Contact UsGet started

Migrating to Yandex Cloud CDN from a third-party CDN provider

Written by
Updated at April 22, 2025

If your dynamic website uses a third-party CDN to deliver static content to users, you can seamlessly migrate to Yandex Cloud CDN. This tutorial explains how to migrate while keeping your content accessible at all times.

Solution architecture

To migrate smoothly, create a new CDN resource in Yandex Cloud CDN that uses the same origin as the third-party CDN. Register a new subdomain for the new CDN resource and create a new TLS certificate for the second-level domain and all its third-level subdomains in Yandex Certificate Manager.

Once you have made sure the new CDN resource is working properly, update the static content links on your dynamic website accordingly. Then, remove the third-party CDN and add its domain name as an additional one to your Yandex Cloud CDN resource.

Your dynamic website’s static content will stay continuously accessible as you migrate from a third-party CDN to Cloud CDN.

To migrate a CDN resource to SourceCraft:

  1. Get your cloud ready.
  2. Connect to Cloud CDN.
  3. Create a CNAME record for your new CDN resource's subdomain.
  4. Add a TLS certificate to Yandex Certificate Manager.
  5. Create a CDN resource in Cloud CDN.
  6. Update your website to use the new CDN resource.
  7. Add an additional domain to the CDN resource in Cloud CDN.

Getting started

Sign up for Yandex Cloud and create a billing account:

  1. Go to the management console and log in to Yandex Cloud or create an account if you do not have one yet.
  2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one.

If you have an active billing account, you can go to the cloud page to create or select a folder for your infrastructure to operate in.

Learn more about clouds and folders.

Access to DNS settings

Make sure you can access the DNS settings on the website of your DNS hosting provider. This is usually the company that registered your domain.

Your DNS provider's dashboard should already include a public domain zone matching your domain name, e.g., example.com.. This zone should contain a CNAME record for your current CDN subdomain, e.g., cdn.example.com, pointing to the third-party CDN provider.

The cost of the CDN infrastructure support includes charges for outbound traffic from CDN servers (see Cloud CDN pricing).

Connect to Cloud CDN

You can only create a CDN resource in a folder if this folder is connected to Cloud CDN. Once connected, your folder will get a unique cname value required for creating CNAME records for subdomains used by the CDN resources you create in the folder.

To connect a folder to a CDN provider and get a cname value:

  1. In the management console, select the folder to connect to a CDN provider.

  2. From the list of services, select Cloud CDN.

  3. If the CDN provider is not activated yet, click Activate provider. A connection will be established automatically.

    If there is no Activate provider button, and you can create resources and origin groups, it means that the provider is already activated.

  4. Click Create resource and under Domain names for content distribution, copy the cname value required to create a resource record for the new CDN subdomain.

  5. Click Cancel. You will create a CDN resource later.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id settings.

  1. Connect to a provider:

    yc cdn provider activate --type gcore

  2. Get the CNAME record value for the CDN resource:

    yc cdn resource get-provider-cname

    Result:

    cname: cl-ms6*****90.edgecdn.ru
folder_id: b1gt6g8ht345********

Make sure to save the CNAME record value you got, as you will need it at the next step.

Create a CNAME record for your new CDN resource's subdomain

To seamlessly switch your website to the new CDN resource, you will need a new CDN subdomain. In your website's public DNS zone, create a CNAME record for the new CDN subdomain that the new CDN resource will use:

  • Record name: New CDN subdomain name, e.g., cdn-new.example.com..
  • Record type: CNAME.
  • Record value: cname value you got earlier for your folder.

If you delegated your website domain to Yandex Cloud DNS, follow this tutorial to create a CNAME record. Otherwise, use your DNS provider's guides or contact their support.

Add a TLS certificate to Yandex Certificate Manager

To ensure data encryption when accessing the new CDN resource, add a new TLS certificate issued by Let's Encrypt® for your website's domain and all its subdomains (wildcard certificate) to Yandex Certificate Manager:

  1. Create a new TLS certificate:

    1. In the management console, select the folder to add a certificate to.
    2. From the list of services, select Certificate Manager.
    3. Click Add certificate and select Let's Encrypt certificate.
    4. In the window that opens, enter a name for your certificate in the Name field, e.g., my-cdn-certificate.
    5. In the Domains field, specify the wildcard for your domain and its subdomains, e.g., *.example.com, where example.com is the domain name of your website.
    6. In the Check type field, select DNS.
    7. Click Create.

    1. Request a new wildcard certificate. To do this, run the following command:

      yc certificate-manager certificate request \
  --name my-cdn-certificate \
  --domains "*.<your_website_domain_name>"

      Where:

      • --name: Certificate name, e.g., my-cdn-certificate.
      • --domains: Wildcard for your domain and its subdomains, e.g., *.example.com, where example.com is the domain name of your website.

      Result:

      id: fpqba7lpgmp7********
folder_id: b1gt6g8ht345********
created_at: "2025-02-09T20:41:05.916923798Z"
name: my-cdn-certificate
type: MANAGED
domains:
  - '*.example.com'
status: VALIDATING
updated_at: "2025-02-09T20:41:05.916923798Z"

      Save the certificate ID (from the id field), as you will need it in the next steps.

      For more information about the yc certificate-manager certificate request command, see the CLI reference.

  2. Follow these steps to verify ownership of your domain:

    1. In the management console, select the folder the certificate was added to.

    2. From the list of services, select Certificate Manager.

    3. From the list of certificates, select the one you need verified.

    4. In the window that opens, you will find the info you will need to pass the rights check under Check rights for domains.

      In the CNAME record tab, copy and save the values of the Name and Value fields. You will need these to create a CNAME record.

    1. Retrieve the CNAME record values required for the domain rights check. To do this, run the following command while specifying the certificate ID you saved earlier.

      yc certificate-manager certificate get <certificate_ID> \
  --full \
  --format=json | \
  jq -r ".challenges[].dns_challenge"

      Result:

      {
  "name": "_acme-challenge.example.com.",
  "type": "CNAME",
  "value": "fpqba7lpgmp7********.cm.yandexcloud.net."
}
{
  "name": "_acme-challenge.example.com.",
  "type": "TXT",
  "value": "oRnpmIJau5SWFDYqKwwUJMn-61HHdulvqk7********"
}

      Save the values of the name and value fields for the CNAME record. You will need these to create a CNAME record.

      For more information about the yc certificate-manager certificate get command, see the CLI reference.

  3. Using the values from the previous step, create a CNAME record in your website's public DNS zone to verify your domain ownership:

    If you delegated your website’s domain to Yandex Cloud DNS, follow this tutorial to create a CNAME record. Otherwise, use your DNS provider's guides or contact their support.

    Note

    For a successful DNS domain rights check based on a CNAME record, make sure the _acme-challenge subdomain of the domain name you are checking has no other resource records except CNAME. For example, for the _acme-challenge.example.com. domain name, there should only be a CNAME record and no TXT record.

Wait for the domain rights check to complete successfully. The wildcard certificate will then be issued and get the Issued status.

You can check the certificate status on the certificate page in the management console or by running the yc certificate-manager certificate get <certificate_ID> CLI command.

Create a CDN resource in Cloud CDN

This section explains how to create a CDN resource with the Server origin type. If your origin is a Yandex Object Storage bucket or a Yandex Application Load Balancer instance, use this tutorial to create a CDN resource.

Create a CDN resource in Yandex Cloud CDN:

  1. In the management console, select the folder you are going to create your CDN resource in.

  2. From the list of services, select Cloud CDN.

  3. Click Create resource.

  4. Under Content, specify:

    • Content query: From one origin
    • Origin type: Server
    • In the Origin domain name field, specify the domain name or public IP address of your static content origin.

  5. Under Domain names for content distribution, in the Domain name field, specify the new domain name you assigned to your new CDN resource, e.g., cdn-new.example.com.

  6. Under Additional settings:

    1. In the Origin request protocol field, select the protocol the CDN resource will use to communicate with the origin. If you select HTTPS or Match client, make sure your origin supports HTTPS.
    2. In the Redirect clients field, select Don't use.
    3. In the Certificate type field, select Use from Certificate Manager and then, from the list that opens, select the certificate you previously created, such as my-cdn-certificate.
    4. In the Host header field, select Primary domain name.

  7. Click Create.

  1. Run this command:

    yc cdn resource create <subdomain_name> \
  --origin-custom-source '<origin_IP_address_or_domain_name>' \
  --origin-protocol '<origin_protocol>' \
  --cert-manager-ssl-cert-id <certificate_ID>

    Where:

    • <subdomain_name>: Domain name for which you created CNAME record earlier and that the new CDN resource will use, e.g., cdn-new.example.com.

    • --origin-custom-source: Domain name or public IP address of your static content origin.

    • --origin-protocol: Protocol the CDN resource will use to communicate with the origin. The possible values are as follows:

      • http: Use HTTP.
      • https: Use HTTPS.
      • match: Use the same value as that of the Host header in the client request to the CDN.

      If you select https or match, make sure your origin supports HTTPS.

    • --cert-manager-ssl-cert-id: TLS certificate ID that was saved earlier when creating the certificate.

    Result
    id: bc8cfqtx2mkx********
folder_id: b1gt6g8ht345********
cname: cdn-new.example.com
created_at: "2025-02-10T07:42:24.920162Z"
updated_at: "2025-02-10T07:42:24.920187Z"
active: true
options:
  edge_cache_settings:
    enabled: true
    default_value: "345600"
  query_params_options:
    ignore_query_string:
      enabled: true
      value: true
  stale:
    enabled: true
    value:
      - error
      - updating
origin_group_id: "352269"
origin_group_name: Origins for cdn-new.example.com (302798)
origin_protocol: HTTP
ssl_certificate:
  type: CM
  status: READY
  data:
    cm:
      id: fpqnetjumkhn********

    Save the new dataset's ID (the id field value), as you will need it later.

    For more information about the yc cdn resource create command, see the CLI reference.

Warning

After the CDN resource is set up, it may take up to 15 minutes for it to go live.

Make sure the new CDN resource is working properly before proceeding with the next steps.

Update your website to use the new CDN resource

Once you have created a new CDN resource in Cloud CDN and tested it, you can start updating your website configuration and removing the old CDN resource.

Redirect the static content links generated by your dynamic website to the new CDN subdomain, e.g., by replacing cdn.example.com with cdn-new.example.com. It is your dynamic website's admin who must do this.

Once you have made all the required changes, make sure the static content links generated by your website are valid and the content is accessible. Also, make sure outgoing traffic has stopped on the old CDN resource by using the statistics and monitoring tools provided by your third-party CDN provider.

Your dynamic website has now fully switched to Yandex Cloud CDN.

Update the CNAME record for the original CDN subdomain

To keep your website's original CDN subdomain working with the new Cloud CDN resource, replace the resource CNAME record value of the original subdomain with the value you got earlier when connecting to Cloud CDN:

  • Record name: Original CDN subdomain name, e.g., cdn.example.com..
  • Record type: CNAME.
  • Record value: The cname value you got earlier for your folder.

If you delegated your website’s domain to Yandex Cloud DNS, follow this tutorial to update the CNAME record. Otherwise, use your DNS provider's guides or contact their support.

Delete the third-party CDN

Once you have confirmed the original CDN resource from your third-party CDN provider is no longer sending outgoing traffic, delete it. To do this, use the third-party DNS provider's guides or contact their support.

Add an additional domain to the CDN resource in Cloud CDN

Once you have deleted the third-party CDN resource that was using the original CDN subdomain, you can add that subdomain as an additional domain to your new Cloud CDN resource. To do this:

  1. In the management console, select the folder with your CDN resource.
  2. From the list of services, select Cloud CDN.
  3. In the line with the CDN resource you created earlier, click and select Edit.
  4. Under Domain names for content distribution, click Add domain name and in the field that appears, enter the domain name the old CDN resource used previously. e.g., cdn.example.com.
  5. Click Save.

  1. Run this command:

    yc cdn resource update <CDN_resource_ID> \
  --secondary-hostnames '<old_CDN_subdomain>'

    Where:

    • <CDN_resource_ID>: Cloud CDN resource ID you saved earlier.
    • --secondary-hostnames: Domain name that became available after deleting the third-party CDN resource, e.g., cdn.example.com.

    Warning

    This command will delete all additional domains that were previously linked to the CDN resource.

    To link an additional domain to a CDN resource that already has additional domains linked, list the domains in the --secondary-hostnames parameter while separating them with commas.

    Result
    id: bc845trezddi********
folder_id: b1gt6g8ht345********
cname: cdn-new.example.com
created_at: "2025-01-25T21:47:21.181871Z"
updated_at: "2025-02-10T17:10:37.511453Z"
active: true
options:
  edge_cache_settings:
    enabled: true
    default_value: "345600"
  query_params_options:
    ignore_query_string:
      enabled: true
      value: true
  stale:
    enabled: true
    value:
      - error
      - updating
  ignore_cookie:
    enabled: true
secondary_hostnames:
  - cdn.example.com
origin_group_id: "350569"
origin_group_name: Origins for cdn-new.example.com (301532)
origin_protocol: HTTP
ssl_certificate:
  type: CM
  status: READY

    For more information about the yc cdn resource update command, see the CLI reference.

Updating the CDN resource settings may take up to 15 minutes. After that, your new CDN resource will be accessible via both domain names, i.e., cdn-new.example.com and cdn.example.com.

See also

Previous
Hosting a static Gatsby website
Next
Getting website traffic statistics using S3 Select