Fastly CDN

While Fastly is a newer CDN compared to some others, it’s a reliable platform that offers a range of services, including DDoS mitigation.

How to Install and Configure Fastly CDN

In order for Fastly to serve your site over HTTPS (recommended), you’ll need to have a paid plan at Fastly so you can add an SSL certificate.

If you don’t already have a Fastly account, visit their signup page to get started.

Step 1 – Name Your Service

Log into your Fastly account and name your service, click Options > Edit service name, enter the new name, and then click Apply.

Naming your service at Fastly.
Naming your service at Fastly.

While this isn’t strictly required, it’ll help you keep things organized, especially if you add any additional services later on.

Step 2 – Add Your Domain

Add your domain in the field provided under the Domains heading.

Due to DNS constraints, using the www-version of your domain name (e.g. www.example.com) rather than the apex/non-www version of your domain is generally recommended.

If you must use an apex domain, check out this guide to Using Fastly with apex domains.

Adding your domain at Fastly.
Adding your domain at Fastly.

Step 3 – Add Your Host

To add your host, either click on the host link in the steps shown near the top of the page or click Hosts under Origins in the left sidebar menu.

Your hostname is hosting.kinsta.cloud or your Site IP address. This needs to be one of those (instead of the primary domain) because the primary domain has to be pointed to Fastly to take the service live. While you could technically use the temp domain as your hostname, we recommend using hosting.kinsta.cloud instead because the temp domain can be removed from the site.

Type or copy and paste in your hostname and click the Add button.

Adding your origin at Fastly.
Adding your origin at Fastly.

Step 4 – Configure Your Hostname

Once you’ve added the hostname for your origin, click the edit (pencil) icon next to your hostname and configure the following fields:

  • Name: This is a label for the origin, so it can be anything you want. (Default is “Host 1” or similar).
  • Address: hosting.kinsta.cloud or Site IP address.
  • TLS from Fastly to your host: Yes.
  • Verify certificate? Yes.
  • Certificate hostname: Your site’s primary domain at Kinsta.
  • SNI hostname: Your site’s primary domain at Kinsta.

Note: If your site at Kinsta has a different primary domain than the domain used at Fastly, please see the additional information for this under When You Should Set Host Override below.

Step 5 – Activate Fastly

Now that you have your domain and origin details configured, you’re ready to activate your Fastly service. To do so, click the Activate button near the upper right corner of the page.

Activating the service won’t affect your live site just yet; this will just save your origin server and domain details in your Fastly service.

Activating your Fastly service.
Activating your Fastly service.

Step 6 – Test Your Service

Now it’s time to test your service to make sure it’s working as expected before you make it live.

This is another step that isn’t technically required but strongly recommended in case any adjustments are needed before making your service live (which will affect your live site).

To test your domain, click Domains > Test domain on your domain name, which will open your test domain in a new tab in your browser.

Opening your Fastly test domain.
Opening your Fastly test domain.

Your test domain’s URL will look like: http://example.com.global.prod.fastly.net (replace www.example.com with your domain name). You can bookmark or send that to someone else if needed.

Step 7 – Add TLS

After confirming your website looks good on the test domain, it’s time to add TLS so your site will be loaded over HTTPS.

Fastly offers a couple of different options for TLS, but we’ll only be covering the Fastly-managed certificates option here.

If you need to upload a third-party certificate at Fastly, that option is available for an additional fee, and you’ll need to follow their guide for using certificates you manage instead of the instructions here.

  1. Click on the Configure link in the primary navigation (at the top of the page), then click on the HTTPS and network tab in the secondary navigation bar (below the primary navigation bar).
  2. If this is your first time setting up TLS on a domain in Fastly, click on the Get started button below the “Add HTTPS to your domains” heading. Otherwise, click the Secure another domain button on the right side of the page. In the dropdown that appears, select Use certificates Fastlyobtainsfor you.
  3. On the Enter subscription details page:
    1. Put in your domain name and click the Add button.
    2. Select Let’s Encrypt as the certification authority.
    3. Leave TLS configuration on the default of TLS 1.3.
    4. Click the Submit link.
  4. On the TLS subscription details page, click on the View link under Verification Details.
    Viewing your domain verification details for SSL in Fastly.
    Viewing your domain verification details for SSL in Fastly.
  5. In the pop-up that appears, click the copy (clipboard) icon to copy the target for custom CNAME you’ll need to add to your DNS records for verification.
    Copying your domain verification CNAME record in Fastly.
    Copying your domain verification CNAME record in Fastly.
  6. To enter your custom CNAME record, log into where you manage your domain’s DNS. We’ll show you how to create this custom CNAME in Kinsta’s DNS as an example here. If you use a different DNS provider (this may be your registrar or other DNS hosting, depending on where you have pointed your domain’s nameservers), the steps may be a little different.
    1. Click on DNS in the left sidebar navigation in MyKinsta.
    2. Click on the domain you want to add a DNS record to.
    3. Click the Add a DNS record button.
    4. Click the CNAME tab and add your Hostname and Points to values. The Hostname needs to be in the format _acme-challenge.www.DOMAIN_NAME (e.g., _acme-challenge.www.myawesomesite.com) and the Points to value needs to be the target you copied from the Verify domain ownership pop-up at Fastly. Click the Add DNS record button to save your new CNAME record. Note: It may take up to 1 hour for the DNS record to propagate.
      Adding your domain verification CNAME in Kinsta's DNS.
      Adding your domain verification CNAME in Kinsta’s DNS.

Step 8 – Make it Live

Once TLS is set up on your Fastly service, you’re ready to take it live. This is done by pointing your domain’s www CNAME to Fastly. The steps to add a CNAME may vary depending on your provider. We’ll use Kinsta’s DNS as an example again here.

  1. If you aren’t already in DNS in MyKinsta, click on DNS in the left sidebar navigation.
  2. Click on the domain you want to add a DNS record to.
  3. If you already have an existing CNAME record for the www hostname, click the Edit (pencil) icon to update it. Otherwise, click the Add a DNS record button.
    1. Hostname: www
    2. Points to: j.sni.global.fastly.net
  4. Click the Change DNS record button (updating a DNS record) or Add DNS record button (adding a new DNS record) to save your DNS record. Note: It may take up to 1 hour for this DNS change to propagate.
    Pointing your domain’s www CNAME to Fastly in Kinsta's DNS.
    Pointing your domain’s www CNAME to Fastly in Kinsta’s DNS.

That’s it for setup and configuration.

Troubleshooting Common Issues With Fastly CDN

Even if the setup process went through smoothly, it could be the case that you might experience some issues. Here below, we’ve grouped tips on how to troubleshoot the most common ones, along with some advanced settings.

Changes Aren’t Showing up on Your Site

Serving your site through Fastly adds an additional layer of caching that will need to be cleared anytime you need to clear the cache. If you’re having trouble seeing changes on your site or a plugin isn’t behaving as expected after installing or reinstalling, be sure you clear cache at all layers, including:

  1. Plugins (if applicable)
  2. Themes (if applicable)
  3. Site/server cache at Kinsta (from either MyKinsta or the Kinsta MU plugin)
  4. Caching at Fastly
  5. Browser cache

IP Address Blocked by False Positive

If you have DDoS mitigation or bot detection enabled at Fastly and you or a site visitor are being incorrectly blocked from viewing your site, this may be due to a false positive. If this happens, you’ll need to work with both Fastly support and our Support team at Kinsta to track down where the block is occurring.

HTTP-HTTPS Redirect Loops or TLS Version Errors

If you see a redirect loop or TLS version error on your site, check the following settings:

  1. Make sure the HTTPS/TLS options from Fastly to the Origin match (Origin > Hosts > Show all details).See step 4 above.
  2. Make sure the hostname matches your Kinsta domain. See step 3 above.

When You Should Set Host Override

By default, the host header at Fastly will be the domain you set at Fastly. For your Kinsta site to recognize the request, the host header needs to match a domain in the site’s domains list.

That means if the domain you’re configuring at Fastly is not in your site’s domains list at Kinsta, you’ll need to set the host override for the origin that requests content from Kinsta. That host override needs to be a domain that is in your site’s domains list at Kinsta.

For example, if you’re configuring example.com at Fastly but only have example.kinsta.cloud in your site’s domains list at Kinsta, you’ll need to set the host override for the origin pulling from Kinsta to be example.kinsta.cloud.

Serverless Computing

This can be used for other paths or subdomains that aren’t hosted at Kinsta (e.g. for API calls or other paths outside of your WordPress site).

Fastly WordPress Plugin

Fastly offers a plugin that makes managing many of your settings from your WordPress dashboard possible.

Once the plugin is installed and activated, fill in your service ID and API token on the Fastly General settings page in your WordPress dashboard.

Instructions for finding and creating those are linked from that page. Be sure to save those entries before testing the connection.

Summary

If you run into any issues with Fastly, we’re happy to help investigate any issues on the server side, but you’ll need to work with Fastly’s support team or your developer for troubleshooting the Fastly side of things.

Be sure to subscribe to our newsletter to stay up to date with our Cloudflare integration updates (and new content every week).

Was this article helpful?