Contact UsGet started

Editing the basic settings of a resource

Written by
Updated at October 28, 2024

To edit the basic settings of a resource:

  1. In the management console, select the folder where your resource is located.

  2. Select Cloud CDN.

  3. Click the resource name.

  4. In the top-right corner, click Edit.

  5. Edit the resource settings.

    Warning

    You cannot change the primary domain name used for content distribution.

    • To configure a TLS certificate for a CDN resource, in the Certificate type field, select one of the options:

      • Don't use: Resource will only be available over HTTP.

      • Certificate from Certificate Manager: Select a certificate. The resource will be available over HTTP and HTTPS.

        Note

        We no longer support the automatic issue of Let's Encrypt® certificates for CDN resources.

        Certificates from Yandex Certificate Manager are supported. You can issue a new Let's Encrypt® certificate or upload one of your own.

        The certificate must be located in the same folder as your CDN resource.

      For more information, see Configuring TLS certificates for HTTPS connections between clients and the CDN.

    • To enable request redirection on a CDN resource:

      1. Enable Redirecting requests.

      2. In the Rewrite rule field, set a rule, e.g., /(.*) /new-folder/$1.

        A rewrite rule must contain two space-separated directives: the original path you need to replace, and the edited path, which replaces the original path.

        You can use regular expressions in the rule. For more information, see Rewrite rule.

      3. In the Flag field, specify the required flag:

        • break: Terminates the processing of the current set of directives.
        • last: Terminates the processing of the current set of directives and starts searching for a new CDN server that matches the new URI.
        • redirect: Returns a temporary redirect with the 302 status code to the user. This flag is used if the replacement string does not start with http://, https://, or $scheme.
        • permanent: Returns a permanent redirect with the 301 status code to the user.

    • To restrict access to resource content with secure tokens, enable Access via secure token:

      • Specify a Secret key that is a string of 6 to 32 characters. You will need a secret key to generate pre-signed URLs.

        You can view the secret key you saved in the management console or using the yc cdn resource list CLI command.

      • Use the Limit access by IP address field to restrict access to content by IP address:

        • Only trusted IP addresses: Access to files will be allowed only from a specific IP address of the content recipient. The IP address is specified as a parameter outside a CDN resource when generating an MD5 hash for a pre-signed URL.
        • No restrictions: Access to files will be allowed from any IP address.

      To restrict access to resource content using an IP-based access policy, enable IP-based access:

      • Select the type of access policy:

        • Allow all except: Allowing policy. Access to the resource content will be allowed for any IP addresses other than those specified below.
        • Block all except: Blocking policy. Access to the resource content will be denied for any IP addresses other than those specified below.

      • In the List of IP addresses field, specify the list of IP addresses excluded from the above access policy.

        You must specify IP addresses with a subnet prefix in CIDR notation separated by commas. For example: 192.168.3.2/32, 192.168.17.0/24.

      For more information, see Setting up access via a secure token.

  6. Click Save.

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. View the description of the CLI update resource command:

    yc cdn resource update --help

  2. Get a list of all resources in the default folder:

    yc cdn resource list --format yaml

    Result:

    id: s0me1dkfjq********
folder_id: s0mef01der7p********
cname: testexample.com
created_at: "2022-01-19T09:23:57.921365Z"
updated_at: "2022-01-19T10:55:30.305141Z"
active: true
options:
  edge_cache_settings:
    enabled: true
    default value: "345600"
  cache_http_headers:
    enabled: true
    value:
    - content-type
    - content-length
    - connection
    - server
    - date
    - test
  stale:
    enabled: true
    value:
    - error
    - updating
  allowed_http_methods:
    value:
    - GET
    - POST
    - HEAD
    - OPTIONS
origin_group_id: "89783"
origin_group_name: My origins group
origin_protocol: HTTP
ssl_certificate:
  type: DONT_USE
  status: READY

  3. Edit the resource settings:

    yc cdn resource update <resource_ID> \
  <flag> <new_value>

    To configure a TLS certificate for a CDN resource, use these parameters:

    • --dont-use-ssl-cert: Do not use a certificate. The resource will be only available over HTTP.

    • --cert-manager-ssl-cert-id: Certificate ID. The resource will be available over HTTP and HTTPS.

      Note

      We no longer support the automatic issue of Let's Encrypt® certificates for CDN resources.

      Certificates from Yandex Certificate Manager are supported. You can issue a new Let's Encrypt® certificate or upload one of your own.

      The certificate must be located in the same folder as your CDN resource.

    To enable request redirection on a CDN resource, use these parameters:

    • --rewrite-body: Rewrite rule, e.g., --rewrite-body '/(.*) /new-folder/$1'.

      A rewrite rule must contain two space-separated directives: the original path you need to replace, and the edited path, which replaces the original path.

      You can use regular expressions in the rule. For more information, see Rewrite rule.

    • --rewrite-flag: Flag. The possible values are:

      • break: Terminates the processing of the current set of directives.
      • last: Terminates the processing of the current set of directives and starts searching for a new CDN server that matches the new URI.
      • redirect: Returns a temporary redirect with the 302 status code to the user. This flag is used if the replacement string does not start with http://, https://, or $scheme.
      • permanent: Returns a permanent redirect with the 301 status code to the user.

    To disable request redirection on a CDN resource, use the --clear-rewrite parameter.

    If you want to restrict access to resource content with secure tokens, use the following parameters:

    • --secure-key: Secret key that is a string of 6 to 32 characters.
    • --enable-ip-url-signing: Optional parameter that restricts access to a CDN resource based on IP. A trusted IP address is specified as a parameter outside a CDN resource when generating an MD5 hash for a signed link. If the parameter is not set, file access will be allowed from any IP.

    See also Setting up access via a secure token.

    If you want to restrict access to resource content using an IP address access policy, use the following parameters:

    • --acl-excepted-values: IP address for which access to the content will be allowed or denied. For an address, specify the subnet prefix in CIDR notation, e.g., 192.168.3.2/32 or 2a03:d000:2980:7::8/128.

      You can only provide one IP address in the --acl-excepted-values parameter. To provide more addresses, set the --acl-excepted-values parameter multiple times.

    • --policy-type: Policy type. The possible values include:

      • allow: Allowing policy. Access to the resource content will be allowed for any IP addresses other than those specified in the --acl-excepted-values parameter.
      • deny: Blocking policy. Access to the resource content will be denied for any IP addresses other than those specified in the --acl-excepted-values parameter.

    To disable the IP-based access policy, use the --clear-ip-address-acl parameter.

    For more information about the yc cdn resource update command, see the CLI reference.

If you don't have Terraform, install it and configure the Yandex Cloud provider.

To update the parameters of a CDN resource created using Terraform:

  1. Open the Terraform configuration file and edit the fragment with the resource description:

    resource "yandex_cdn_resource" "my_resource" {
    cname               = "<domain_name>"
    active              = true
    origin_protocol     = "https"
    origin_group_id     = <origin_group_ID>
    secondary_hostnames = ["<additional_domain_name_1>", "additional_domain_name_2"]
    ssl_certificate {
      type = "certificate_manager"
      certificate_manager_id = "<certificate_ID>"
    }
    options {
      redirect_http_to_https = true
      secure_key = "<secret_key>"
      enable_ip_url_signing = true
      ip_address_acl {
        excepted_values = ["<IP_address_1>", "<IP_address_2>", ..., "<IP_address_n>"]
        policy_type = "<policy_type>"
      }
    }
}

    Where:

    • cname: Primary domain name used for content distribution. This is a required parameter.

    • active: (Optional) Flag for content availability to end users (true: CDN content is available to clients; false: content not available). The default value is true.

    • origin_protocol: (Optional) Origin protocol. The default value is HTTP.

    • origin_group_id: ID of the origin group. This is a required parameter. Use the ID from the description of the origin group in the yandex_cdn_origin_group resource.

    • secondary_hostnames: (Optional) Additional domain names.

    • ssl_certificate: (Optional) SSL certificate parameters:

      Note

      We no longer support the automatic issue of Let's Encrypt® certificates for CDN resources.

      • type: Certificate type. The possible values are:

      • certificate_manager_id: User certificate ID in Certificate Manager.

    • options: (Optional) Additional parameters of the CDN resource:

      • redirect_http_to_https: Parameter to redirect clients from HTTP to HTTPS, true or false. Available if an SSL certificate is used.

      • secure_key: Secret key that is a string of 6 to 32 characters. It is required to restrict access to a resource using secure tokens.

      • enable_ip_url_signing: Optional parameter that enables restricting access to a CDN resource by IP address using secure tokens. A trusted IP address is specified as a parameter outside a CDN resource when generating an MD5 hash for a signed link. If the parameter is not set, file access will be allowed from any IP address.

      • ip_address_acl: IP-based access policy parameters:

        • excepted_values: List of IP addresses for which access to the resource content will be allowed or denied. Separate IP addresses by commas. For each address, specify the subnet prefix in CIDR notation, e.g., 192.168.3.2/32 or 2a03:d000:2980:7::8/128.

        • policy_type: Policy type. The possible values include:

          • allow: Allowing policy. Access to the resource content will be allowed for any IP addresses other than those specified in the ip_address_acl.excepted_values parameter.
          • deny: Blocking policy. Access to the resource content will be denied for any IP addresses other than those specified in the ip_address_acl.excepted_values parameter.

      Note

      If you delete the secure_key and ip_address_acl parameters in the configuration file, these options will not be automatically disabled. To disable the secure_key and ip_address_acl options, use the CLI or API.

    For more information about yandex_cdn_resource parameters in Terraform, see the provider documentation.

  2. In the command line, go to the folder with the Terraform configuration file.

  3. Check the configuration using this command:

    terraform validate

    If the configuration is correct, you will get this message:

    Success! The configuration is valid.

  4. Run this command:

    terraform plan

    The terminal will display a list of resources with parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.

  5. Apply the configuration changes:

    terraform apply

  6. Confirm the changes: type yes into the terminal and press Enter.

    You can check the changes to the CDN resource in the management console or using this CLI command:

    yc cdn resource list

Use the update REST API method for the Resource resource or the ResourceService/Update gRPC API call.

You can restrict access to the resource with secure tokens and an IP-based access policy.

It may take up to 15 minutes for the new settings of the existing resource to apply to CDN servers. After that, we recommend purging the resource cache.

Examples

Change the protocol for origins from HTTP to HTTPS and select a Let's Encrypt® certificate added to Certificate Manager or an uploaded certificate of your own:

yc cdn resource update s0me1dkfjq******** \
  --origin-protocol HTTPS \
  --cert-manager-ssl-cert-id <certificate_ID>

Result:

id: s0me1dkfjq********

...

cname: testexample.com
active: true

...

origin_group_id: "89783"
origin_group_name: My origins group
origin_protocol: HTTPS
ssl_certificate:
type: CM
status: CREATING
Previous
Creating a resource
Next
Getting information about a resource