This is a Fastly Compute@Edge app that automatically generates signed exchanges (SXGs) for your site. It enables the site to be prefetched from Google Search in order to improve its Largest Contentful Paint, one of the Core Web Vitals.
The Google SXG Cache may reuse an SXG for several visits to the page, or for
several users (until SXG expiration). Before installing this app with a
production certificate, follow these
instructions
to ensure all signed pages are compatible with such reuse. To opt some pages
out of signing, set the Cache-Control
header to include private
or
no-store
in the upstream server.
The Google SXG Cache tries to update SXGs
often,
but may reuse them for up to 7 days. To ensure they expire sooner, set
s-maxage
or max-age
on the Cache-Control
header on the upstream server.
-
Install Fastly CLI.
-
Install Fastly CLI local dependencies.
-
Clone this repo and cd into the current folder.
git clone https://github.com/google/sxg-rs.git cd sxg-rs/fastly_compute/
All following steps in this
README.md
should be done in this folder. -
Get an SXG-compatible certificate using these steps.
-
Create your config input file from the template input.example.yaml.
cp input.example.yaml input.yaml
-
Replace every instance of
YOUR_DOMAIN
with your domain name, for example, inhtml_host
. -
For private key
- Parse your private key to base64 format.
go run ../credentials/parse_private_key.go <../credentials/privkey.pem
- Put the base64 string to
input.yaml
as sxg_private_key_base64.
- Parse your private key to base64 format.
-
-
Run following command.
cargo run -p tools -- gen-config --input input.yaml --artifact artifact.yaml --platform fastly
This command will create a new Fastly compute service and create a
fastly_compute/fastly.toml
that is used by thefastly
command.- It is not recommended to directly modify the generated
fastly.toml
, because your changes will be overwriten when you runcargo run -p tools -- gen-config
again.
- It is not recommended to directly modify the generated
-
Modify the WASM service in Fastly.
-
Add a domain to the service. This domain will be the final entrypoint of the SXG service.
-
Add your original server, which serves your HTML website, as a backend to the service. Put it to
config.yaml
ashtml_host
(seeconfig.example.yaml
). Edit the backend and change its name fromHost 1
toOrigin HTML server
. -
Add the OCSP server (such as
ocsp.pki.goog
orocsp.digicert.com
) as a backend to the service. Edit the backend and change its name fromHost 1
toOCSP server
, and change the port fromTLS 443
toNon-TLS 80
.
-
-
Run
fastly compute publish
.- During this step,
fastly
command will generate a random domain name (for examplerandom-funky-words.edgecompute.app
), which is the domain your Fastly worker is deployed on. We refer this domain asWORKER_HOST
.
- During this step,
-
If you are using certificates through ACME
-
Set the config of your original HTTP server (of
YOUR_DOMAIN
), and make surehttp://YOUR_DOMAIN/.well-known/acme-challenge/*
is redirected tohttps://WORKER_HOST/.well-known/acme-challenge/$1
. -
Run
cargo run -p tools -- apply-acme-cert --artifact artifact.yaml --use-fastly-dictionary
.
-
-
To check whether the worker generates a valid SXG, use Chrome browser to open
https://${WORKER_HOST}/.sxg/test.html
. -
Configure Fastly caching so that it doesn't serve SXGs to non-SXG request. Either:
- Include in the cache key, a boolean of whether the
Accept
header matches this regex. - Include conditional logic that bypasses the cache if the
Accept
header matches that regex. - Disable caching.
- Include in the cache key, a boolean of whether the
-
Read on for next steps.
The certificates need to be renewed every 90 days.
-
If you are using ACME:
- Run
cargo run -p tools -- apply-acme-cert --artifact artifact.yaml --use-fastly-dictionary
. - Alternatively, you may run
cargo build -p tools
once and then runtools apply-acme-cert --artifact artifact.yaml --use-fastly-dictionary
every 90 days.
- Run
-
If you are not using ACME,
- Follow these steps to renew the certificate.
- Run
fastly compute publish
to restart the worker.