Migrating to Yandex Cloud CDN from a third-party CDN provider
- Solution architecture
- Getting started
- Connect to Cloud CDN
- Create a CNAME record for your new CDN resource's subdomain
- Add a TLS certificate to Yandex Certificate Manager
- Create a CDN resource in Cloud CDN
- Update your website to use the new CDN resource
- Add an additional domain to the CDN resource in Cloud CDN
If your dynamic website uses a third-party CDN to deliver static content to users, you can seamlessly migrate to Yandex Cloud CDN. This tutorial explains how to migrate while keeping your content accessible at all times.
Solution architecture
To migrate smoothly, create a new CDN resource in Yandex Cloud CDN that uses the same origin as the third-party CDN. Register a new subdomain for the new CDN resource and create a new TLS certificate for the second-level domain and all its third-level subdomains in Yandex Certificate Manager.
Once you have made sure the new CDN resource is working properly, update the static content links on your dynamic website accordingly. Then, remove the third-party CDN and add its domain name as an additional one to your Yandex Cloud CDN resource.
Your dynamic website’s static content will stay continuously accessible as you migrate from a third-party CDN to Cloud CDN.
To migrate a CDN resource to SourceCraft:
- Get your cloud ready.
- Connect to Cloud CDN.
- Create a CNAME record for your new CDN resource's subdomain.
- Add a TLS certificate to Yandex Certificate Manager.
- Create a CDN resource in Cloud CDN.
- Update your website to use the new CDN resource.
- Add an additional domain to the CDN resource in Cloud CDN.
Getting started
Sign up for Yandex Cloud and create a billing account:
- Go to the management console
and log in to Yandex Cloud or create an account if you do not have one yet. - On the Yandex Cloud Billing
page, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page
Learn more about clouds and folders.
Access to DNS settings
Make sure you can access the DNS settings on the website of your DNS hosting provider. This is usually the company that registered your domain.
Your DNS provider's dashboard should already include a public domain zone matching your domain name, e.g., example.com.
. This zone should contain a CNAME record for your current CDN subdomain, e.g., cdn.example.com
, pointing to the third-party CDN provider.
Required paid resources
The cost of the CDN infrastructure support includes charges for outbound traffic from CDN servers (see Cloud CDN pricing).
Connect to Cloud CDN
You can only create a CDN resource in a folder if this folder is connected to Cloud CDN. Once connected, your folder will get a unique cname
value required for creating CNAME records for subdomains used by the CDN resources you create in the folder.
To connect a folder to a CDN provider and get a cname
value:
-
In the management console
, select the folder to connect to a CDN provider. -
From the list of services, select Cloud CDN.
-
If the CDN provider is not activated yet, click Activate provider. A connection will be established automatically.
If there is no Activate provider button, and you can create resources and origin groups, it means that the provider is already activated.
-
Click Create resource and under Domain names for content distribution, copy the
cname
value required to create a resource record for the new CDN subdomain. -
Click Cancel. You will create a CDN resource later.
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
settings.
-
Connect to a provider:
yc cdn provider activate --type gcore
-
Get the CNAME record value for the CDN resource:
yc cdn resource get-provider-cname
Result:
cname: cl-ms6*****90.edgecdn.ru folder_id: b1gt6g8ht345********
Make sure to save the CNAME record value you got, as you will need it at the next step.
Create a CNAME record for your new CDN resource's subdomain
To seamlessly switch your website to the new CDN resource, you will need a new CDN subdomain. In your website's public DNS zone, create a CNAME record for the new CDN subdomain that the new CDN resource will use:
- Record name: New CDN subdomain name, e.g.,
cdn-new.example.com.
. - Record type:
CNAME
. - Record value:
cname
value you got earlier for your folder.
If you delegated your website domain to Yandex Cloud DNS, follow this tutorial to create a CNAME record. Otherwise, use your DNS provider's guides or contact their support.
Add a TLS certificate to Yandex Certificate Manager
To ensure data encryption when accessing the new CDN resource, add a new TLS certificate issued by Let's Encrypt® for your website's domain and all its subdomains (wildcard certificate) to Yandex Certificate Manager:
-
Create a new TLS certificate:
Management consoleCLI- In the management console
, select the folder to add a certificate to. - From the list of services, select Certificate Manager.
- Click Add certificate and select Let's Encrypt certificate.
- In the window that opens, enter a name for your certificate in the Name field, e.g.,
my-cdn-certificate
. - In the Domains field, specify the wildcard for your domain and its subdomains, e.g.,
*.example.com
, whereexample.com
is the domain name of your website. - In the Check type field, select
DNS
. - Click Create.
-
Request a new wildcard certificate. To do this, run the following command:
yc certificate-manager certificate request \ --name my-cdn-certificate \ --domains "*.<your_website_domain_name>"
Where:
--name
: Certificate name, e.g.,my-cdn-certificate
.--domains
: Wildcard for your domain and its subdomains, e.g.,*.example.com
, whereexample.com
is the domain name of your website.
Result:
id: fpqba7lpgmp7******** folder_id: b1gt6g8ht345******** created_at: "2025-02-09T20:41:05.916923798Z" name: my-cdn-certificate type: MANAGED domains: - '*.example.com' status: VALIDATING updated_at: "2025-02-09T20:41:05.916923798Z"
Save the certificate ID (from the
id
field), as you will need it in the next steps.For more information about the
yc certificate-manager certificate request
command, see the CLI reference.
- In the management console
-
Follow these steps to verify ownership of your domain:
Management consoleCLI-
In the management console
, select the folder the certificate was added to. -
From the list of services, select Certificate Manager.
-
From the list of certificates, select the one you need verified.
-
In the window that opens, you will find the info you will need to pass the rights check under Check rights for domains.
In the CNAME record tab, copy and save the values of the Name and Value fields. You will need these to create a CNAME record.
-
Retrieve the CNAME record values required for the domain rights check. To do this, run the following command while specifying the certificate ID you saved earlier.
yc certificate-manager certificate get <certificate_ID> \ --full \ --format=json | \ jq -r ".challenges[].dns_challenge"
Result:
{ "name": "_acme-challenge.example.com.", "type": "CNAME", "value": "fpqba7lpgmp7********.cm.yandexcloud.net." } { "name": "_acme-challenge.example.com.", "type": "TXT", "value": "oRnpmIJau5SWFDYqKwwUJMn-61HHdulvqk7********" }
Save the values of the
name
andvalue
fields for theCNAME
record. You will need these to create a CNAME record.For more information about the
yc certificate-manager certificate get
command, see the CLI reference.
-
-
Using the values from the previous step, create a CNAME record in your website's public DNS zone to verify your domain ownership:
If you delegated your website’s domain to Yandex Cloud DNS, follow this tutorial to create a CNAME record. Otherwise, use your DNS provider's guides or contact their support.
Note
For a successful DNS domain rights check based on a
CNAME
record, make sure the_acme-challenge
subdomain of the domain name you are checking has no other resource records exceptCNAME
. For example, for the_acme-challenge.example.com.
domain name, there should only be a CNAME record and no TXT record.
Wait for the domain rights check to complete successfully. The wildcard certificate will then be issued and get the Issued
status.
You can check the certificate status on the certificate page in the management consoleyc certificate-manager certificate get <certificate_ID>
CLI command.
Create a CDN resource in Cloud CDN
This section explains how to create a CDN resource with the Server
origin type. If your origin is a Yandex Object Storage bucket or a Yandex Application Load Balancer instance, use this tutorial to create a CDN resource.
Create a CDN resource in Yandex Cloud CDN:
-
In the management console
, select the folder you are going to create your CDN resource in. -
From the list of services, select Cloud CDN.
-
Click Create resource.
-
Under Content, specify:
- Content query:
From one origin
- Origin type:
Server
- In the Origin domain name field, specify the domain name or public IP address of your static content origin.
- Content query:
-
Under Domain names for content distribution, in the Domain name field, specify the new domain name you assigned to your new CDN resource, e.g.,
cdn-new.example.com
. -
Under Additional settings:
- In the Origin request protocol field, select the protocol the CDN resource will use to communicate with the origin. If you select
HTTPS
orMatch client
, make sure your origin supports HTTPS. - In the Redirect clients field, select
Don't use
. - In the Certificate type field, select
Use from Certificate Manager
and then, from the list that opens, select the certificate you previously created, such asmy-cdn-certificate
. - In the Host header field, select
Primary domain name
.
- In the Origin request protocol field, select the protocol the CDN resource will use to communicate with the origin. If you select
-
Click Create.
-
Run this command:
yc cdn resource create <subdomain_name> \ --origin-custom-source '<origin_IP_address_or_domain_name>' \ --origin-protocol '<origin_protocol>' \ --cert-manager-ssl-cert-id <certificate_ID>
Where:
-
<subdomain_name>
: Domain name for which you created CNAME record earlier and that the new CDN resource will use, e.g.,cdn-new.example.com
. -
--origin-custom-source
: Domain name or public IP address of your static content origin. -
--origin-protocol
: Protocol the CDN resource will use to communicate with the origin. The possible values are as follows:http
: Use HTTP.https
: Use HTTPS.match
: Use the same value as that of theHost
header in the client request to the CDN.
If you select
https
ormatch
, make sure your origin supports HTTPS. -
--cert-manager-ssl-cert-id
: TLS certificate ID that was saved earlier when creating the certificate.
Result
id: bc8cfqtx2mkx******** folder_id: b1gt6g8ht345******** cname: cdn-new.example.com created_at: "2025-02-10T07:42:24.920162Z" updated_at: "2025-02-10T07:42:24.920187Z" active: true options: edge_cache_settings: enabled: true default_value: "345600" query_params_options: ignore_query_string: enabled: true value: true stale: enabled: true value: - error - updating origin_group_id: "352269" origin_group_name: Origins for cdn-new.example.com (302798) origin_protocol: HTTP ssl_certificate: type: CM status: READY data: cm: id: fpqnetjumkhn********
Save the new dataset's ID (the
id
field value), as you will need it later.For more information about the
yc cdn resource create
command, see the CLI reference. -
Warning
After the CDN resource is set up, it may take up to 15 minutes for it to go live.
Make sure the new CDN resource is working properly before proceeding with the next steps.
Update your website to use the new CDN resource
Once you have created a new CDN resource in Cloud CDN and tested it, you can start updating your website configuration and removing the old CDN resource.
Redirect links from the dynamic website
Redirect the static content links generated by your dynamic website to the new CDN subdomain, e.g., by replacing cdn.example.com
with cdn-new.example.com
. It is your dynamic website's admin who must do this.
Once you have made all the required changes, make sure the static content links generated by your website are valid and the content is accessible. Also, make sure outgoing traffic has stopped on the old CDN resource by using the statistics and monitoring tools provided by your third-party CDN provider.
Your dynamic website has now fully switched to Yandex Cloud CDN.
Update the CNAME record for the original CDN subdomain
To keep your website's original CDN subdomain working with the new Cloud CDN resource, replace the resource CNAME record value of the original subdomain with the value you got earlier when connecting to Cloud CDN:
- Record name: Original CDN subdomain name, e.g.,
cdn.example.com.
. - Record type:
CNAME
. - Record value: The
cname
value you got earlier for your folder.
If you delegated your website’s domain to Yandex Cloud DNS, follow this tutorial to update the CNAME record. Otherwise, use your DNS provider's guides or contact their support.
Delete the third-party CDN
Once you have confirmed the original CDN resource from your third-party CDN provider is no longer sending outgoing traffic, delete it. To do this, use the third-party DNS provider's guides or contact their support.
Add an additional domain to the CDN resource in Cloud CDN
Once you have deleted the third-party CDN resource that was using the original CDN subdomain, you can add that subdomain as an additional domain to your new Cloud CDN resource. To do this:
- In the management console
, select the folder with your CDN resource. - From the list of services, select Cloud CDN.
- In the line with the CDN resource you created earlier, click
and select Edit. - Under Domain names for content distribution, click
Add domain name and in the field that appears, enter the domain name the old CDN resource used previously. e.g.,cdn.example.com
. - Click Save.
-
Run this command:
yc cdn resource update <CDN_resource_ID> \ --secondary-hostnames '<old_CDN_subdomain>'
Where:
<CDN_resource_ID>
: Cloud CDN resource ID you saved earlier.--secondary-hostnames
: Domain name that became available after deleting the third-party CDN resource, e.g.,cdn.example.com
.
Warning
This command will delete all additional domains that were previously linked to the CDN resource.
To link an additional domain to a CDN resource that already has additional domains linked, list the domains in the
--secondary-hostnames
parameter while separating them with commas.Result
id: bc845trezddi******** folder_id: b1gt6g8ht345******** cname: cdn-new.example.com created_at: "2025-01-25T21:47:21.181871Z" updated_at: "2025-02-10T17:10:37.511453Z" active: true options: edge_cache_settings: enabled: true default_value: "345600" query_params_options: ignore_query_string: enabled: true value: true stale: enabled: true value: - error - updating ignore_cookie: enabled: true secondary_hostnames: - cdn.example.com origin_group_id: "350569" origin_group_name: Origins for cdn-new.example.com (301532) origin_protocol: HTTP ssl_certificate: type: CM status: READY
For more information about the
yc cdn resource update
command, see the CLI reference.
Updating the CDN resource settings may take up to 15 minutes. After that, your new CDN resource will be accessible via both domain names, i.e., cdn-new.example.com
and cdn.example.com
.