Hosting octopus server behind CDN (akamai)

(sohail.malik) #1

Hello

Wanted to know if i can put our installation of octopus deploy behind a CDN (Akamai). Is there any known issues i should be aware off etc.

thanks

(Dane Falvo) #3

Hi Sohail,

This is the first time I’ve seen this sort of configuration question come up. As such, I do not have much familiarity with regards to issues that you might face.

I am happy to go to my team and discuss further, however I would need a bit more information so that we can discuss your deployment plan exactly.

What exactly would you be trying to do via the CDN?
What are you hoping to achieve or overcome by deploying it behind a CDN?

Please provide as much information as you can and details about your intended configuration and I can discuss with the team to see if we can envisage any possible red flags

Regards,

Dane

(sohail.malik) #4

Hello Dane

The requirement for putting it behind a CDN specially Akamai is caching of the static assets and having this behind a WAF (Web Access firewall) the main reason is the firewall
piece. Since the url is exposed externally and a potential vulnerability of getting attacked like DDos etc.

Caching of static content is just a nice to have, since we have users from around the globe accessing our octopus instance.

But to put the url for our octopus server behind the Web Access firewall in Akamai it has to also go thru the CDN piece even thou we might not do any caching.

Let me know if additional details are needed.

Thanks

Sohail.

(Dane Falvo) #5

Hi Sohail,

This seems like a reasonable use case. The Web Access Firewall seems like a good value add from akamai.

I’ve reached out to the wider team to find out there thoughts. Although we don’t officially support putting Octopus behind a CDN, it’s not for any specific reason. Your experience with Octopus on the Akamai platform might go flawlessly, or it might be troublesome.

You will need to pay special attention to the way the CDN handles Certificates. You may hit some issues with trust after a tentacle communicates through the CDN. Here’s some detail around how tentacles communicate with the Octopus Server. https://octopus.com/docs/security/octopus-tentacle-communication

I would really like to know how you go, utilising the CDN for your static assets.

Good luck!

Regards,

Dane