My Own Private CDN

Hosting my own CDN has long been a completely irrational goal of mine. Wouldn't it be neat, I'd think, if I could tweak every knob instead of relying on CloudFront to do the right thing? Recently I read this article by Janos Pasztor about how he built a tiny CDN for his website. This just proves to me that at least it's not an uncommon irrational thought.

Yesterday I decided to actually start building something. Even if it doesn't make it into production, I'll at least have learned something.

Technical Goals

  • Centrally manage all of the dozen or so sites that I run
  • Automatically generate and renew LetsEncrypt certificates, both for publicly-facing sites and my own private sites. This means using the dns-01 challenge instead of using the easier to understand http challenge.
  • Easily add new cache nodes with authenticated curl | sudo bash
  • Automatically reconfigure nginx on the cache nodes when certificates roll or sites change
  • Easily host sites anywhere, including the internet-inaccessible server in my basement
  • Stop paying so much for bandwidth. Transfer is $5/tb/mo from DigitalOcean vs $$$$ for CloudFront.

Additionally, I really want to learn how LetsEncrypt works. certbot is great but it is very much a black box to me. Command-line arguments in, certificates out. If I write my own management system I can actually learn how the guts work.

Current Status

  • basic Rails app that knows about sites and proxies
  • creating or updating a site (re)generates a LetsEncrypt certificate for all of the domains that point at that site
  • wildcard domains are fully supported
  • authenticated endpoint that generates a zip file of all of the certificates and private keys

Next Steps

  • Automatic certificate refresh using something like Sidekiq Cron
  • Deploy onto the server in my basement on my ZeroTier network
  • Move all of my existing LetsEncrypt certbot crons into this system
  • Provision a POP by hand and then automate the steps to provision another one

If you'd like to follow along I put the project up on GitHub. I'll also be posting updates here as I go.


Want more stuff like this? Sign up for my mailing list. I post everything there a week before I post it here.

Want more? Get emails from me about coding, computers, finance, and business.

I will never send you spam. You can unsubscribe at any time.