Skip to content

How is Akamai config structured?

Details of this picture follow the picture

The following text was provided by Google Gemini 2.0. The pictures were drawn by Gary Zeien. The output was reviewed.

Please provide an explanation of this picture that includes details on the key objects in the picture, the relationships, and a summary of the key points being covered in this picture.

This diagram explains the relationship between DNS, Akamai, and certificate management for setting up a web application, emphasizing the crucial need for domain ownership verification at each step, especially for subdomains. Here's a breakdown:

Key Objects:

  • DNS Server: The Domain Name System server is responsible for translating human-readable domain names (like gyzsen.com) into IP addresses that computers use to communicate.
  • DNS Records: Entries in the DNS server that map domain names to IP addresses or other resources. Key types used here are:
    • CNAME (Canonical Name): Creates an alias. For example, dev.gyzsen.com might be a CNAME pointing to an Akamai edge hostname.
  • Domain Name: The human-readable name of a website (e.g., gyzsen.com).
  • Subdomain: A division of a domain name (e.g., api.gyzsen.com, dev.gyzsen.com).
  • Let's Encrypt: A Certificate Authority (CA) that provides free SSL/TLS certificates.
  • Certificate: A digital certificate that verifies the ownership of a domain and enables secure communication (HTTPS). It contains information like the domain name, issuer, and expiration date.
  • Akamai Edge: Akamai's Content Delivery Network (CDN), which distributes content globally to improve performance and availability.
  • "ION Standard" (Akamai Brand): A specific Akamai product or configuration related to web performance and security.
  • Config (Akamai): Configuration settings within Akamai that define how the CDN handles traffic for a specific domain.
  • Property Group (Akamai): A grouping mechanism in Akamai to organize related properties.
  • Property (Akamai): A specific configuration within Akamai for a domain or subdomain.
  • HostNames (Akamai): The domain names or subdomains that are managed by a particular Akamai property.
  • Cert (SAN - Subject Alternative Name): The SSL/TLS certificate used by Akamai. SANs allow a single certificate to secure multiple domain names or subdomains.
  • Edge Host Names (Akamai Generated): The Akamai-provided hostnames that are used as targets for CNAME records in DNS.
  • Origin Server: The server that hosts the actual web application content.
  • Origin Service Hostname: The hostname or IP address of the origin server.
  • Origin SSL Verify: Setting to verify the SSL certificate presented by the origin server.
  • Fwd Host Header: Setting to forward the original Host header from the client request to the origin server.
  • Cache Key Hostname: Setting to define how the cache key is generated based on the hostname.
  • Rules (Akamai): Configuration rules within Akamai for routing, caching, and other behaviors.
  • Actions (Akamai): The specific actions that Akamai takes based on the defined rules.

Relationships and Flow:

  1. Domain Ownership Verification (Promise and Prove): The central theme is the need to prove ownership of every domain and subdomain. This is done through DNS records (specifically by adding a TXT record provided by Let's Encrypt or Akamai).
  2. DNS Configuration:
    • The DNS server holds DNS records.
    • CNAME records are created in the DNS to point subdomains (e.g., dev.gyzsen.com, api.gyzsen.com) to Akamai edge hostnames (e.g., dev.garyzeien.com.edgekey.net).
    • These CNAME records are crucial for routing traffic through Akamai.
  3. Certificate Management (Let's Encrypt and Akamai):
    • Let's Encrypt is used to obtain SSL/TLS certificates.
    • These certificates (with SANs for multiple subdomains) are configured within Akamai. This ensures secure HTTPS connections between users and Akamai's edge servers.
  4. Akamai Configuration:
    • Akamai's "ION Standard" product is used.
    • Properties are created within Akamai to manage specific domains or subdomains.
    • Hostnames are associated with these properties.
    • Rules and actions are defined within the properties to control Akamai's behavior (e.g., caching, routing).
    • The origin server information (hostname, SSL verification settings, etc.) is configured within Akamai.
  5. Traffic Flow:
    • A user requests a subdomain (e.g., api.gyzsen.com).
    • The DNS server resolves the subdomain's CNAME record to the Akamai edge hostname.
    • The request is routed to Akamai's edge servers.
    • Akamai, using its configured rules and properties, handles the request, potentially caching content or forwarding the request to the origin server.
    • The response is returned to the user through Akamai.

Key Points:

  • Domain ownership verification is essential at each step. This is emphasized by the "Promise and Prove" section and the repeated mentions of proving ownership for each domain and subdomain.
  • CNAME records in DNS are crucial for directing traffic to Akamai.
  • SSL/TLS certificates are necessary for secure HTTPS communication.
  • Akamai's configuration defines how traffic is handled at the edge.
  • Each subdomain requires its own configuration within Akamai and a corresponding CNAME record in DNS.
  • The diagram highlights the need for manual updates to DNS records to enable proper routing.

In short, the diagram illustrates the setup process for using Akamai as a CDN, emphasizing the importance of domain ownership verification, proper DNS configuration, and certificate management for secure and efficient delivery of web content.

Last update: January 15, 2025
Back to top