This article explains how to set up customer origin groups for use with Azure block blob storage. Customer origin groups and support for Azure block blob storage are new capabilities. If your account has not been updated to use these capabilities, please refer to the External Servers (Customer Origin) article for information on how to set up a customer origin.
From the main menu, navigate to
If your account supports customer origin groups, it should look similar to the following illustration:
If it still uses the legacy method for customer origin configuration and therefore doesn't support customer origin groups, it will look like the following illustration:
Customer origin groups allow you to leverage our built-in support for connecting to new or preexisting Azure block blob containers. Contact your CDN account manager to upgrade your account to support customer origin groups.
Serve content stored from an Azure block blob container via the CDN by performing the following steps:
Optional. Prepare for HTTPS delivery by setting up a TLS certificate.
Certificate Provisioning System
Use our Certificate Provisioning System to self-service a TLS certificate.
Legacy HTTPS
Request a TLS certificate from your CDN account manager.
Create a customer origin group that either generates a new Azure block blob container or points to an existing one.
A customer origin group maps your origin (e.g., Azure block blob) to a CDN URL through which your content may be served. A CDN URL consists of a system-defined base URL followed by the relative path to your content.
Optional. Create an edge CNAME configuration.
Use an edge CNAME configuration to serve traffic via the CDN without having to update your links. This type of configuration maps a customer origin group to a CNAME recordA Canonical Name (CNAME) record is used to indicate that a hostname is an alias of another hostname. A CNAME record must be registered on a Domain Name System (DNS). This term should not be confused with edge CNAME..
Upload the desired content to your Azure block blob container.
Key information:
Upon creating a customer origin group, a dedicated CDN URLA system-defined URL that points to a CDN hostname. A CDN URL allows content delivery via our network. Simplify your CDN setup by also creating an edge CNAME configuration which potentially allows you to deliver traffic via the CDN using the same links as your current setup. is generated for it. The name assigned to your customer origin group is incorporated into this CDN URL. This allows our service to forward the request to the correct data source (i.e., your web servers) for the requested content.
Since CDN URLs are case-sensitive, note the case when assigning a name to a customer origin group.
This scenario assumes that you have created a customer origin group whose name is Marketing.
The following CDN URL uses the proper case:
The following CDN URL uses the incorrect case for the name of the customer origin group (i.e., Marketing) and therefore is invalid:
A list of origin groups are provided on the
Clear a search by clicking the x or searching for a blank value.
Searching for "cdn" would include all of the following results:
It would exclude all of the following results:
This section provides step-by-step instructions on how to create a customer origin group.
Key information:
Create a customer origin group that either generates a new Azure block blob container or points to an existing one.
New Container: Assign a name for the container that will be created within our Azure storage account and then select the location closest to your audience.
A customer origin group created for a new Azure block blob container cannot be modified. However, you may always regenerate the Shared Access Signature (SAS) URI associated with it.
Existing Container: Identify the desired container by specifying the name of your Azure storage account, the name of your Azure block blob container, and the location where it was created. Additionally, you will be required to authorize our access by providing either a Shared Access Signature (SAS) token (recommended) or access keys.
Specifying a location other than the one in which it was created will result in the creation of a new Azure block blob.
To create a customer origin group for a new Azure block blob container
In the Name option, specify a name that consists of 3 to 15 lowercase letters and numbers. This name will be assigned to the customer origin group and to the Azure block blob container being created.
This name will be incorporated into the CDN URL (e.g., http://wpc.0001.omegacdn.net/800001/Customer Origin Group).
To create a customer origin group for an existing Azure block blob container
In the Origin Name option, type the name of the Azure storage account that owns the desired Azure block blob container. This name will be assigned to the customer origin group being created.
This name will be incorporated into the CDN URL (e.g., http://wpc.0001.omegacdn.net/800001/Customer Origin Group).
In the Access Type option, select how you will authorize access to the specified Azure block blob container. Choose from either of the following options:
Access Key: Set the Access Key option to the key1 token and the Backup Key option to the key2 token.
SAS Token: Set the SAS Token 1 and SAS Token 2 options to your SAS tokens.
A shared access signature (SAS) provides delegated access to resources in your Azure storage account. This allows access to resources in your Azure storage account without having to sharing your access keys.
From the navigation pane on the left-hand side, select Shared access signature.
Grant all services, resource types, and permissions. Also, set an expiration date (e.g,. 1 year from now).
Our service requires authorization credentials to serve content from an Azure block blob container. Our system automatically manages these credentials for containers created by our service. Alternatively, if your customer origin group points to a container that you created via Azure, then you are responsible for managing your Azure authorization credentials.
A SAS grants limited access to Azure storage resources.
System-Generated Containers
You must use a Shared Access Signature (SAS) URI when authorizing uploads to Azure block blob containers created by our service.
Perform the following actions:
Azure-Generated Containers (Bring Your Own)
The recommend method for authorizing our service to request content from your Azure block blob containers is via a SAS token.
Attempting to authenticate requests to an Azure block blob container using an invalid or expired SAS token may result in a 403 Forbidden response for traffic served via this customer origin group.
Grant all services, resource types, and permissions when generating a SAS token.
Rotate your your SAS token on a regular basis (e.g., yearly). You may use an expiration date to enforce this policy. Update your customer origin group with a new SAS token prior to the expiration of the old one.
You may use your access keys to authenticate to your preexisting Azure block blob containerRefers to an Azure block blob container that was not created by our service.. However, if you regenerate your access keys, then you must also update your customer origin group with the updated access keys.
If a customer origin group is associated with outdated access keys, then traffic served through it may result in a 403 Forbidden response.
You may permanently delete a customer origin group.
Deleting a customer origin group for which an Azure block blob container was created will also delete the container. This will not occur when deleting a customer origin group that was configured to connect to a preexisting Azure block blob container.
If an edge CNAME points to a customer origin group associated with an Azure block blob container, then you will not be allowed to delete it. Delete the corresponding edge CNAME configuration and then delete the customer origin group.
It may take up to 45 minutes for customer origin group deletions to take effect.
To delete a customer origin group
The Name/Origin Name option uniquely identifies your customer origin group. This name is included as a URL segment within a CDN URLA system-defined URL that points to a CDN hostname. A CDN URL allows content delivery via our network. Simplify your CDN setup by also creating an edge CNAME configuration which potentially allows you to deliver traffic via the CDN using the same links as your current setup. as indicated below.
Syntax:
Set up a friendlier and shorter URL (i.e., edge CNAME URLThis type of URL takes advantage of an edge CNAME configuration and a CNAME record to provide a friendlier alternative to a CDN URL. An edge CNAME URL is specific to the platform from which it was configured.) by creating an edge CNAME configuration and defining a CNAME record.
Learn more.
The name assigned to your customer origin group cannot be modified.
CDN and edge CNAME URLs are case-sensitive.
If the primary purpose of your web servers is to serve images, then you might create a customer origin group called images. An example of what a CDN URL for this type of customer origin might look like is provided below.
Sample CDN URL:
http://wpc.ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the MCC..omegacdn.net/80ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the MCC./imagesIdentifies a customer origin group by its directory name.
The above sample CDN URL points to the webroot on the server(s) associated with the images customer origin group. Append the desired relative path to the content that you would like to request. This relative path is highlighted in the following sample CDN URL:
Manage your content and block blobs using any of the following tools:
Azure Storage client library for:
Leverage a SAS URI to access your Azure storage account.
Azure Storage Explorer provides an intuitive UI to easily upload, download, and manage blobs within your storage account.
From the Connect to Azure Storage dialog box, select the Use a shared access signature (SAS) URI option and then click Next.
From within the MCC, copy the desired container's SAS URI.
From within Azure Storage Explorer, paste your SAS URI into the URI option and then click Next.
The Display Name option will auto-populate upon pasting your SAS URI.