This guide addresses a practice that is not recommended for most stores and should only be applied in extreme cases.
Implementing a reverse proxy means replacing all edge services (CDN) managed and optimized by VTEX. This implies that the store will be responsible for effective site provisioning, including configuration, monitoring, and management of aspects such as header passing, cookies, and caching. VTEX does not provide support or documentation for these specific configurations and is not responsible for any issues that may arise.
VTEX is not responsible for problems with this system, whether related to our CDN, WAF service, or any other resource in front of our servers. We will not have visibility into the operation, and therefore this solution is not covered under our SLA agreements.
To point your own CDN to the VTEX CDN, you need to insert a reverse proxy in front of VTEX services. In this scenario, the traffic flow follows this path:
- Store: The point of origin of the traffic.
- Reverse proxy: The intermediary you set up.
- CDN used by VTEX: VTEX's standard CDN.
- VTEX: VTEX's end servers.
Follow the guidelines below to implement the reverse proxy:
DNS configuration
In your domain's DNS zone, you must configure the DNS records required to direct traffic to the VTEX CDN. Follow the instructions below.
Creating a TXT record
To correctly direct your domain to the VTEX CDN, create a TXT record in the format _{hostname} with the value {hostname}.cdn.vtex.com.
Replace {hostname} with your store's subdomain, domain, and top-level domain. Example: www.mystore.com. Make sure to include the underscore (_) before the hostname.
Format:
Name: _{hostname}Type: TXT Value: {hostname}.cdn.vtex.com
Example:
Name: _www.mystore.com Type: TXT Value: www.mystore.com.cdn.vtex.com
Creating a CNAME record
To direct CDN/WAF traffic to our servers, create a CNAME record with the value corresponding to the domain's CNAME.
Replace {hostname} with your store's subdomain, domain, and top-level domain. Example: www.mystore.com.
Format:
Name: {hostname} Type: CNAME Destination: {hostname}.cdn.vtex.com
Example:
Name: www.mystore.com Type: CNAME Destination: www.mystore.com.cdn.vtex.com
Traffic routing
In the reverse proxy configuration file, configure traffic routing to VTEX, ensuring that the Host header contains the original domain. Use the format below for HTTP requests from the reverse proxy to VTEX:
curl http://{hostname}.cdn.vtex.com/ -H 'Host: {hostname}'
Example:
curl http://www.mystore.com.cdn.vtex.com/ -H 'Host: www.mystore.com'
The traffic routing configuration and the HTTP request format may vary depending on the reverse proxy software solution you use.
Responsibilities for SSL certificates
In the case of a reverse proxy, responsibilities for SSL certificates are as follows:
- The external CDN (reverse proxy) manages the SSL certificate for communication between the client and the reverse proxy.
- VTEX manages the SSL certificate for communication between the reverse proxy (external CDN) and VTEX servers.
To enable the generation of SSL certificates, make sure that all HTTP traffic to /.well-known/acme-challenge/* reaches VTEX without changes, such as internal redirects from HTTP to HTTPS or traffic blocks.
Some reverse proxies may capture this route, preventing VTEX from issuing or renewing the SSL certificate.
VTEX only provides navigation if:
*The host points to VTEX via the CNAME.
*SSL certificates can be issued and renewed for the host.
If either condition is not met, navigation will fail, and the site will be down.