Skip to main content

Extend CDN functionality with CDB EdgeCompute

CDB EdgeCompute CDN applications run inside the CDN request pipeline and modify requests and responses before they reach the origin or client.

A CDN resource configured for the origin is required. To create one, follow the CDN resource guide.

How it works

The CDN runtime invokes a CDN application at five stages of the request lifecycle:

  • On request headers (before cache): when the CDN receives request headers, before the cache is checked.
  • On request headers (after cache): when the CDN receives request headers, after the cache is checked.
  • On request body: when the CDN receives the request body.
  • On response headers: before the CDN sends response headers to the client.
  • On response body: before the CDN sends the response body to the client.
CDN applications are built on the Proxy-Wasm specification — an open standard for WebAssembly-based proxy extensions.
Only one CDB EdgeCompute application can be attached to each processing stage.

Step 1. Create a CDB EdgeCompute application

Deploy an application from a predefined template or upload a custom binary. Custom binaries must conform to the Proxy-Wasm specification.

A predefined template is available for JWT authentication. It verifies the JSON Web Token in the request Authorization header before the request reaches the origin.

  1. In the CDB Technical Web Portal, navigate to CDB EdgeCompute.
  2. Open the CDN Applications page and click Create new application.
CDN Applications page with Create new application button
  1. In the Create from a template section, select Validate JWT in Authorization header.
Create from a template section showing Validate JWT template option
  1. Enter a name for the application and, optionally, a description.
  2. Add the required environment variables, such as a token signing key for authentication checks.
JWT template configuration form with Name and environment variables fields
  1. Click Save and deploy.

The application is deployed and ready to be linked to a CDN resource.

Application overview page showing active status

To adjust the configuration later, click Actions > Edit application.

Application overview page with Actions menu showing Edit application option

Custom implementations are available in the CDB EdgeCompute-sdk-rust examples and proxy-wasm-sdk-as examples repositories.

  1. In the CDB Technical Web Portal, navigate to CDB EdgeCompute.
  2. Open the CDN Applications page and click Create new application.
CDN Applications page with Create new application button
  1. Click Upload binary.
Create application page with Upload binary card
  1. Select the compiled .wasm file.
File selection dialog for uploading a binary
  1. Enter a name for the application and, optionally, a description.
  2. Add any required environment variables as key-value pairs. For sensitive values, click + Add Secret to store them in Secrets Manager instead.
Custom app configuration form with Name, environment variables, and Secrets fields
  1. Click Save and deploy.

The application is deployed and ready to be linked to a CDN resource. To adjust the configuration later, click Actions > Edit application.

Application overview page with Actions menu showing Edit application option

Step 2. Enable CDB EdgeCompute for your CDN resource

CDB EdgeCompute can be enabled for all requests on a CDN resource, or limited to specific URL paths using CDN rules.

  1. In the Customer Portal, navigate to CDN.
  2. Find the resource and open its settings.
CDN resources list with resource settings button
  1. Scroll to the CDB EdgeCompute apps section and enable the toggle for the required stage.
CDN resource settings showing CDB EdgeCompute apps section with event toggles
  1. Select the application from the dropdown.
CDB EdgeCompute apps section with On request headers enabled and application dropdown
  1. (Optional) Select the Interrupt request processing in case of error checkbox.

The Interrupt request processing in case of error checkbox is enabled by default. When active, errors on the CDB EdgeCompute side return the relevant response code to the client. When disabled, the CDN ignores the error and forwards the request to the origin. For security-sensitive applications, keep this checkbox enabled.

  1. Click Save.

URL-specific rules apply CDB EdgeCompute logic only to certain paths — for example, protecting /api/ with JWT validation while leaving other paths unaffected.

  1. In the Customer Portal, navigate to CDN.
  2. Find the resource and open its settings.
  3. Click Rules > Create rule.
CDN resource settings with Rules tab open
  1. Click Create blank rule.
  2. Enter a rule name.
  3. In the Match criteria section, specify the URL paths affected by the application.
  4. In the Options section, click Add option.
  5. Scroll to the CDB EdgeCompute apps section and enable the toggle for the required stage.
CDN resource settings showing CDB EdgeCompute apps section with event toggles
  1. Select the application from the dropdown.
CDB EdgeCompute apps section with On request headers enabled and application dropdown
  1. (Optional) Select the Interrupt request processing in case of error checkbox.
Add option dialog showing CDB EdgeCompute apps section

The Interrupt request processing in case of error checkbox is enabled by default. When active, errors on the CDB EdgeCompute side return the relevant response code to the client. When disabled, the CDN ignores the error and forwards the request to the origin.

  1. Click Create rule.

Disconnect CDB EdgeCompute from CDN

To stop CDB EdgeCompute processing on a CDN resource, disable the configured toggles and save.

  1. In the Customer Portal, navigate to CDN.
  2. Find the resource and open its settings.
CDN resources list with resource settings button
  1. To disable CDB EdgeCompute for the whole CDN resource, disable the toggles in the CDB EdgeCompute apps section.
  2. To disable CDB EdgeCompute for specific URL paths, open the Rules page and disable the toggle for the relevant rule.
  3. Click Save changes.

Delete a CDN application

An enabled CDB EdgeCompute application linked to a CDN resource cannot be deleted. Disconnect it from the CDN resource first.

  1. In the Customer Portal, navigate to CDB EdgeCompute.
  2. Open the CDN Applications page and click the three-dot icon next to the application.
CDN Applications list with three-dot menu open showing Delete option
  1. Click Delete.
  2. Confirm by clicking Yes, delete.
Delete app confirmation dialog

CDB EdgeCompute CDN applications run inside the CDN request pipeline and modify requests and responses before they reach the origin or client.

A CDN resource configured for the origin is required. To create one, use the Create CDN resource API endpoint.

All requests authenticate with an API token. Set it as an environment variable before running the examples:

export GCORE_API_KEY="{YOUR_API_KEY}"

How it works

The CDN runtime invokes a CDN application at five stages of the request lifecycle:

  • on_request_headers: when the CDN receives request headers, before cache.
  • on_request_headers_after_cache: when the CDN receives request headers, after cache.
  • on_request_body: when the CDN receives the request body.
  • on_response_headers: before the CDN sends response headers to the client.
  • on_response_body: before the CDN sends the response body to the client.
CDN applications are built on the Proxy-Wasm specification — an open standard for WebAssembly-based proxy extensions.
Only one CDB EdgeCompute application can be attached to each processing stage.

Step 1. Upload a binary

Upload the compiled .wasm file to the CDB EdgeCompute binary store. The API automatically detects the binary type from the file contents.

curl -X POST https://api.cdb-staging.cdn.orange.com/edgecompute/v1/binaries/raw \
  -H "Authorization: APIKey $GCORE_API_KEY" \
  -H "Content-Type: application/octet-stream" \
  --data-binary @app.wasm

The response includes the binary ID used in the next step:

{
  "id": 12345,
  "api_type": "proxy-wasm"
}

To deploy from the predefined JWT template instead, list available templates with GET https://api.cdb-staging.cdn.orange.com/edgecompute/v1/template, note the template's binary field, and use that binary ID in Step 2.

Step 2. Create a CDB EdgeCompute application

Create the application using the binary ID from Step 1. Set status to 1 to activate the application immediately.

curl -X POST https://api.cdb-staging.cdn.orange.com/edgecompute/v1/apps \
  -H "Authorization: APIKey $GCORE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "my-cdn-app",
    "binary": 12345,
    "status": 1,
    "env": {
      "MY_VARIABLE": "value"
    }
  }'

The response includes the application ID (id), which is needed to configure the CDN resource:

{
  "id": 67890,
  "name": "my-cdn-app",
  "status": 1,
  "api_type": "proxy-wasm"
}

Step 3. Enable CDB EdgeCompute for your CDN resource

Update the CDN resource to route traffic through the CDB EdgeCompute application. The edgecompute option accepts five trigger stages — configure the ones the application handles.

curl -X PATCH https://api.cdb-staging.cdn.orange.com/cdn/resources/RESOURCE_ID \
  -H "Authorization: APIKey $GCORE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "options": {
      "edgecompute": {
        "enabled": true,
        "on_request_headers": {
          "app_id": "67890",
          "enabled": true,
          "interrupt_on_error": true
        }
      }
    }
  }'

Replace RESOURCE_ID with the CDN resource ID. The interrupt_on_error field controls behavior on error: true returns the CDB EdgeCompute error to the client, false forwards the request to the origin. For security-sensitive applications, set it to true.

To apply CDB EdgeCompute only to specific URL paths, create a CDN rule with POST https://api.cdb-staging.cdn.orange.com/cdn/resources/RESOURCE_ID/rules and include the edgecompute option in the rule's options object.

Disable CDB EdgeCompute integration

Set edgecompute.enabled to false to stop CDB EdgeCompute processing on a CDN resource:

curl -X PATCH https://api.cdb-staging.cdn.orange.com/cdn/resources/RESOURCE_ID \
  -H "Authorization: APIKey $GCORE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "options": {
      "edgecompute": {
        "enabled": false
      }
    }
  }'

Delete a CDN application

An enabled CDB EdgeCompute application linked to a CDN resource cannot be deleted. Disable the CDB EdgeCompute integration on the CDN resource before deleting the application.

curl -X DELETE https://api.cdb-staging.cdn.orange.com/edgecompute/v1/apps/APP_ID \
  -H "Authorization: APIKey $GCORE_API_KEY"

A 204 No Content response confirms the application was deleted.