Edge Services - Quickstart

Edge Services is an additional feature for Scaleway Load Balancers and Object Storage buckets. It provides:

• A caching service to improve performance by reducing load on your origin
• A Web Application Firewall (WAF) to protect your origin from threats and malicious activity
• A customizable and secure endpoint for accessing content via Edge Services, which can be set to a subdomain of your choice

To use Edge Services, you must take out a subscription plan, which then enables you to create a certain number of Edge Services pipelines towards your Load Balancer origins or Object Storage buckets.

Before you startLink to this anchor

To complete the actions presented below, you must have:

• A Scaleway account logged into the console
• Owner status or IAM permissions allowing you to perform actions in the intended Organization
• Created either a Load Balancer or an Object Storage bucket

How to subscribe to Edge ServicesLink to this anchor

To use Edge Services, you must subscribe to a pricing plan. Within its monthly price, each pricing plan includes a fixed number of pipelines, and a certain amount of egress cache data. Any consumption that exceeds the limits of the plan is charged at an additional rate.

Find out more about how Edge Service subscription plans and billing works on our Understanding Edge Services pricing page, or follow the steps below to subscribe.

1. Click Edge Services in the Network section of the Scaleway console side menu.

2. Click Subscribe to Edge Services. Information about available pricing plans is displayed.

3. Select a plan, and click Subscribe to Edge Services.

   Your subscription is created, and you are returned to the Edge Services dashboard, on the Pipelines tab. All your Edge Services pipelines will display here.

   On the Plans tab you can view your current subscription plan, and your Edge Services consumption in relation to your plan’s limits on pipelines, cache and WAF.

How to create an Edge Services pipelineLink to this anchor

You can create pipelines for either Object Storage buckets or Load Balancer origins.

1. Click Edge Services in the Network section of the Scaleway console side menu.

2. Click Create pipeline. The pipeline creation wizard displays.

3. Choose an origin type, the type of resource which Edge Services will connect to to fetch content to serve. This can either be Load Balancer or Object Storage.

   Follow the steps below depending on whether you are creating a Load Balancer or Object Storage pipeline.
   

   • Load Balancer
   • Object Storage
   

   4. Configure the origin for this pipeline:

      • Select Load Balancer as the origin type.
      • Select the origin Load Balancer from the dropdown list. The Edge Services pipeline will connect to this Load Balancer when requesting content.
      • Select a frontend associated with the origin Load Balancer from the dropdown list. The Edge Services pipeline will connect to the Load Balancer on this port when requesting content. We recommend that you select an HTTPS port, e.g. 443. Note that if you are creating multiple pipelines for the same origin Load Balancer, each one must be configured for a different frontend.
      Tip

      For Kubernetes Load Balancers, see our dedicated documentation for help selecting the correct Load Balancer and frontend.

   5. Define the protocol and origin host for this pipeline:

      • Select the protocol that Edge Services should use when making requests to the origin, either HTTP or HTTPS (recommended). Choose the protocol that corresponds with your Load Balancer setup.
      • Optionally, enter an origin host associated with your Load Balancer for this pipeline. When specified, this host replaces the Load Balancer IP address in the HTTP Host Header of the requests made from Edge Services to your Load Balancer.

   6. Enter a name for this Edge Services pipeline, or leave the auto-generated name in place.

   7. Optionally, configure Advanced Settings:

      • Cache: When enabled, content from your Load Balancer origin is cached with Edge Services and served directly to users from Edge Services’ servers. Set a Lifetime value, in seconds, to dictate how long objects should remain in the cache before being freshly retrieved from the origin. Find out more about caching.
      • WAF: When enabled, requests to your Load Balancer origin are evaluated by a Web Application Firewall. Malicious requests are blocked or logged, depending on your settings. Set a paranoia level to determine WAF’s aggressivity, and a mode (block or log) for dealing with malicious requests. Find out more about WAF.

   8. Check the summary cost for the pipeline, and click Create Edge Services pipeline.

   You are returned to the Pipelines tab, where the newly created pipeline now displays. Click on the pipeline to go to its Overview page and start configuration.

How to configure a custom domainLink to this anchor

If you already own a domain, you can customize an Edge Services pipeline endpoint with a subdomain of your choice, e.g. subdomain.mydomain.com. This means you can access your Object Storage bucket or Load Balancer origin through Edge Services via your own subdomain rather than the standardized Edge Services endpoint.

1. In the Scaleway console, navigate to the Edge Services dashboard for the Object Storage bucket or Load Balancer pipeline whose domain you want to customize:

   

2. In the Endpoint panel, click Configure domain. The following screen displays:

   

3. Set a subdomain from which your Object Storage bucket or Load Balancer origin will be accessible via its Edge Services pipeline. You must already own the primary domain. For example, if you own beautiful-domain.com, choose any subdomain you like and enter my-chosen-subdomain.beautiful-domain.com into the box.

   Important

   It is not possible to use only a root domain (aka primary domain or apex domain), you must use a subdomain. This is because CNAME records, essential to point your domain to your Edge Services endpoint, cannot by definition be created for root domains, only for subdomains. For example, ✅ Use: blog.mywebsite.com ❌ Don’t use: mywebsite.com.

4. This step depends on whether the domain used in the previous step is managed with Scaleway Domains and DNS, or an external domain provider. Choose the appropriate tab below.

   • Domains and DNS
   • External provider

   The domain you are using for Edge Services is considered to be managed with Scaleway Domains and DNS if:

   • You registered the domain with Domains and DNS, or
   • You transferred an externally-registered domain to Domains and DNS

   If either of the above is true, Scaleway will auto-detect that the domain is managed by Domains and DNS, and a message will display confirming that you do not need to create a CNAME record. We will auto-generate the appropriate CNAME record in your domain’s DNS records, to point your subdomain to the Edge Services endpoint. This record is generated when you click Customize domain in step 6.

   You should not attempt to modify or delete the CNAME record, which will be visible among your DNS records in the Scaleway console.

5. Provide an SSL/TLS certificate for your subdomain so that Edge Services can serve traffic for it over HTTPS. You have three options for this:

   • Generate a free Let’s Encrypt certificate, managed by Scaleway, including automatic renewals.
   • Select an existing certificate that you have stored in Scaleway Secret Manager.
   • Manually import a certificate into Scaleway Secret Manager:
     • Enter a name for your certificate (alphanumeric characters only)
     • Optionally, add tags by typing each tag and then pressing enter
     • Copy and paste the full PEM-formatted certificate chain into the box. Your certificate will be automatically stored in Secret Manager and billed accordingly.
   Tip

   For help with SSL/TLS certificates for Edge Services, and/or dealing with any errors you encounter importing a certificate into Secret Manager, see our dedicated documentation.

6. Click Customize domain to finish.

Your customized domain is set up, and you are returned to the Edge Services dashboard. The customized domain displays in the Endpoint panel. When you access your Object Storage or Load Balancer origin through this domain, its content will be served via Edge Services.

How to configure caching and WAFLink to this anchor

Enabling a cache and/or a Web Application Firewall on your Edge Services pipeline are both optional steps.

• Enabling a cache means that Edge Services stores copies of files from your origin, and can serve them directly to users from this cache rather then fetching them freshly from your bucket or Load Balancer origin each time. This reduces load on your origin and can improve performance. Find out how to configure a cache

• Enabling WAF means that Edge Services can filter out and block potentially malicious requests to your origin. You can choose the paranoia level to be used when evaluating requests, and set exclusions to define traffic that shouldn’t be filtered by WAF. Find out how to configure WAF

How to delete an Edge Services pipelineLink to this anchor

1. Click Edge Services in the Network section of the Scaleway console side menu. The Pipelines tab displays.

2. Click the pipeline that you want to delete. You are taken to the pipeline’s Overview page.

3. In the Delete Edge Services pipeline panel at the bottom of the screen, click Delete Edge Services pipeline.

   A pop-up displays, asking you to confirm that you want to delete the pipeline.

   • The Load Balancer/Object Storage bucket will no longer be accessible via its Edge Services endpoint, or any customized domains pointing to this endpoint.
   • Any files stored in the Edge Services cache will be removed.
   Tip

   If you customized your pipeline’s domain, remember to:

   • Delete any CNAME records created for this pipeline from your domain provider, unless your domain is managed with Scaleway Domains and DNS, in which case we take care of deletion for you.
   • Delete any SSL/TLS certificates you imported into Secret Manager for this pipeline (if no longer required elsewhere), so that you are no longer billed for them. If you generated a managed Let’s Encrypt certificate however, Scaleway takes care of the deletion for you.

4. Click Confirm.

   The Edge Services pipeline is deleted. You can create a new pipeline for this origin at any time, but you will need to reconfigure your custom domain, and the cache will initially be empty.

How to terminate an Edge Services subscriptionLink to this anchor

You can terminate your Edge Services subscription at any time, as long as you have deleted all your pipelines. You will be charged pro-rata for the month you cancel, based on how many days in that month your subscription was active.

1. Click Edge Services in the Network section of the Scaleway console side menu. Your Edge Services dashboard displays.

2. Click the Plans tab. An overview of your current plan displays, along with options to manage your plan or terminate your subscription.

3. Scroll down to the Terminate subscription section, and click Terminate subscription.

   A pop-up displays, asking you to confirm that you want to terminate your subscription.

4. Type DELETE in the box, and click Terminate to confirm.

   Your Edge Services subscription is terminated. You can subscribe again at any time.