CDN Component Installation

To configure the GoodData.CN solution for environments where you want to serve static content from a Content Delivery Network (CDN) you need to update the Helm chart values to point to the CDN URL and modify the Content Security Policy (CSP) directives.

Note that we have tested CDN support using AWS CloudFront, however other CDN providers should work as well.

Step 1: Prepare CDN

Configure an existing GoodData.CN organization as a CDN upstream origin server.

Steps:

  1. Define the organization’s hostname as the upstream origin server, from which static assets will be downloaded if not found in the CDN cache.

  2. Ensure the organization’s hostname is accessible from the CDN service by updating network ACLs or security groups to allow inbound traffic from the CDN to your load balancer serving the chosen organization as the upstream origin.

While any organization can be used for this purpose, we recommend creating a separate organization (without users, data sources, etc.) dedicated solely to serving the CDN.

Configure Static Content Paths

Ensure that the static content paths are correctly set to be served from the CDN. The paths you need to configure are:

  • /dashboards/*
  • /analyze/*
  • /metrics/*
  • /modeler/*
  • /components/*
  • /demoResources/*
  • /static/*
  • /images/*
  • /embedded/*

These paths will use the organization created earlier as the upstream origin server.

Step 2: Update Helm Chart

Update Helm Chart values with CDN setup.

Steps:

  1. Add the following configuration to your Helm chart to specify the CDN URL:

    cdn:
    url: "https://<cdn_url>"

  2. Update the metadataApi.globalCspDirectives Helm option to include the CDN in the CSP directives:

    metadataApi:
    globalCspDirectives:
        font-src: <other_custom_policies> <cdn_url>
        frame-src: <other_custom_policies> <cdn_url>
        manifest-src: self <cdn_url>
        script-src: <other_custom_policies> <cdn_url>
        style-src: <other_custom_policies> <cdn_url>
        img-src: <other_custom_policies> self data: blob: <cdn_url>

  3. After updating the chart values, apply the modified values to your GoodData.CN deployment.

CORS Considerations

CORS is necessary when serving fonts from a CDN because it enables the browser to securely fetch resources from a different origin than the one hosting the GoodData.CN web application, thereby preventing security issues such as data theft or unauthorized access.

When serving fonts from a CDN, ensure that the origin header is forwarded to the upstream service. Depending on your security requirements, configure the Access-Control-Allow-Origin request header to appropriate values — either to your white-labeled GoodData.CN domain (e.g., Access-Control-Allow-Origin: https://your-domain.com) or to * to allow any domain to access the resource.

You can use any third-party CDN, such as CloudFront, to achieve this configuration.

Execution limits