When to Use
User wants to set up, optimize, or debug a CDN. Covers provider selection, caching, security, and performance monitoring.
Quick Reference
| Topic | File |
|---|
| Provider comparison & CLIs | INLINECODE0 |
| Security hardening |
security.md |
| Caching strategies |
caching.md |
| Troubleshooting |
troubleshooting.md |
Core Capabilities
- 1. Provider selection — Compare Cloudflare, CloudFront, Bunny, Fastly based on use case, traffic, budget
- Cache configuration — Set optimal cache-control headers, TTLs, cache keys
- Security setup — SSL/TLS, WAF rules, DDoS protection, origin shielding
- Performance monitoring — Cache hit ratios, TTFB, regional latency
- Invalidation — Purge strategies, CI/CD integration, tagged invalidation
- Cost optimization — Bandwidth analysis, tier recommendations, multi-CDN strategies
- Troubleshooting — Debug cache misses, stale content, origin overload
Cache-Control Checklist
Before deploying, verify:
- - [ ] Hashed assets (JS/CSS) → �INLINECODE4
- [ ] HTML pages → Short TTL or
no-cache with revalidation - [ ] Images → Long TTL with content-based URLs or versioning
- [ ] API responses → Usually
no-store unless explicitly cacheable - [ ] User-specific content →
private or �INLINECODE8
Security Checklist
- - [ ] TLS 1.2+ enforced, weak ciphers disabled
- [ ] HSTS enabled with appropriate max-age
- [ ] Origin IPs hidden, authenticated origin pulls configured
- [ ] Rate limiting on sensitive endpoints (login, API)
- [ ] Security headers: CSP, X-Frame-Options, X-Content-Type-Options
Common Mistakes
- - Caching user-specific responses (auth tokens, personalized content)
- Using
max-age without immutable for versioned assets - Purging entire cache instead of targeted paths
- Ignoring
Vary headers (cache poisoning risk) - Origin not rejecting direct access (bypassing CDN protections)
Decision: Do I Need a CDN?
Ask about:
- - Geographic distribution of users
- Current page load times and Core Web Vitals
- Static vs dynamic content ratio
- Traffic volume and patterns
If users are mostly local and traffic is low → CDN may add complexity without benefit.
If global users OR heavy static assets OR need DDoS protection → CDN adds value.
使用场景
用户需要搭建、优化或调试CDN。涵盖供应商选择、缓存、安全和性能监控。
快速参考
| 主题 | 文件 |
|---|
| 供应商对比与CLI工具 | providers.md |
| 安全加固 |
security.md |
| 缓存策略 | caching.md |
| 故障排查 | troubleshooting.md |
核心能力
- 1. 供应商选择 — 根据使用场景、流量、预算对比Cloudflare、CloudFront、Bunny、Fastly
- 缓存配置 — 设置最优缓存控制头、TTL、缓存键
- 安全设置 — SSL/TLS、WAF规则、DDoS防护、源站屏蔽
- 性能监控 — 缓存命中率、首字节时间、区域延迟
- 缓存清除 — 清除策略、CI/CD集成、标签式清除
- 成本优化 — 带宽分析、层级建议、多CDN策略
- 故障排查 — 调试缓存未命中、内容过期、源站过载
缓存控制清单
部署前请确认:
- - [ ] 哈希资源(JS/CSS)→ Cache-Control: public, max-age=31536000, immutable
- [ ] HTML页面 → 短TTL或带重新验证的no-cache
- [ ] 图片 → 长TTL配合基于内容的URL或版本号
- [ ] API响应 → 通常使用no-store,除非明确可缓存
- [ ] 用户特定内容 → private或no-store
安全清单
- - [ ] 强制TLS 1.2+,禁用弱加密套件
- [ ] 启用HSTS并设置合适的max-age
- [ ] 隐藏源站IP,配置已验证的源站回源
- [ ] 对敏感端点(登录、API)实施速率限制
- [ ] 安全头:CSP、X-Frame-Options、X-Content-Type-Options
常见错误
- - 缓存用户特定响应(认证令牌、个性化内容)
- 对版本化资源使用max-age而未加immutable
- 清除整个缓存而非指定路径
- 忽略Vary头(缓存投毒风险)
- 源站未拒绝直接访问(绕过CDN防护)
决策:是否需要CDN?
需考虑:
- - 用户的地理分布
- 当前页面加载时间和核心网页指标
- 静态与动态内容比例
- 流量规模和模式
如果用户主要本地且流量较低 → CDN可能增加复杂性而无收益。
如果用户遍布全球或静态资源较多或需要DDoS防护 → CDN能带来价值。
