Skip to main content

Origin Advanced Settings

You can define advanced settings such as custom ports, timeouts, and more under Origin's Advanced Settings. However, it's important to note that not all CDN providers support every custom setting.

Editing Origin Advanced Settings

To edit origin advanced settings:

  1. Navigate to your Service.
  2. Select the Origins tab.
  3. Identify the origin you want to update and click on the Edit icon.
  4. In the origin form, click on Advanced Settings.
  5. Fill in the advanced settings as required:
    • HTTP PORT and HTTPS PORT – Custom ports for HTTP and HTTPS protocols. Default values are 80 (HTTP) and 443 (HTTPS).
    • Timeout – Set a custom timeout for requests to the origin.
    • Verify TLS – Enable or disable TLS certificate verification for the origin.
    • Private S3 – Configure access to a private S3 bucket (see Private S3 Bucket Origin below).

Private S3 Bucket Origin

To restrict public access, you can configure your origin as a private S3 bucket. In this case, the CDN will require access key and secret credentials to fetch content from the bucket.

Configuring a Private S3 Origin

  1. Enable Private S3 in the origin advanced settings as described above.
  2. Click on Update Credentials.
  3. Provide your Access Key and Secret Key, then click Save.

Notes:

  • The provided Access Key and Secret Key must have permissions to access the private S3 bucket.
  • If you are using CloudFront, you also need to define a bucket policy (see below). CloudFront only supports private AWS S3 buckets, not other types of S3-compatible storage.

Setting Up a Bucket Policy for CloudFront

To allow CloudFront to access a private S3 bucket, you must configure an access policy for the bucket. You can grant access at either:

  • Distribution level – Restricting access to a specific CloudFront distribution.
  • AWS Account level – Allowing access for all IO River services under a specific AWS account.

Example Policy:

Replace BUCKET_NAME with your S3 bucket name, and ACCOUNT_ID with the AWS account ID of your CloudFront distribution.

{
  "Version": "2008-10-17",
  "Id": "PolicyForCloudFrontPrivateContent",
  "Statement": [
    {
      "Sid": "AllowCloudFrontServicePrincipal",
      "Effect": "Allow",
      "Principal": {
        "Service": "cloudfront.amazonaws.com"
      },
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::BUCKET_NAME/*",
      "Condition": {
        "StringLike": {
          "AWS:SourceArn": "arn:aws:cloudfront::ACCOUNT_ID:distribution/*"
        }
      }
    }
  ]
}