Basics
- About the web interface controls
- Always-on DDoS mitigation
- Browser recommendations when using the Fastly web interface
- Content and its delivery
- Fastly POP locations
- Getting started with Fastly
- How caching and CDNs work
- How Fastly's CDN Service works
- HTTP status codes cached by default
- Self-provisioned Fastly services
- Sign up and create your first service
- Working with services
Domains & Origins
Performance
Basics
Dictionaries
Domains & Origins
- Changing origins based on user location
- Connecting to origins
- Enabling global POPs
- Failover configuration
- IPv6 support
- Maintaining separate HTTP and HTTPS requests to origin servers
- Routing assets to different origins
- Setting up redundant origin servers
- Specifying an override host
- Using Fastly with apex domains
Request settings
Cache settings
Headers
Responses
Performance
- About Dynamic Servers
- Cache control tutorial
- Caching configuration best practices
- Controlling caching
- Creating and using pools with Dynamic Servers
- Creating and using server entries with Dynamic Servers
- Enabling API caching
- Enabling automatic gzipping
- Failure modes with large files
- HTTP/2 server push
- Implementing API cache control
- Making query strings agnostic
- Request collapsing
- Segmented Caching
- Serving stale content
- Setting Surrogate-Key headers based on a URL
- Setting Surrogate-Key headers for Amazon S3 origins
- Streaming Miss
Purging
Custom VCL
- Accept-Language header VCL features
- Authenticating before returning a request
- Basic authentication
- Creating location-based tagging
- Custom responses that don't hit origin servers
- Delivering different content to different devices
- Enabling URL token validation
- Guide to VCL
- Isolating header values without regular expressions
- Manipulating the cache key
- IP geolocation variables: Migrating to the new dataset
- Overriding which IP address the geolocation features use
- Response Cookie handling
- Support for the Edge-Control header
- Understanding the different PASS action behaviors
- Using edge side includes (ESI)
- VCL regular expression cheat sheet
Image optimization
Video
Access Control Lists
Monitoring and testing
Securing communications
Security measures
TLS
- Domain validation for TLS certificates
- Enabling HSTS through Fastly
- Forcing a TLS redirect
- Managing domains on TLS certificates
- Serving HTTPS traffic using certificates you manage
- Serving HTTPS traffic using Fastly-managed certificates
- Setting up free TLS
- TLS key and certificate replacement
- TLS termination
Web Application Firewall
Logging endpoints
- Log streaming: Amazon S3
- Log streaming: Microsoft Azure Blob Storage
- Log streaming: Cloud Files
- Log streaming: Datadog
- Log streaming: DigitalOcean Spaces
- Log streaming: Elasticsearch
- Log streaming: FTP
- Log streaming: Google BigQuery
- Log streaming: Google Cloud Storage
- Log streaming: Honeycomb
- Log streaming: Kafka
- Log streaming: Log Shuttle
- Log streaming: LogDNA
- Log streaming: Logentries
- Log streaming: Loggly
- Log streaming: Heroku's Logplex
- Log streaming: OpenStack
- Log streaming: Papertrail
- Log streaming: Scalyr
- Log streaming: SFTP
- Log streaming: Splunk
- Log streaming: Sumo Logic
- Log streaming: Syslog
Non-Fastly services
Streaming logs
Debugging techniques
Common errors
Account management
Billing
User access and control
Setting up free TLS
Last updated October 09, 2018
Customers can use our free TLS option to add TLS to a website or application using a shared Fastly domain (e.g., your-name.global.ssl.fastly.net
).
Before you begin
Before you begin setting up free TLS, understand the following:
- Free TLS uses a shared domain name and may not be suitable for a production environment if the domain name you use matters. For that, you'll need a paid TLS option.
- When using free TLS, you cannot DNS alias your own domain (for example,
www.example.org
) to the shared domain. If you do, a TLS name mismatch warning will appear in the browser. The only way to avoid the mismatch error is to order a paid TLS option. - When using free TLS, all traffic is routed through Fastly's entire global network. If you need the ability to route traffic through specific POPs, order a paid TLS option.
Setting up free TLS for the first time
Follow the steps below to set up free TLS:
- Log in to the Fastly web interface and click the Configure link.
- From the service menu, select the appropriate service.
- Click the Edit configuration button and then select Clone active. The Domains page appears.
-
Click the Create domain button. The Create a domain page appears.
- Fill out the Create a domain fields as follows:
- In the Domain Name field, type
<name>.global.ssl.fastly.net
, where<name>
is a single word that claims the domain you're creating. You can't use a dot-separated name (e.g.,www.example.org.global.ssl.fastly.net
) because TLS certificates don't support nesting. If the name you choose has already been claimed, you will need to pick a different one. - In the Comment field, type a human-readable name for the domain. This name appears in the Fastly web interface.
- In the Domain Name field, type
- Click the Create button to save the domain. The new domain appears in the list of domains.
- Click the Activate button to deploy your configuration changes.
Once you've set up free TLS, you'll be able to access your host domain via the https://<name>.global.ssl.fastly.net/
URL. You won't need to add CNAME records to use the shared domain certificate.
Support for HTTP/2, IPv6, and TLS 1.2
Your <name>.global.ssl.fastly.net
domain name currently supports the HTTP/1.x protocols and IPv4 network addresses on Fastly's free shared domain TLS wildcard certificate. TLS 1.0, 1.1, and 1.2 are all supported.
To test HTTP/2, you can use <name>.freetls.fastly.net
, which is automatically made available for all Fastly free TLS services. For example, if you used example.global.ssl.fastly.net
during setup, Fastly automatically created example.freetls.fastly.net
with support for HTTP/2 and HTTP/1.1, as well as support for IPv6 and IPv4 network addresses. Names ending in .freetls.fastly.net
require TLS 1.2.
NOTE: As noted in the previous section, you can't use a dot-separated name (e.g., www.example.org.freetls.fastly.net
) because TLS certificates don't support nesting. If you experience problems testing your domain name with freetls.fastly.net
, verify that <name>
in <name>.freetls.fastly.net
is a single word that doesn't contain dots.