CDN features and options
Last updated on
This document details the core features and configurations available within the STACKIT Content Delivery Network (CDN).
Feature overview & availability
Section titled “Feature overview & availability”The following table outlines which STACKIT CDN features are currently available and which are still being developed:
| Feature | API | SDK | Terraform/OpenTofu | Portal |
|---|---|---|---|---|
| Create/delete distribution | Available | Available | Available | Available |
| IP/URL origin | Available | Available | Available | Available |
| Bucket origin | Available | Available | Available | WIP |
| Managed domain | Available | Available | Available | Available |
| Custom domain | Available | Available | Available | Available |
| Zero downtime migration | Available | Available | WIP | WIP |
| Managed certificate | Available | Available | Available | Available |
| Custom certificate | Available | Available | Available | Available |
| Monthly bandwidth limit | Available | Available | WIP | WIP |
| Origin request headers | Available | Available | Available | Available |
| Forward host headers | WIP | WIP | WIP | WIP |
| Redirects | Available | Available | WIP | WIP |
| Strip response cookies | WIP | WIP | WIP | WIP |
| Enable/disable TLS versions | WIP | WIP | WIP | WIP |
| Geoblocking | Available | Available | WIP | Available |
| Geofencing | Available | Available | Available | WIP |
| Cache default TTL | Available | Available | WIP | WIP |
| Cache purge | Available | Available | WIP | Available |
| Image Optimizer | Available | Available | Available | Available |
| Built-in log storage | Available | Available | WIP | Available |
| Log sinks | Available | Available | WIP | WIP |
| Metrics | Available | Available | WIP | Available |
| Regions | Available | Available | Available | Available |
Source (origins and backends)
Section titled “Source (origins and backends)”The origin is the definitive source of your content. The STACKIT CDN fetches resources from the origin when they are not in the edge cache or when edge delivery rules exclude them.
There are two backend types available:
- HTTP backend: Connects to any publicly accessible web server via a URL or IP.
- Bucket backend: Specifically designed for S3-compatible storage. It allows the CDN to use stored credentials (access key ID and secret key) to fetch private assets securely.
Domains
Section titled “Domains”Every CDN distribution automatically receives a managed STACKIT subdomain. To use your own branding, you can configure custom domains alongside of the managed domain.
Managed domains
Section titled “Managed domains”By default, STACKIT assigns a subdomain to your distribution as the primary entry point for your website.
This domain follows the format: {uid}.{internal-dns-zone}.cdn.onstackit.cloud
Custom domains
Section titled “Custom domains”You can map your own domain (for example, shop.example.com) to a distribution.
You can also link multiple custom domains to a single distribution.
To set up a custom domain:
- Create a DNS CNAME record that points your domain to the managed STACKIT CDN domain.
- Wait for the DNS record to propagate globally.
- Add the custom domain to your distribution configuration.
Zero-downtime migration
Section titled “Zero-downtime migration”If you are migrating a domain currently in production, use the skipDnsCheck flag during setup.
This allows STACKIT to provision SSL certificates before you switch your DNS records, preventing service interruptions.
Certificates
Section titled “Certificates”All domains require SSL/TLS certificates for security. STACKIT provides two management options:
- Managed certificates: By default, STACKIT provisions and automatically renews Let’s Encrypt certificates for your managed domains. You can enable this feature for custom domains to automate the certificate lifecycle.
- Custom certificates: For specific compliance requirements, you can upload your own PEM-encoded certificates and private keys. These certificates are unmanaged, meaning you must rotate them manually. STACKIT does not send notifications before they expire.
Monthly bandwidth limit
Section titled “Monthly bandwidth limit”To help control costs and prevent unexpected traffic spikes from exceeding your budget, you can set a monthly bandwidth limit.
- Configuration: Define the maximum amount of bandwidth in bytes (
monthlyLimitBytes) that the distribution is allowed to consume within a single calendar month. - Limit enforcement: Once the monthly data or request limit is reached, the distribution automatically suspends service and serves an error page to all requesters until the next billing cycle begins or the limit is manually increased. During this suspension, the CDN stops forwarding all traffic to your origin.
Edge delivery rules
Section titled “Edge delivery rules”Edge delivery rules allow you to manipulate how traffic is handled at the edge before it reaches the user or your origin.
Origin request headers
Section titled “Origin request headers”To identify traffic sources and manage backend communication, you can configure custom headers that the CDN includes in every request sent to your origin. This is particularly useful for identifying traffic coming specifically from the CDN or providing basic authentication tokens required by your backend. However, because these headers are stored as plain text, you should avoid using them for high-stakes secrets.
Redirects
Section titled “Redirects”Force users to new locations using standard HTTP status codes.
- Supported codes:
301(Permanent),302(Found),307(Temporary), or308(Permanent). - Matchers: Rules use glob patterns (e.g.,
/shop/*) to trigger redirects based on the request path.
Security: Geoblocking and geofencing
Section titled “Security: Geoblocking and geofencing”Control access to your content based on user geographic location.
| Feature | Action | Implementation level |
|---|---|---|
| Geoblocking (regional) | Blocks traffic from specific countries or continents by null-routing or gateway blocking. | DNS or network level |
| Geoblocking (IP) | Blocks specific IP addresses or CIDR ranges using security rules. | Edge or PoP level (ACL/WAF) |
| Geofencing | Redirects users or selects different origins based on the Cdn-RequestCountryCode header. | Edge rule or application level |
The STACKIT CDN accelerates content delivery by storing copies of your assets in edge locations across your selected regions (EU, US, AF, SA, ASIA). This reduces latency and minimizes the load on your origin server.
Default cache duration (TTL)
Section titled “Default cache duration (TTL)”The time to live (TTL) determines how long an asset remains in the CDN cache before it is considered stale and must be fetched again from your origin.
- Origin headers: By default, the CDN respects cache-control headers sent by your origin server.
- Custom default TTL: If your origin does not provide a cache-control header, the CDN applies the default cache duration defined in your distribution configuration.
When you update content at your origin, the CDN may still serve the older version until the TTL expires. To force the CDN to fetch the latest version immediately, you must perform a manual purge.
There are different purge strategies available:
- Full purge: Invalidates the entire cache for the distribution. While effective, a full purge for a large website can cause a “cache stampede,” where a massive volume of simultaneous requests hits your origin server to repopulate the cache.
- Granular (Path-based) Purge: Invalidates only a specific path (e.g.,
/static/styles.css). This is the recommended approach for most updates, as it maintains the cache for unaffected assets and reduces the load on your origin.
To optimize your caching strategy, use the logging tools of STACKIT CDN to identify which assets are served from cache versus those causing origin pressure.
Image Optimizer
Section titled “Image Optimizer”The Image Optimizer is a feature designed to dynamically enhance your media assets at the edge.
It provides real-time, on-the-fly image manipulation and optimization. By automatically compressing, resizing, and formatting your images before they reach the end user, the Image Optimizer ensures faster image delivery, drastically reducing bandwidth consumption and improving overall page load times.
Logging and monitoring
Section titled “Logging and monitoring”STACKIT CDN provides logging and monitoring tools to help you analyze traffic, investigate security events, and optimize performance. You can access this data through the STACKIT interfaces or by streaming it to an external destination.
Built-in log storage
Section titled “Built-in log storage”By default, STACKIT CDN stores the 10 000 most recent log entries from the past hour. You can query these logs directly via the API to perform quick troubleshooting or traffic analysis. A log entry contains the following information:
| Field | Description |
|---|---|
| Status | The HTTP status code returned to the client (e.g., 200, 404). |
| Timestamp | The exact date and time (UTC) the request was processed. |
| Remote country | The ISO 3166-1 alpha-2 country code where the request originated. |
| Cache | Indicates if the request was a HIT (served from cache) or a MISS (fetched from origin). |
| Size | The total volume of data transferred in the response, measured in bytes. |
| Data center | The identifier of the specific CDN edge location that handled the request. A list of data centers is available here. |
| Path | The URL path of the requested resource. |
Log sinks
Section titled “Log sinks”If you require retention longer than one hour or need to store more than 10 000 entries, configure a log sink. A log sink exports your logs to an external observability platform in real time.
Currently, STACKIT CDN supports Grafana Loki as a log sink destination.
Depending on the traffic your distribution receives, the volume of log data can grow rapidly. Ensure your external logging infrastructure is scaled to handle the expected ingestion rate and storage requirements.
Metrics
Section titled “Metrics”In addition to granular logs, STACKIT CDN provides high-level metrics to monitor the health and efficiency of your distribution.
- Cache hit ratio: Cache Hit Ratio: The percentage of requests served from the edge cache versus the origin. Aim for 80%-95%+ for static sites. A low ratio often suggests restrictive cache-control headers or excessive cache purging.
- Total usage: The total traffic volume (in bytes) processed by your distribution. Use this to monitor bandwidth consumption and forecast costs.
- Regional breakdown: Usage segmented by geographic region (e.g., EU, US, ASIA). This helps identify the location of your audience to optimize regional settings.
Billing and costs
Section titled “Billing and costs”STACKIT uses a transparent pricing model. There are no fees for HTTP/HTTPS requests or feature activations.
Pay-per-use
Section titled “Pay-per-use”Costs are based exclusively on outbound data transfer (traffic).
- Core principle: You are billed only for the traffic delivered from the CDN edge locations to your end users.
- No request fees: There are no transaction-based costs, regardless of the volume of incoming HTTP/HTTPS requests.
- Free ingress: Data transfer from your origin server to the STACKIT Network is free.
- Included features: Capabilities like managed SSL certificates (Let’s Encrypt) and cache purging are included by default.
Global pricing zones
Section titled “Global pricing zones”Billing is calculated automatically based on the region of the user requesting the data.
| Region | Abbreviation | Billing |
|---|---|---|
| Europe | EU | Price per MB |
| North America | US | Price per MB |
| Asia & Oceania | ASIA | Price per MB |
| South America | SA | Price per MB |
| Africa | AF | Price per MB |
STACKIT CDN Optimizer
Section titled “STACKIT CDN Optimizer”The CDN Optimizer automatically improves website performance through image compression and real-time optimization.
- Hourly billing: You are billed only for the periods when the Optimizer is active for your distribution.
- Cost cap: Monthly costs for the Optimizer are capped. Once the maximum amount is reached in a given month, you can use the Optimizer for the remainder of the billing cycle at no additional cost.
For exact prices per MB for each region and the monthly cost cap of the Optimizer, see the STACKIT pricing list.