Edge Acceleration

Site Acceleration
- Overview
- Access Control
  - Token authentication
    - Token Authentication
    - Authentication Method A
    - Authentication Method B
    - Authentication Method C
    - Authentication Method D
    - Authentication Method V
- Smart Acceleration
- Cache configuration
  - Overview
  - EdgeOne caching rules introduction
    - Content Cache Rules
    - Cache Key Introduction
    - Vary Feature
  - Cache Configuration
    - Custom Cache Key
    - Node Cache TTL
    - Status Code Cache TTL
    - Browser Cache TTL
    - Offline Caching
    - Cache Prefresh
  - Clear and Preheat Cach
    - Cache Purge
    - URL Pre-Warming
    - Prefetch M3U8
  - How to improve the Cache Hit Rate of EdgeOne
- File Optimization
  - Content Compression
  - Smart Compression
- Network Optimization
  - HTTP/2
  - HTTP/3(QUIC)
    - Overview
    - Enable HTTP/3
    - QUIC SDK
      - SDK Overview
      - SDK Download and Integration
      - Sample Code
        Android
        iOS
      - API Documentation
        Android
        iOS
  - IPv6 Access
  - Maximum Upload Size
  - WebSocket
  - Client IP Geolocation Header
  - Client IP Geographical Location
  - gRPC
  - Network Error Logging
- URL Rewrite
  - Access URL Redirection
  - Origin-Pull URL Rewrite
- Modifying Header
  - Modifying HTTP Response Headers
  - Modifying HTTP Request Headers
- Modify response content
  - HTTP Response
  - Custom Error Page
- Rules Engine
  - Overview
  - Rule Management
  - variables
  - Supported Matching Types and Actions
- Image and video processing
  - Audio and Video Pre-pulling
  - Just-in-Time Image Processing
  - Video Just-In-Time Processing
  - VOD Media Origin
- Speed limit for single connection download
- Request and Response Actions
  - HTTP Response
  - Processing order
  - Default HTTP Headers of Origin-Pull Requests
  - Default HTTP Response Headers
  - HTTP Restrictions
- Media Services
  - Audio and Video Pre-pulling
  - Just-in-Time Image Processing
  - Just-in-Time Media Processing
  - VOD Media Origin
L4 Proxy
- Overview
- Creating an L4 Proxy Instance
- Modifying an L4 Proxy Instance
- Disabling or Deleting an L4 Proxy Instance
- Batch Configuring Forwarding Rules
- Obtaining Real Client IPs
  - Obtaining Real TCP Client IPs via TOA
  - Obtaining Real Client IPs Through Protocol V1/V2
    - Overview
    - Method 1: Obtaining Real Client IPs Through Nginx
    - Method 2: Parsing Real Client IPs on Application Server
    - Format of Real Client IPs Obtained Through Proxy Protocol V1/V2
  - Transmitting Client Real IP via SPP Protocol
Domain name service and origin server configuration
- Domain Name Services
  - Overview
  - DNS resolution for managed domains
    - Modifying DNS Servers
    - Configuring DNS Records
    - Batch Importing DNS Records
    - Advanced DNS Configuration
  - Access accelerated domains
    - Adding A Domain Name for Acceleration
    - Ownership Verification
    - Modifying CNAME Records
    - Verify Business Access
  - Traffic scheduling
    - Traffic Scheduling Management
- HTTPS Certificate
  - Overview
  - Edge HTTPS Certificate
    - Overview
    - Deploying/Updating SSL Certificate for A Domain Name
    - Configuring A Free Certificate for A Domain Name
    - Using Keyless Certificate
  - Edge mTLS Authentication
  - Origin Certificate Validation
  - HTTPS configuration
    - Forced HTTPS Access
    - Enabling HSTS
    - SSL/TLS security configuration
      - Configuring SSL/TLS Security
      - TLS Versions and Cipher Suites
    - Enabling OCSP Stapling
  - Related References
    - Using OpenSSL to Generate Self-Signed Certificates
    - Certificate Format Requirements
    - The Difference Between one-way authentication and Mutual authentication
- Origin Configuration
  - Load Balancing
    - Overview
    - Quickly Create Load Balancers
    - Health Check Policies
    - Viewing the Health Status of Origin Server
    - Related References
      - Load Balancing-Related Concepts
      - Introduction to Request Retry Strategy
  - Origin Group Configuration
  - Origin configuration
    - Origin-Pull Timeout
    - Configuring Origin-Pull HTTPS
    - Host Header Rewrite
    - Controlling Origin-pull Requests
    - Redirect Following During Origin-Pull
    - HTTP/2 Origin-Pull
    - Range GETs
    - Modify Origin
    - Origin-pull Rate Limiting Policy
  - Origin Protection(Obtaining/Updating Origin IP Address Range)
  - Related References
    - ld Version Origin Group Compatible Related Issues

Certificate Format Requirements

If your certificate is issued by a root certificate authority (CA), you will get a unique certificate. The configured site will be considered trustworthy by access devices such as browsers without the need for additional certificates.
If your certificate is issued by an intermediate CA, you will receive a file containing multiple certificates. You need to manually concatenate the intermediate certificate and the root certificate in order before uploading. The concatenation rule is: first put the intermediate certificate and then put the root certificate, with no blank lines between them.
Note:
In general, CA will provide corresponding instructions when issuing certificates. Pay attention to such instructions.
Examples of CA Certificate Format and Certificate Chain Format
Below are examples of certificate format and certificate chain format. Confirm that the formats are correct before uploading:
1. The example of the PEM format of the certificate issued by a root CA is as follows:
﻿
The certificate format is as follows:
Your certificate should start with "-----BEGIN CERTIFICATE-----" and end with "-----END CERTIFICATE-----".
Each line should contain 64 characters, with the last line containing no more than 64 characters.
2. If the certificate is issued by an intermediate CA, the CA certificate needs to include a multi-level certificate chain. The certificate chain structure is as follows:
-----BEGIN CERTIFICATE-----
Intermediate CA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Root CA
-----END CERTIFICATE-----
The certificate chain rules are as follows:
There should be no blank lines between certificates.
All certificates should meet the certificate format requirements mentioned above.
Instructions for Converting Certificates to PEM Format
Generally, HTTPS certificates are in PEM format. For certificates in other formats that need to be converted to PEM format, it is recommended to use the OpenSSL tool for conversion. Below are methods to convert several popular certificate formats to PEM format.
DER to PEM
P7B to PEM
PFX to PEM
CER/CRT to PEM
The DER format is generally used on Java platforms.
Certificate conversion:
openssl x509 -inform der -in certificate.cer -out certificate.pem
Private key conversion:
openssl rsa -inform DER -outform PEM -in privatekey.der -out privatekey.pem
The P7B format is generally used on Windows Server and Tomcat.
Certificate conversion:
openssl pkcs7 -print_certs -in incertificat.p7b -out outcertificate.cer
You need to get the content between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" in outcertificate.cer to upload as certificate.
Private key conversion: Private keys can generally be exported on IIS servers.
The PFX format is generally used on Windows Server.
Certificate conversion:
openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
Private key conversion:
openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
```	
You can convert certificates in CER/CRT format by directly modifying their file extensions. For example, you can directly rename the "servertest.crt" certificate file as the "servertest.pem" certificate file.
﻿
﻿

Examples of CA Certificate Format and Certificate Chain Format
Instructions for Converting Certificates to PEM Format