Skip to main content

Affordable SSL CDN with AppEngine

Dominik Magoń PandaStream

At Panda we just switched our CDN from CloudFront to AppEngine to be able to support SSL on our cdn.pandastream.com domain. It means that for the uploader script can use the new URL:

<script src="//cdn.pandastream.com/u/1.4/jquery.panda-uploader.min.js" type="text/javascript"></script>

instead of:

<script src="//d21qbsp9m249bi.cloudfront.net/u/1.4/jquery.panda-uploader.min.js" type="text/javascript"></script>

It’s a detail. But at Panda we like to take care of details.

AppEngine is primarily meant to host applications but a lesser known feature is that it uses Google’s CDN to serve static assets. Once you have your app up and running you can tie it to a Google Apps domain and then add a SSL certificate to it.

At the moment the edge traffic is free on appengine so all this will just cost you the price of the VIP that’s used for SSL: $39 / month.

All this together makes it a great combo. In comparison, CloudFrount doesn’t support custom SSL certificates and Akamai asks for $1500.- just for the setup. The cheapest we found until now was MaxCDN that charges $39.- / zone / month.

Create your CDN

Sign up for appengine and create a new project.

Install the app-engine toolkit on your machine. On my mac: brew install google-app-engine

Create a new local folder and add an “app.yaml” in it:

---
application: your-cdn
version: 1
runtime: python27
api_version: 1
threadsafe: true
handlers:
- url: /u
  static_dir: u

Then put some files in the u/ sub-folder. You might want to make it a git repo too but it’s up to you.

Push your code: appcfg.py update . (add —oauth2 if you use 2-factor auth)

Now your content should be available at http://your-cdn.appspot.com/u/…

Custom domain and SSL

You need to have Google Apps setup for that domain and billing setup to pay for the SSL options. And a SSL certificate. You can obtain free SSL certificates at StartSSL

First you need to tie the app to the domain. For that go to the “Application settings” page in your app and click to “Add domain”. Follow the instructions.

For SSL, the VIP option (you want this one if you’re targeting IE8 or less) is only available after the first charge on the credit card. To generate some billing sum you can install the SNI version in the mean-time.

Back in a month, create a VIP, tie to domain. Done.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.