasses DNS name resolution.code language-bash curl -vo /dev/null -H Fastly-Debug:1 --resolve <live-URL-hostname>:443:<live-IP-address>
-
In the response, verify the headers to ensure that Fastly is working. You should see following unique headers in the response:
code language-http < Fastly-Magento-VCL-Uploaded: yes < X-Cache: HIT, MISS
If the headers do not have the correct values, see Resolve errors found in the response headers for troubleshooting help.
Upgrade the Fastly module
Fastly updates the Fastly CDN for Magento 2 module to resolve issues, increase performance, and provide new features.
We recommend that you update the Fastly module in your Staging and Production environments to the .
After you update the module, you must upload the VCL code to apply the changes to the Fastly service configuration.
To check the version of Fastly CDN module for Magento 2:
-
Change to the root directory of your Cloud environment.
-
Use Composer to check the installed version.
code language-bash composer show *fastly*
-
If the is not installed, complete the steps to upgrade the Fastly module.
To upgrade the Fastly module:
-
In your local integration environment, use the following module information to upgrade the Fastly module.
code language-text module name: fastly/magento2 repository: https://github.com/fastly/fastly-magento2.git
-
Push your updates to the Staging environment.
-
Log in to the Admin for your Staging environment to upload the VCL code.
-
Verify Fastly services on the ÃÛ¶¹ÊÓƵ Commerce Staging site.
After you verify Fastly services on the Staging site, repeat the upgrade process in the Production environment.