I have a CDN that serves our static content. From Internap.
To make the CDN urls in my html a bit more palatable, I have a "CNAME" entry in my DNS settings:
cache.mysite.com
=> CNAME points to Internap
The Internap server is an origin pull server. So my domain has a "/public_html/cache" folder that is pointed to the CDN.
There are files I am putting here that I would like to serve only from my own domains.
Also important is that my site is behind Nginx. That's the front server, and serves all static files like ttf/woff/eot/css/js/gif, etc. Only the PHP needs are proxied in the backend to Apache.
I came across the "access-control-allow-origin" directive. Nginx has a way to do this too (useful ServerFault article and a useful StackOverFlow article too), but I want to limit the access from some domains only, which I own.
The reason I'm a little confused is because I have three layers in serving the fonts and managing access:
- CDN
- Nginx static server
- Apache (probably not needed at all as Nginx serves the file to the CDN, and then the CDN takes over?)
My questions:
- How should I specify some select domains in Nginx. The "*" is really not what I need. Will this work for my domains and also covering related subdomains--
location ~* \.(eot|ttf|woff)$ { add_header Access-Control-Allow-Origin *.domain1.com,*.domain2.com }
Where inside Nginx should I specify this block. In the vhost file related to the specific domain from which I'm serving fonts (
cache.mysite.com
mentioned earlier) or in the overall Nginx config?Do I need the Apache stuff at all? If Nginx is handling the webfont formats already and controlling access to it.
Thanks!