This article will explain the core concepts of an Engine, including how to create a new engine, with and without a custom delivery address, and the available settings for engines.
Key terms
Engine: an Engine is a relationship among the Delivery Address, ImageEngine Address, and Origin to handle requests and deliver optimized images.
Delivery Address: A Delivery Address is a URL that can be used to access Images for use through ImageEngine.
The Delivery Address is used in an image URL, either replacing the original domain name or by prefixing the entire original URL. For more on usage, please see the Implementation overview article! For platform-specific integration guides, please see that section of our support guides
Growth and higher account users gain the ability to customize the Delivery Address to be a subdomain of a domain that they own.
For instance, if the website is "mycoolwebsite.com", a delivery address such as "images.mycoolwebsite.com" could be created.
If the Delivery Address is not customized, then the Delivery Address is identical to the ImageEngine Address.
ImageEngine Address: The ImageEngine Address handles your account’s images on the imgeng.in domain, and ends with our *.Imgeng.in domain
The ImageEngine Address is the same as the delivery address unless it is a custom address. In this case, the ImageEngine Address must be used in a DNS CNAME record that will pass requests from the custom Delivery Address to the ImageEngine Address.
Origin: Each Engine has an origin, where the images are hosted or stored. The images can be on a web server accessible via HTTP or HTTPS, or cloud-based storage.
ImageEngine does not require you to move or upload images anywhere.
For more on engines please see this article: Image Origins
Graphically, this is what the environment looks like, assuming a customized delivery address:
Create a New Engine
To create a new Engine, go to the Engines list and click on the “Create Engine” button.
You can also use the + sign button in the top left of the navigation bar, just below the ImageEngine Logo:
The Create a new engine screen will appear:
Define an Origin
Upon creating a new engine, the first thing that must be done is to select an Origin.
If no Origins are present, one must be created before the Engine may be created. You may always adjust the origin associated with the Engine later if needed!
For more discussion of origins, their creation, and settings please see this article: Image Origins
Complete engine configuration
Once you have entered the required information for the origin, click "Create Engine" at the bottom of the form.
This will create an address in the following pattern that is immediately ready for use:
https://xxyyzz.cdn.imgeng.in
In the case of using an ImageEngine-generated address for serving images, the SSL certificate for *.imgeng.in covers the address and HTTPS is immediately available. No additional steps are required to use the Delivery address as HTTPS, and you may immediately proceed to implement the Engine on your site.
These are the only two steps required to create a basic engine. For additional settings, such as
- Modify the Origin in use by the Engine
- Allowing Origin Prefixing
- CORS Management
- Prioritizing Regions
See their sections later in this article.
If you require a customized address, keep reading!
Optional: Choose whether to automatically generate a delivery address (Growth or higher and Pro only)
Growth or higher and Pro level subscriptions have access to creating Engines with Custom Delivery Addresses.
If your account is a trial or Starter-Level subscription, this option does not appear, upgrade your subscription to gain access to this feature.
If a custom Delivery Address is not required, leave the delivery address creation option to generate the delivery address 'automatically", and click confirm to proceed.
This will create an address in the following pattern that is immediately ready for use:
https://xxyyzz.cdn.imgeng.in
In the case of using an ImageEngine-generated address for serving images, the SSL certificate for *.imgeng.in covers the address, and HTTPS is immediately available. No additional steps are required to use the Delivery address as HTTPS, and you may immediately proceed to implement the Engine on your site.
NOTE: If you do not use the option to automatically create the address, additional steps will be required to use HTTPS. This will involve making changes to your website’s Domain Name Server (DNS), and must be done by someone with administrative access to that system.
Activating a Custom Delivery address.
If you wish to proceed with a custom address, provide an address for a subdomain under your control, and submit the form.
For instance, if you are implementing ImageEngine on Foo.com, you might use a subdomain such as media.foo.com, or images.foo.com
When a new Engine with a custom Delivery Address is created, the engine overview will show the following message: "Engine is not ready to serve traffic!"
To resolve this message, you will need to
- Add an ImageEngine-provided TLS/SSL Certificate validation record to your site's DNS
- Add a CNAME record for the Delivery address back to its ImageEngine address
You can find the steps for completing the custom delivery address set up in the Delivery Address article
Please see the Implementation Overview and our integration guides for further implementation information.
Verify Implementation
After creating a new engine, a label will be present that states, "Implementation not verified'. Please note that this does not mean that the engine is not ready for use but that ImageEngine has not yet received inbound requests from your engine. Once the engine has been in use for a short period this label will disappear and be replaced with a green label that states "Verified".
The message may also be cleared proactively by using the verify implementation tool in the Setup steps by submitting the URL of a page with your Engine in use or by using the option to skip verification.
Modifying Optional Engine Settings
The Settings for an Engine can be accessed from the “All Engines” screen:
From a specific engine’s overview page, you can access the Engine’s Edit menu:
Or from the navigation bar after expanding the menu for the engine:
Engine options
Use the tabs to navigate the options. Here you may change several options for the engine:
- Modify the Origin in use by the Engine
- Allowing Origin Prefixing
- CORS Management
- Prioritizing Regions
- 3rd Party CDN support
- Advanced Settings
- Engine Deletion
Modify the Origin in use by the Engine
An Engine must be connected to an Origin to allow its delivery address to serve images.
Origin Prefixing
Defaults to "Off." “Origin Prefixing” is a feature that allows an engine’s Delivery Address to prefix any other image URL on the internet. For example, if the Delivery Address registered is `img.foo.com` you can put this in front of any other URL resolving to an image: //img.foo.com/https://www.website.com/image.png.
This feature is convenient for testing, or in cases where it is impractical to modify only the domain of an image’s URL.
For added security, you may provide a list of Origin hostnames permitted to use the prefixing feature. If the prefixed image URL is not from one of the provided Origins, ImageEngine will throw an error, preventing illegitimate usage.
For more information on prefixing as an implementation strategy, please see the Implementation Overview article.
CORS Management
Cross-Origin Resource Sharing (CORS (external link)) is a security feature based on HTTP-headers which is meant to indicate which Origins should be allowed to assess resources on a server. By default, this feature is enabled.
This section specifies the allowed Origins, methods, and headers. Multiple Origins can be entered. ImageEngine will respond with only one Origin if a match exists between the actual Origin and the list of allowed Origins. The Origin should usually be * or the domain name of your website, for example, https://foo.com.
The “Suggest Values” button sets liberal values that will most likely work for your site but allows other Origins access. The default selection is only "GET"
Any headers defined here will overwrite the same headers returned from the Origin server.
- “Origins allowed to access resources on this Engine” will populate the Access-Control-Allow-Origin response header. Read More (external link)
- “HTTP methods allowed” will populate the Access-Control-Allow-Methods response header. This Defaults to “GET” Read More (external link)
- “Allowed HTTP request headers” will populate the Access-Control-Allow-Headers.
Multiple values must be comma-separated. For example, x-requested-with, content-type. Read More (external link) - “Lifetime of a “preflight” request” populates the Access-Control-Max-Age response header. Read More (external link)
Other CORS-related headers, such as Access-Control-Allow-Credentials
or Access-Control-Expose-Headers
should be added if using a custom HTTP response header.
Referrer Management
Referrer management allows you to control which websites (hosts) are referring to the images served by the engine.
Given a list of hostnames, you can choose whether this list should be allowed or denied to refer to images.
Strict referrer check with ImageEngine
With ImageEngine you can prevent unwanted 3rd party websites to display your images.
ImageEngine offers both a simple "referrer check" which will reject image requests where the referer HTTP header has a value which is not whitelisted.
However, the referer HTTP header can't always be trusted and it might be missing.
If you still want to prevent random sites on the internet to display your images and steal your bandwidth, you can enable "strict mode" in the ImageEngine Control Panel.
Load Images with CORS
Put short, CORS provides a layer of security to HTTP requests.
When images are loaded using CORS, the origin request header is set.
When "Strict Mode" is enabled, ImageEngine will require either the referer header or the origin header to contain a value from the whitelist. All other requests will be rejected with a 403 response error.
To load images using CORS the <img>
element must contain the attribute crossorigin="use-credentials"
like this:
<img src="https://xyz.cdn.imgeng.in/img.png" crossorigin="use-credentials" alt="CORS request">
This will instruct the browser to load the image with CORS, which utilizes the browser's built in security mechanisms.
Please make sure that your engine also have CORS enabled in the settings. This is important because the browser require certain HTTP headers to be set. If needed you can also add additional response headers manually.
Prioritize Region
Enable this to provide our engineering team insight into what geographic regions will be served with this engine. We will use this information to better understand how it will be used and to adjust elements of our CDN to improve performance.
3rd Party CDN support
Depending on your plan, ImageEngine may support being the origin of a 3rd party CDN.
ImageEngine will detect and adapt its optimization strategy to the 3rd party CDN automatically.
Enabling this feature will disable some features in the control panel which may impact the strategy in a negative way or are superfluous in this scenario. If you know you're using a CDN in front of ImageEngine, it is recommended to enable this feature for your own convenience.
Advanced Settings
The Advanced Settings tab lets you modify ImageEngine's default behavior when serving content. You can adjust image compression, what formats to serve, override TTL settings, etc.
The number of options available is too large for this article, please see this article for descriptions of the settings available and instructions on setting up Advanced Engine settings: Customize Advanced Engine Settings
Delete Engine
You will find the option to delete the engine at the top right of the Engine settings screen. Click on it, and you will be prompted to confirm the action:
WARNING: There is no method to recover a deleted engine. Please ensure no traffic is being served using the engine before deletion. If the Engine is deleted while there are still Images using it, the links will break and serve 404s.
Comments
0 comments
Please sign in to leave a comment.