Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Cache] Adds section for cache interaction with other products #17590

Merged
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion public/_redirects
Original file line number Diff line number Diff line change
Expand Up @@ -211,7 +211,8 @@
/cache/about/ /cache/concepts/ 301
/cache/concepts/enable-http2-to-origin/ /speed/optimization/protocol/http2-to-origin/ 301
/cache/how-to/enable-http2-to-origin/ /speed/optimization/protocol/http2-to-origin/ 301
/cache/how-to/interact-with-workers/ /cache/concepts/interact-with-workers/ 301
/cache/how-to/interact-with-workers/ /cache/interaction-cloudflare-products/workers/ 301
/cache/concepts/interact-with-workers/ /cache/interaction-cloudflare-products/workers/ 301
/cache/best-practices/cache-behavior/ /cache/concepts/cache-behavior/ 301
/cache/best-practices/customize-cache/ /cache/concepts/customize-cache/ 301
/cache/best-practices/ /cache/concepts/ 301
Expand Down
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
17 changes: 0 additions & 17 deletions src/content/docs/cache/concepts/interact-with-workers.mdx

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,6 @@ The time window that an object should be considered safe for a cache to use is d

* Include [Origin Cache Control](/cache/concepts/cache-control/) or [CDN Cache Control](/cache/concepts/cache-control/) directives, like `max-age` or `s-maxage`, in the origin cache-control response header.

* Use [Cache Rules](/cache/how-to/cache-rules/) or [Workers](/cache/concepts/interact-with-workers/).
* Use [Cache Rules](/cache/how-to/cache-rules/) or [Workers](/cache/interaction-cloudflare-products/workers/).

If an object in cache is no longer fresh and Cloudflare receives a request for it, we ask the origin to revalidate the object we have in cache. The Origin can then either send a new version of the object which will replace the old in cache, or tell us the object we have is valid and to refresh its TTL. This revalidation will happen any time an object’s retention period is greater than its freshness period.
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
pcx_content_type: navigation
title: Interaction with Cloudflare products
sidebar:
order: 11
group:
hideIndex: true

---

import { DirectoryListing } from "~/components"

Review the following topics to learn more about how Cache interacts with other Cloudflare products.

<DirectoryListing />
26 changes: 26 additions & 0 deletions src/content/docs/cache/interaction-cloudflare-products/r2.mdx
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
---
pcx_content_type: how-to
title: Enable cache in an R2 bucket
sidebar:
order: 2
head:
- tag: title
content: Enable cache in an R2 bucket

---

To enable edge caching for a [Cloudflare R2](/r2/) bucket, make sure your bucket is public and accessible by the Cache. This can be done by creating a [Custom domain](/r2/buckets/public-buckets/#custom-domains). Follow these steps to set up a Custom Domain for your bucket:
angelampcosta marked this conversation as resolved.
Show resolved Hide resolved

1. Go to **R2** and select your bucket.
2. On the bucket page, select **Settings**.
3. Under **Public access** > **Custom Domains**, select **Connect Domain**.
4. Enter the domain name you want to connect to and select **Continue**.
5. Review the new record that will be added to the DNS table and select **Connect Domain**.

This will generate a publicly available CNAME in the format `[name].domain.com`.

## Additional considerations

- Apply access controls to your newly public bucket. Refer to [Control cache access with WAF and Snippets](/cache/interaction-cloudflare-products/waf-snippets/) for more information.
- Be aware of the [cacheable size limits](/cache/concepts/default-cache-behavior/#cacheable-size-limits) for files.
- Note that caching of R2 buckets does not support Tiered Cache.
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
---
pcx_content_type: how-to
title: Control cache access with WAF and Snippets
sidebar:
order: 3
head:
- tag: title
content: Control cache access with WAF and Snippets

---

To limit access to the public bucket created for caching content, you can use Cloudflare's [WAF](/waf/custom-rules/use-cases/configure-token-authentication/). The WAF provides an additional security layer to filter requests and ensure that only authorized traffic reaches your bucket.

The following diagram illustrates the flow of a user's request through WAF, Cache, and R2.

```mermaid
flowchart LR
accTitle: Connections with Cloudflare
A[User's request] --> B[WAF] --> C[Cache] --> D[R2]
```

<br/>

The WAF product uses token authentication to either sign or authenticate a request. You can then use this in either Workers or Snippets to control access.

## Presigned URLs

You can presign URLs similar to [S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-presigned-url.html), enabling you to share direct access to your content with a with an associated timeout. This approach can be implemented using a combination of Snippets, Rules, or Cloudflare Workers.

For optimal performance, we recommend separating the creation and validation processes as follows:

- [Snippets](/rules/snippets/examples/signing-requests/) for HMAC creation
- [Rules](/ruleset-engine/rules-language/functions/#hmac-validation) for HMAC validation

In the Workers documentation, in the section [Signing requests](/workers/examples/signing-requests/), you can also find an example of how to verify a signed request using the HMAC.
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
---
pcx_content_type: how-to
title: Customize cache behavior with Workers
sidebar:
order: 1
head:
- tag: title
content: Customize cache behavior with Workers

---

You can use [Workers](/workers/) to customize cache behavior on Cloudflare's CDN. Cloudflare Workers provide flexibility in handling assets and responses by running both before and after the cache. A Worker can be configured to run before a request reaches the cache, allowing for modifications to the request, and it can also be used to modify assets once they are returned from the cache.

The diagram below illustrates a common interaction flow between Workers and Cache.

![Workers and cache flow example flow diagram.](~/assets/images/cache/workers-cache-flow.png)

1. A User (a) Requests a URI, and this request is directed to a Worker. The Worker can then interact with the request, either requesting the content further upstream using (b) fetch() or sending a (f) Response back to the User.
2. If the content is cached, the Cache will send a (e) Response back to the Worker which can now interact with the response before sending a (f) Response back to the user.

Here are a few examples of how Workers can be used to customize cache behavior:

- **Modify Response**: Adjust or enhance content after it is retrieved from the cache, ensuring that responses are up-to-date or tailored to specific needs.

- **Signed URLs**: Generate URLs that are valid for a specific duration (for example, minutes, hours, days) to control access and enhance security.

- **Personalized Response**: Deliver personalized content based on user data while leveraging cached resources to reduce the load on the origin.

- **Reduce Latency**: Serve content from a location close to the user, decreasing load times and improving the user experience.

You can also use [Snippets](/rules/snippets/) as a low-cost alternative for simple modifications and logic, bypassing the need for full Worker scripts. These lightweight scripts enable quick adjustments and optimizations, offering an efficient way to enhance your Cloudflare setup without the complexity and overhead of more extensive code deployments.

:::note
When using Workers and [Orange-to-Orange (O2O)](/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/how-it-works/), some caveats and limitations may apply.
:::

## Cache features in Workers

- **fetch()**: Allows interaction with Cloudflare's Cache and Tiered Cache, providing control over how requests are handled. To optimize caching behavior, you can set TTLs, define custom cache keys, and configure cache headers directly within a fetch request. For more details on these configurations, refer to [Cache using fetch](/workers/examples/cache-using-fetch/).

- **Cache API**: Enables storing and retrieving responses from Cloudflare's cache, limited to the cache in the local data center and excluding content stored in the Tiered Cache. To use the Cache API to store responses in Cloudflare's cache, refer to [Using the Cache API](/workers/examples/cache-api/).

To understand more about how Cache and Workers interact refer to [Cache in Workers](/workers/reference/how-the-cache-works/).
Loading