diff --git a/faq/assets/edge-services.webp b/faq/assets/edge-services.webp
new file mode 100644
index 0000000000..66aed186b8
Binary files /dev/null and b/faq/assets/edge-services.webp differ
diff --git a/faq/edge-services.mdx b/faq/edge-services.mdx
new file mode 100644
index 0000000000..36599773b3
--- /dev/null
+++ b/faq/edge-services.mdx
@@ -0,0 +1,27 @@
+---
+meta:
+ title: Edge Services FAQ
+ description: Get answers to the most frequently asked questions about Scaleway Edge Services. Learn about compatible products, billing, key features, and more.
+content:
+ h1: Edge Services
+hero: assets/edge-services.webp
+dates:
+ validation: 2024-07-24
+category: network
+---
+
+## What is Edge Services?
+
+Edge Services is a feature for Scaleway Load Balancers and Object Storage buckets, currently available in [Public Beta](https://www.scaleway.com/en/betas/). It provides a [caching service](/network/edge-services/how-to/configure-cache/) to improve performance by reducing load on your [origin](/network/edge-services/concepts/#origin), and a customizable and secure endpoint for accessing content via Edge Services, which can be set to a subdomain of your choice.
+
+## Which products are compatible with Edge Services?
+
+Edge Services is currently available for Scaleway [Object Storage buckets](/storage/object/) and Scaleway [Load Balancers](/network/load-balancer/).
+
+## How much does Edge Services cost?
+
+Since Edge Services is currently in Public Beta, it is free to use and not billed. Users will be warned before it goes into General Availability and becomes billable. Pricing will be based on subscription plans.
+
+## If I customize my Edge Services endpoint with my own domain, can it serve content over HTTPS?
+
+Yes, if you choose to [customize your Edge Services endpoint with your own subdomain](/network/edge-services/how-to/configure-custom-domain/), you are prompted to generate or upload an SSL/TLS certificate for that subdomain so that Edge Services can serve content over HTTPS. This certificate can either be a Let's Encrypt certificate generated and managed by Scaleway, or you can import your own certificate. If you import your own certificate, it will be stored in Scaleway Secret Manager, and [billed accordingly](https://www.scaleway.com/en/pricing/security-and-account/).
\ No newline at end of file
diff --git a/menu/changelogs.json b/menu/changelogs.json
index eece32a6f5..0dd866f294 100644
--- a/menu/changelogs.json
+++ b/menu/changelogs.json
@@ -189,6 +189,10 @@
"category": "load-balancers",
"label": "Load Balancers"
},
+ {
+ "category": "edge-services",
+ "label": "Edge Services"
+ },
{
"category": "domains-and-dns",
"label": "Domains and DNS"
diff --git a/menu/navigation.json b/menu/navigation.json
index 97d4f1a3b1..2466527f75 100644
--- a/menu/navigation.json
+++ b/menu/navigation.json
@@ -3127,6 +3127,72 @@
"label": "Load Balancers",
"slug": "load-balancer"
},
+ {
+ "items": [
+ {
+ "label": "Overview",
+ "slug": "../edge-services"
+ },
+ {
+ "label": "Concepts",
+ "slug": "concepts"
+ },
+ {
+ "label": "Quickstart",
+ "slug": "quickstart"
+ },
+ {
+ "label": "FAQ",
+ "slug": "../../faq/edge-services"
+ },
+ {
+ "items": [
+ {
+ "label": "Create an Object Storage pipeline",
+ "slug": "create-pipeline-bucket"
+ },
+ {
+ "label": "Create a Load Balancer pipeline",
+ "slug": "create-pipeline-lb"
+ },
+ {
+ "label": "Configure a custom domain",
+ "slug": "configure-custom-domain"
+ },
+ {
+ "label": "Configure a cache",
+ "slug": "configure-cache"
+ },
+ {
+ "label": "Monitor with Cockpit",
+ "slug": "monitor-cockpit"
+ },
+ {
+ "label": "Delete or disable an Edge Services pipeline",
+ "slug": "delete-pipeline"
+ }
+ ],
+ "label": "How to",
+ "slug": "how-to"
+ },
+ {
+ "items": [
+ {
+ "label": "SSL/TLS certificates for Edge Services",
+ "slug": "ssl-tls-certificate"
+ },
+ {
+ "label": "CNAME records for Edge Services",
+ "slug": "cname-record"
+ }
+ ],
+ "label": "Additional content",
+ "slug": "reference-content"
+ }
+ ],
+ "label": "Edge Services",
+ "slug": "edge-services"
+ },
{
"items": [
{
@@ -4102,10 +4168,6 @@
"label": "Use Object Storage with Private Networks",
"slug": "use-obj-stor-with-private-networks"
},
- {
- "label": "Use Object Storage with Edge Services",
- "slug": "get-started-edge-services"
- },
{
"label": "Delete an object",
"slug": "delete-an-object"
@@ -4217,14 +4279,6 @@
{
"label": "Equivalence between S3 actions and IAM permissions",
"slug": "s3-iam-permissions-equivalence"
- },
- {
- "label": "SSL/TLS certificates for Edge Services",
- "slug": "ssl-tls-certificate"
- },
- {
- "label": "CNAME records for Edge Services",
- "slug": "cname-record"
}
],
"label": "Additional Content",
diff --git a/storage/object/how-to/assets/scaleway-cname-success.webp b/network/edge-services/assets/scaleway-cname-success.webp
similarity index 100%
rename from storage/object/how-to/assets/scaleway-cname-success.webp
rename to network/edge-services/assets/scaleway-cname-success.webp
diff --git a/network/edge-services/assets/scaleway-create-es-pipeline-lb.webp b/network/edge-services/assets/scaleway-create-es-pipeline-lb.webp
new file mode 100644
index 0000000000..75d89eb2b6
Binary files /dev/null and b/network/edge-services/assets/scaleway-create-es-pipeline-lb.webp differ
diff --git a/storage/object/how-to/assets/scaleway-edge-services-cache.webp b/network/edge-services/assets/scaleway-edge-services-cache.webp
similarity index 100%
rename from storage/object/how-to/assets/scaleway-edge-services-cache.webp
rename to network/edge-services/assets/scaleway-edge-services-cache.webp
diff --git a/storage/object/how-to/assets/scaleway-edge-services-configure-domain.webp b/network/edge-services/assets/scaleway-edge-services-configure-domain.webp
similarity index 100%
rename from storage/object/how-to/assets/scaleway-edge-services-configure-domain.webp
rename to network/edge-services/assets/scaleway-edge-services-configure-domain.webp
diff --git a/storage/object/how-to/assets/scaleway-edge-services-customised.webp b/network/edge-services/assets/scaleway-edge-services-customised.webp
similarity index 100%
rename from storage/object/how-to/assets/scaleway-edge-services-customised.webp
rename to network/edge-services/assets/scaleway-edge-services-customised.webp
diff --git a/network/edge-services/assets/scaleway-edge-services-dashboard.webp b/network/edge-services/assets/scaleway-edge-services-dashboard.webp
new file mode 100644
index 0000000000..c2a1fb4897
Binary files /dev/null and b/network/edge-services/assets/scaleway-edge-services-dashboard.webp differ
diff --git a/network/edge-services/assets/scaleway-edge-services-lb-dashboard.webp b/network/edge-services/assets/scaleway-edge-services-lb-dashboard.webp
new file mode 100644
index 0000000000..659b74e395
Binary files /dev/null and b/network/edge-services/assets/scaleway-edge-services-lb-dashboard.webp differ
diff --git a/storage/object/how-to/assets/scaleway-edge-services-splash.webp b/network/edge-services/assets/scaleway-edge-services-splash.webp
similarity index 100%
rename from storage/object/how-to/assets/scaleway-edge-services-splash.webp
rename to network/edge-services/assets/scaleway-edge-services-splash.webp
diff --git a/network/edge-services/assets/scaleway-lb-edge-services.webp b/network/edge-services/assets/scaleway-lb-edge-services.webp
new file mode 100644
index 0000000000..59d99a1efe
Binary files /dev/null and b/network/edge-services/assets/scaleway-lb-edge-services.webp differ
diff --git a/network/edge-services/concepts.mdx b/network/edge-services/concepts.mdx
new file mode 100644
index 0000000000..a3421def7d
--- /dev/null
+++ b/network/edge-services/concepts.mdx
@@ -0,0 +1,65 @@
+---
+meta:
+ title: Edge Services - Concepts
+ description: Understand Scaleway Edge Services terminology with our glossary of the core concepts underpinning this product. Learn about key features, architecture, and best practices.
+content:
+ h1: Edge Services - Concepts
+ paragraph: Understand Scaleway Edge Services terminology with our glossary of the core concepts underpinning this product. Learn about key features, architecture, and best practices.
+tags: edge-services edge services pipeline custom-domain cache
+dates:
+ creation: 2024-07-24
+ validation: 2024-07-24
+categories:
+ - networks
+---
+
+## Cache
+
+The storage location where Edge Services stores copies of content that it has retrieved from a given origin. When users request content from the Edge Services endpoint, it serves content directly from the cache wherever possible, in accordance with the caching rules defined by the user. This reduces load on the origin bucket or Load Balancer/backend servers.
+
+Note that if an object has a caching directive, the caching directive always takes precedence over any lifetime setting defined in Edge Services.
+
+## Certificate
+
+The SSL/TLS certificate for your subdomain to enable Edge Services to serve content over HTTPS, if you have customized your [Edge Services endpoint](#endpoint). You can choose between uploading your own certificate held in Scaleway Secret Manager, or letting Edge Services generate a fully-managed Let's Encrypt certificate.
+
+## CNAME record
+
+The CNAME record pointing your subdomain to the Edge Services endpoint, if you have customized your [Edge Services endpoint](#endpoint). This is necessary to ensure that traffic for your customized subdomain is correctly directed towards the Edge Services endpoint by DNS servers.
+
+## Edge Services
+
+Edge Services is an additional feature for Scaleway Load Balancers and Object Storage buckets, currently available in [Public Beta](https://www.scaleway.com/en/betas/). It provides a [caching service](/network/edge-services/how-to/configure-cache/) to improve performance by reducing load on your [origin](#origin), and a customizable and secure [endpoint](#endpoint) for accessing content via Edge Services, which can be set to a subdomain of your choice.
+
+## Endpoint
+
+The endpoint from which a given Edge Services pipeline can be accessed, e.g. `https://pipeline-id-or-bucket-name.svc.edge.scw.cloud`. When a client requests content from the Edge Services endpoint, it is served by Edge Services and its cache, rather than from the origin (Object Storage bucket or Load Balancer backend servers) directly. Edge Services automatically manages redirection from HTTP to HTTPS.
+
+The endpoint can be customized with a user-defined subdomain, allowing you to replace the standardized endpoint with the subdomain of a domain you already own, e.g. `http://my-own-domain.com`. An associated [certificate](#certificate), and [CNAME record](#cname) will be required, in this case.
+
+## Origin
+
+The primary source from which a Scaleway Edge Services pipeline retrieves and caches data. An origin can consist of either:
+
+- An [Object Storage bucket](/storage/object/how-to/create-a-bucket/), or
+- A [Load Balancer](#origin-load-balancer) and frontend port that Edge Services connects to to request content, and (optionally) a specified [host](#origin-host) associated with the Load Balancer, used in the HTTP request Host Header.
+
+## Origin host
+
+In the case of a Load Balancer origin, the specific host for which Edge Services requests and caches data. This is an optional setting: when specified, this host (e.g. `mydomain.com`) is used in the HTTP Host Header when Edge Services requests data from the Load Balancer. If no origin host is specified, the Load Balancer's IP address is used in the Host Header.
+
+The origin host must be associated with the origin Load Balancer / its backend servers, and only one host may be set per pipeline. If your Load Balancer is in front of multiple hosts, you can create a separate Edge Services pipeline for each. Each host will therefore get its own Edge Services endpoint and cache.
+
+## Origin Load Balancer
+
+The Load Balancer defined by the user as origin for a given Edge Services pipeline. The pipeline connects to this Load Balancer, on the specified frontend port to request content.
+
+## Pipeline
+
+An Edge Services pipeline consists of an [origin](#origin) for which Edge Services requests and [caches](#cache) content, and an [endpoint](#endpoint) from which this content is served via Edge Services. The pipeline's endpoint can be customized with a user-defined [subdomain](#subdomain) and associated [certificate](#certificate) so that Edge Services can serve content over HTTPS.
+
+You can create one or more Edge Services pipelines for each of your Object Storage buckets or Load Balancer origins.
+
+## Protocol
+
+The protocol (HTTP or HTTPS) that the Edge Services pipeline should use when sending requests to an origin Load Balancer. HTTPS is recommended, but you should choose the protocol that corresponds with your Load Balancer setup.
\ No newline at end of file
diff --git a/network/edge-services/how-to/assets/scaleway-cname-success.webp b/network/edge-services/how-to/assets/scaleway-cname-success.webp
new file mode 100644
index 0000000000..ba6f5f4ff7
Binary files /dev/null and b/network/edge-services/how-to/assets/scaleway-cname-success.webp differ
diff --git a/network/edge-services/how-to/assets/scaleway-create-es-pipeline-lb.webp b/network/edge-services/how-to/assets/scaleway-create-es-pipeline-lb.webp
new file mode 100644
index 0000000000..75d89eb2b6
Binary files /dev/null and b/network/edge-services/how-to/assets/scaleway-create-es-pipeline-lb.webp differ
diff --git a/network/edge-services/how-to/assets/scaleway-edge-configure-domain.webp b/network/edge-services/how-to/assets/scaleway-edge-configure-domain.webp
new file mode 100644
index 0000000000..31d4775176
Binary files /dev/null and b/network/edge-services/how-to/assets/scaleway-edge-configure-domain.webp differ
diff --git a/network/edge-services/how-to/assets/scaleway-edge-services-cache.webp b/network/edge-services/how-to/assets/scaleway-edge-services-cache.webp
new file mode 100644
index 0000000000..670b8c1bf6
Binary files /dev/null and b/network/edge-services/how-to/assets/scaleway-edge-services-cache.webp differ
diff --git a/storage/object/how-to/assets/scaleway-edge-services-certificate-complete.webp b/network/edge-services/how-to/assets/scaleway-edge-services-certificate-complete.webp
similarity index 100%
rename from storage/object/how-to/assets/scaleway-edge-services-certificate-complete.webp
rename to network/edge-services/how-to/assets/scaleway-edge-services-certificate-complete.webp
diff --git a/storage/object/reference-content/assets/scaleway-edge-services-configure-domain.webp b/network/edge-services/how-to/assets/scaleway-edge-services-configure-domain.webp
similarity index 100%
rename from storage/object/reference-content/assets/scaleway-edge-services-configure-domain.webp
rename to network/edge-services/how-to/assets/scaleway-edge-services-configure-domain.webp
diff --git a/network/edge-services/how-to/assets/scaleway-edge-services-customised.webp b/network/edge-services/how-to/assets/scaleway-edge-services-customised.webp
new file mode 100644
index 0000000000..127c869f22
Binary files /dev/null and b/network/edge-services/how-to/assets/scaleway-edge-services-customised.webp differ
diff --git a/network/edge-services/how-to/assets/scaleway-edge-services-dashboard.webp b/network/edge-services/how-to/assets/scaleway-edge-services-dashboard.webp
new file mode 100644
index 0000000000..c2a1fb4897
Binary files /dev/null and b/network/edge-services/how-to/assets/scaleway-edge-services-dashboard.webp differ
diff --git a/network/edge-services/how-to/assets/scaleway-edge-services-lb-dashboard.webp b/network/edge-services/how-to/assets/scaleway-edge-services-lb-dashboard.webp
new file mode 100644
index 0000000000..659b74e395
Binary files /dev/null and b/network/edge-services/how-to/assets/scaleway-edge-services-lb-dashboard.webp differ
diff --git a/storage/object/how-to/assets/scaleway-edge-services-metrics.webp b/network/edge-services/how-to/assets/scaleway-edge-services-metrics.webp
similarity index 100%
rename from storage/object/how-to/assets/scaleway-edge-services-metrics.webp
rename to network/edge-services/how-to/assets/scaleway-edge-services-metrics.webp
diff --git a/storage/object/how-to/assets/scaleway-edge-services-purge-cache.webp b/network/edge-services/how-to/assets/scaleway-edge-services-purge-cache.webp
similarity index 100%
rename from storage/object/how-to/assets/scaleway-edge-services-purge-cache.webp
rename to network/edge-services/how-to/assets/scaleway-edge-services-purge-cache.webp
diff --git a/storage/object/how-to/assets/scaleway-edge-services-purge-object.webp b/network/edge-services/how-to/assets/scaleway-edge-services-purge-object.webp
similarity index 100%
rename from storage/object/how-to/assets/scaleway-edge-services-purge-object.webp
rename to network/edge-services/how-to/assets/scaleway-edge-services-purge-object.webp
diff --git a/network/edge-services/how-to/assets/scaleway-edge-services-select-bucket.webp b/network/edge-services/how-to/assets/scaleway-edge-services-select-bucket.webp
new file mode 100644
index 0000000000..eecb60f5dc
Binary files /dev/null and b/network/edge-services/how-to/assets/scaleway-edge-services-select-bucket.webp differ
diff --git a/network/edge-services/how-to/assets/scaleway-edge-services-splash.webp b/network/edge-services/how-to/assets/scaleway-edge-services-splash.webp
new file mode 100644
index 0000000000..16412c63db
Binary files /dev/null and b/network/edge-services/how-to/assets/scaleway-edge-services-splash.webp differ
diff --git a/network/edge-services/how-to/assets/scaleway-edit-edge-lb-pipeline.webp b/network/edge-services/how-to/assets/scaleway-edit-edge-lb-pipeline.webp
new file mode 100644
index 0000000000..9fb5769c9e
Binary files /dev/null and b/network/edge-services/how-to/assets/scaleway-edit-edge-lb-pipeline.webp differ
diff --git a/network/edge-services/how-to/assets/scaleway-lb-edge-services.webp b/network/edge-services/how-to/assets/scaleway-lb-edge-services.webp
new file mode 100644
index 0000000000..59d99a1efe
Binary files /dev/null and b/network/edge-services/how-to/assets/scaleway-lb-edge-services.webp differ
diff --git a/network/edge-services/how-to/configure-cache.mdx b/network/edge-services/how-to/configure-cache.mdx
new file mode 100644
index 0000000000..86ede6eab2
--- /dev/null
+++ b/network/edge-services/how-to/configure-cache.mdx
@@ -0,0 +1,103 @@
+---
+meta:
+ title: How to configure an Edge Services cache
+ description: Learn how to configure a cache for Edge Services. Enhance performance and finely control your cached objects via purging (cache invalidation).
+content:
+ h1: How to configure an Edge Services cache
+ paragraph: Learn how to configure a cache for Edge Services. Enhance performance and finely control your cached objects via purging (cache invalidation).
+dates:
+ validation: 2024-07-24
+ posted: 2024-07-24
+tags: object-storage edge-services cdn network cache purge
+categories:
+ - network
+---
+
+The cache feature allows you to cache your origin's content with Edge Services. This means that content can be served directly to users from Edge Services' servers, instead of from your Object Storage bucket or Load Balancer origin, enhancing performance.
+
+You can disable and enable caching at will, as well as control the lifetime of an object in the cache. You can also purge your entire cache, or specific objects within it. A log is displayed to help you track your purge events.
+
+## How to enable the cache
+
+1. In the Scaleway console, navigate to the Edge Services dashboard for the Object Storage bucket or Load Balancer origin for which you want to enable caching:
+
+
+
+2. In the **Cache** panel, use the icon to enable the cache.
+
+ The **Lifetime** configuration box displays. This enables you to define, in seconds, how long an object can be stored in the cache before it must be retrieved freshly from the origin (Object Storage bucket or Load Balancer).
+
+
+
+
+ As an example, a value of 0 means that objects will not be cached, unless they have a separately-defined caching directive. Note that in any case, if an object has a caching directive, the caching directive always takes precedence over any lifetime setting defined here in Edge Services.
+
+
+3. Leave the default value of 1 hour in place, or enter another value.
+
+The cache is now enabled.
+
+## How to purge all objects from your cache
+
+Purging objects clears all objects from your cache. Afterward, Edge Services will retrieve fresh copies from the origin (Object Storage bucket or Load Balancer) before it stores them again in the cache.
+
+1. In the Scaleway console, navigate to the Edge Services dashboard for the Object Storage bucket or Load Balancer origin whose cache you want to purge:
+
+
+
+2. In the **Purge cache** panel, click **Purge all**.
+
+
+
+ A screen displays, warning you that your cache will be emptied, and Edge Services will have to retrieve objects from your origin before re-caching them.
+
+3. Click **Purge cache** to confirm.
+
+## How to purge specific objects from your cache
+
+This allows you to specify the precise objects that you want to clear from the cache. Afterward, Edge Services will retrieve fresh copies from the origin (Object Storage bucket or Load Balancer) before it stores them again in the cache.
+
+1. In the Scaleway console, navigate to the Edge Services dashboard for the Object Storage bucket or Load Balancer origin whose cache you want to purge:
+
+
+
+2. In the **Purge cache** panel, click **Purge by object**.
+
+
+
+ A screen displays prompting you to enter the path of each object you want to purge from the cache.
+
+
+
+3. Enter the path of each object you want to purge. You can purge a maximum of 5 objects at a time.
+
+
+
+ The path for each object should be defined from the root and must start with a slash, e.g. `/videos/my-video.mp4`.
+
+ You **cannot** purge entire directories by simply specifying the path to the directory, e.g. `/videos`. Purging objects must be done strictly object-by-object, so `/videos/my-video1.mp4`, `/videos/my-video2.mp4`, `/videos/my-video3.mp4` etc. Watch this space for updates to this feature in the future.
+
+ For example, if we imagine an Object Storage bucket containing one file at the root level called `object1.jpg`, and a subfolder at root level called `videos` containing an item called `my-video.mp4`, we would enter the object paths as follows:
+
+ - `/object1.jpg`
+ - `/videos/my-video.mp4`
+
+
+
+4. Click **Purge objects from cache**.
+
+ The specified objects are purged from your cache and you are returned to the Edge Services dashboard.
+
+## How to disable your cache
+
+1. In the Scaleway console, navigate to the Edge Services dashboard for the Object Storage bucket or Load Balancer origin whose cache you want to disable:
+
+
+
+2. In the **Cache** panel, use the icon to disable the cache.
+
+ A pop-up displays, asking you to confirm the action.
+
+3. Click **Disable cache**.
+
+ Your cache is purged and disabled. Edge Services will now serve content by fetching it from your origin (Object Storage bucket or Load Balancer) directly. If you reenable your cache at a later point, you will begin with an empty cache.
\ No newline at end of file
diff --git a/network/edge-services/how-to/configure-custom-domain.mdx b/network/edge-services/how-to/configure-custom-domain.mdx
new file mode 100644
index 0000000000..e16214e7e8
--- /dev/null
+++ b/network/edge-services/how-to/configure-custom-domain.mdx
@@ -0,0 +1,123 @@
+---
+meta:
+ title: How to configure a custom domain for Edge Services
+ description: Learn how to configure an Edge Services endpoint with a custom subdomain. Access your Object Storage bucket or Load Balancer origin via your own domain name instead of the standardized endpoint.
+content:
+ h1: How to configure a custom domain for Edge Services
+ paragraph: Learn how to configure an Edge Services endpoint with a custom subdomain. Access your Object Storage bucket or Load Balancer origin via your own domain name instead of the standardized endpoint.
+dates:
+ validation: 2024-07-24
+ posted: 2024-07-24
+tags: object-storage edge-services cdn network domain ssl tls https
+categories:
+ - network
+---
+
+If you already own a domain, you can customize an Edge Services pipeline endpoint with a subdomain of your choice. This means you can access your Object Storage bucket or Load Balancer origin through Edge Services via your own subdomain rather than the standardized Edge Services endpoint.
+
+For example, if you own `beautiful-domain.com`, you can customize the endpoint to be `whatever-i-want.beautiful-domain.com`. You must also add an SSL/TLS certificate so that Edge Services can securely serve your content via HTTPS.
+
+You cannot customize your endpoint with a primary domain directly (e.g. `beautiful-domain.com`), only with a subdomain of it.
+
+## How to configure a custom domain
+
+The procedure for adding a customized endpoint is as follows:
+
+1. In the Scaleway console, navigate to the Edge Services dashboard for the Object Storage bucket or Load Balancer origin whose domain you want to customize:
+
+
+
+2. In the **Endpoint** panel, click **Configure domain**. The following screen displays:
+
+
+
+3. Set a subdomain from which your Object Storage bucket or Load Balancer origin will be accessible via its Edge Services pipeline. You must already own the primary domain. For example, if you own `beautiful-domain.com`, choose any subdomain you like and enter `my-chosen-subdomain.beautiful-domain.com` into the box.
+
+
+ It is **not** possible to use only a root domain (aka primary domain or apex domain), you must use a subdomain. This is because CNAME records, essential to point your domain to your Edge Services endpoint, cannot by definition be created for root domains, only for subdomains.
+ ✅ blog.example.com
+ ❌ example.com
+
+
+4. This step depends on whether the domain used in the previous step is managed with [Scaleway Domains and DNS](/network/domains-and-dns/), or an external domain provider. Choose the appropriate tab below.
+
+
+
+
+ The domain you are using for Edge Services is considered to be managed with Scaleway Domains and DNS if:
+ - You [registered the domain](/network/domains-and-dns/how-to/register-internal-domain/) with Domains and DNS, or
+ - You [transferred an externally-registered domain](/network/domains-and-dns/how-to/transfer-external-domain/) to Domains and DNS
+
+ If either of the above is true, Scaleway will auto-detect that the domain is managed by Domains and DNS, and a message will display confirming that you do not need to create a CNAME record. We will auto-generate the appropriate CNAME record in your domain's [DNS records](/network/domains-and-dns/how-to/manage-dns-records/), to point your subdomain to the Edge Services endpoint. This record is generated when you click `Customize domain` in step 6.
+
+ You should not attempt to modify or delete the CNAME record, which will be visible among your [DNS records](/network/domains-and-dns/how-to/manage-dns-records/) in the Scaleway console.
+
+
+
+ Scaleway cannot itself create the appropriate CNAME record to point your subdomain to Edge Services if your domain is managed by an external provider. You must create the CNAME record yourself.
+
+ Log in to your domain provider, and locate the DNS settings for your domain. Create a new CNAME record pointing your subdomain to the Edge Services pipeline endpoint displayed in the Scaleway console. For help setting up CNAME records and troubleshooting any problems, [check out our dedicated documentation](/network/edge-services/reference-content/cname-record/).
+
+ Back in the Scaleway console, click the `Verify CNAME` button to check whether your CNAME record has been correctly configured. Edge Services will carry out a check, and if it is successful the following message displays:
+
+
+
+ If the check fails, an error message will display. See the documentation linked above for help troubleshooting such errors. Note that it may take a short time for the DNS record to be propagated and the check to pass.
+
+
+
+5. Provide an SSL/TLS certificate for your subdomain so that Edge Services can serve traffic for it over HTTPS. You have three options for this:
+ - Generate a free Let's Encrypt certificate, managed by Scaleway, including automatic renewals.
+ - Select an existing certificate that you have stored in [Scaleway Secret Manager](/identity-and-access-management/secret-manager/quickstart/).
+ - Manually import a certificate into Scaleway Secret Manager:
+ - Enter a name for your certificate (alphanumeric characters only)
+ - Optionally, add tags by typing each tag and then pressing enter
+ - Copy and paste the full PEM-formatted certificate chain into the box.
+ Your certificate will be automatically stored in Secret Manager and [billed accordingly](https://www.scaleway.com/en/pricing/security-and-account/).
+
+
+ For help with SSL/TLS certificates for Edge Services, and/or dealing with any errors you encounter importing a certificate into Secret Manager, see our [dedicated documentation](/network/edge-services/reference-content/ssl-tls-certificate/).
+
+
+6. Click **Customize domain** to finish.
+
+Your customized domain is set up, and you are returned to the Edge Services dashboard. The customized domain displays in the Endpoint panel. When you access your Object Storage or Load Balancer origin through this domain, its content will be served via Edge Services.
+
+
+If you chose to generate a managed Let's Encrypt certificate, allow a few minutes for the certificate to finish creating. When the process is complete and the certificate is ready, you will see a green status light for **SSL/TLS certificate** on your endpoint dashboard.
+
+
+
+
+
+## How to edit your customized domain or its certificate
+
+After customizing your domain, you can edit it (or its certificate) at any time as follows:
+
+1. In the Scaleway console, navigate to the Edge Services dashboard for the Object Storage bucket or Load Balancer origin whose domain you want to customize:
+
+
+
+2. In the **Endpoint** panel, click **Edit**. The **Edit Domain** screen displays.
+
+3. Edit the subdomain as desired - do not forget to also set up a new CNAME record, if necessary.
+
+4. Edit your certificate options as required - choose to generate a managed Let's Encrypt certificate, managed by Scaleway including automatic renewals, or select a different certificate from Secret Manager, or manually import a new certificate for your custom domain.
+
+5. Click **Edit domain** to finish.
+
+## How to reset your customized domain
+
+Even though the original Edge Services endpoint (e.g. `https://pipeline-id-or-bucket-name.svc.edge.scw.cloud`) will continue to work after you add a customized domain, you can choose to remove your customized domain completely and go back to the original Edge Services endpoint only. This is done via the reset function:
+
+1. In the Scaleway console, navigate to the Edge Services dashboard for the Object Storage bucket or Load Balancer origin whose domain you want to reset:
+
+
+
+2. In the **Endpoint** panel, click **Reset**.
+
+ A screen displays, warning you that this will reset the pipeline's domain back to the default Edge Services endpoint. Edge Services will consider your customized subdomain as unknown. You should also remember to:
+ - Delete your CNAME record from your domain provider, unless your domain is managed with Scaleway Domains and DNS, in which case we take care of deletion for you.
+ - Delete any SSL/TLS certificates you imported into Secret Manager (if no longer required elsewhere, so that you are no longer billed for it). If you generated a managed Let's Encrypt certificate however, Scaleway takes care of the deletion for you.
+
+3. Click **Reset domain** to finish.
diff --git a/network/edge-services/how-to/create-pipeline-bucket.mdx b/network/edge-services/how-to/create-pipeline-bucket.mdx
new file mode 100644
index 0000000000..f56b8589ec
--- /dev/null
+++ b/network/edge-services/how-to/create-pipeline-bucket.mdx
@@ -0,0 +1,71 @@
+---
+meta:
+ title: How to create an Edge Services pipeline for an Object Storage bucket
+ description: This page explains how to configure an Edge Services pipeline for a Scaleway Object Storage bucket. Set up your own custom domain to point to your bucket, and enable a caching service for faster and more efficient delivery.
+content:
+ h1: How to create an Edge Services pipeline for an Object Storage bucket
+ paragraph: This page explains how to configure an Edge Services pipeline for a Scaleway Object Storage bucket. Set up your own custom domain to point to your bucket, and enable a caching service for faster and more efficient delivery.
+dates:
+ validation: 2024-07-24
+ posted: 2024-07-24
+tags: object-storage edge-services cdn network cache domain https
+categories:
+ - network
+---
+
+Edge Services is an additional feature for Scaleway Load Balancers and Object Storage buckets, currently available in [Public Beta](https://www.scaleway.com/en/betas/).
+
+Enabling Edge Services on your Object Storage bucket creates an Edge Services pipeline which brings you a number of possible benefits:
+
+- Customize your bucket's endpoint using a subdomain of your own domain
+- Add your own SSL/TLS certificate, safeguarded in [Scaleway Secret Manager](/identity-and-access-management/secret-manager/quickstart/), or generate a managed Let's Encrypt certificate, so your subdomain can serve content from your bucket over HTTPS
+- Enhance performance by caching your stored objects, to be served directly by Edge Services from the cache
+- Finely control your cached objects via purging (cache invalidation)
+
+Read on to learn how to create an Edge Services pipeline by enabling Edge Services on your bucket.
+
+
+
+- A Scaleway account logged into the [console](https://console.scaleway.com)
+- [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization
+- An [Object Storage bucket](/storage/object/how-to/create-a-bucket/)
+
+## How to create an Edge Services pipeline
+
+Edge Services is available as a feature on Object Storage buckets. You enable it on a bucket-by-bucket basis. When you enable Edge Services on a particular bucket, a [pipeline](/network/edge-services/concepts/#pipeline) is automatically created for that bucket.
+
+1. Click **Object Storage** in the **Storage** section of the Scaleway console side menu. The list of your buckets displays.
+
+2. Click the name of the bucket you want to enable Edge Services on.
+
+
+3. Click the **Edge Services** tab.
+
+
+
+4. Click **Enable Edge Services for free**.
+
+ A pop-up informs you that your bucket will be exposed via Edge Services and that you can disable Edge Services at any time. Edge Services is free during the beta stage, and you will be notified before it becomes billable.
+
+5. Click **Enable Edge Services** to confirm.
+
+ Edge Services is enabled on your bucket, and a pipeline is automatically created. Various features are now visible on the Edge Services tab, ready to be configured.
+
+
+
+
+
+ Your bucket's [visibility](/storage/object/concepts/#visibility) can be set to **private**, but any objects within it that you want to expose via Edge Services must be set to [**public** visibility](/storage/object/how-to/manage-object-visibility/). However, in the case that you are using Edge Services with bucket website, objects can remain private.
+
+
+
+## How to access your bucket via Edge Services
+
+Once you have enabled Edge Services on your bucket, you can access your bucket and its content via the following endpoints. Make sure that you replace `bucket-name` with the name of your bucket.
+
+| Endpoint | Where to find this endpoint in the console | Notes |
+|-----------------------------------------|--------------------------|-----------------------------------------------------------------------------------|
+| `https://bucket-name.s3.nl-ams.scw.cloud` | The **Bucket settings** tab | Edge Services is bypassed when the bucket is accessed via this endpoint |
+| `https://bucket-name.svc.edge.scw.cloud` | The **Edge Services** tab | Edge Services serves bucket content when this endpoint is used |
+
+The two endpoints shown above are available as standard. However, with Edge Services, you can also choose to configure a **custom domain** from which your bucket can be accessed. Read more about this in the [next section](/network/edge-services/how-to/configure-custom-domain/).
\ No newline at end of file
diff --git a/network/edge-services/how-to/create-pipeline-lb.mdx b/network/edge-services/how-to/create-pipeline-lb.mdx
new file mode 100644
index 0000000000..91ece045fd
--- /dev/null
+++ b/network/edge-services/how-to/create-pipeline-lb.mdx
@@ -0,0 +1,135 @@
+---
+meta:
+ title: How to create an Edge Services pipeline for a Load Balancer
+ description: This page explains how to configure an Edge Services pipeline on your Load Balancer, enabling a caching service for faster and more efficient delivery.
+content:
+ h1: How to create an Edge Services pipeline for a Load Balancer
+ paragraph: This page explains how to configure an Edge Services pipeline on your Load Balancer, enabling a caching service for faster and more efficient delivery.
+dates:
+ validation: 2024-07-24
+ posted: 2024-07-24
+tags: load-balancer edge-services cdn network cache domain https
+categories:
+ - network
+---
+
+Edge Services is an additional feature for Scaleway Load Balancers and Object Storage buckets, currently available in [Public Beta](https://www.scaleway.com/en/betas/).
+
+Creating an Edge Services pipeline for your Load Balancer helps to reduce load on your Load Balancer's backend servers. The origin configuration you define is used by Edge Services to connect to your Load Balancer and request content, which is then stored in the cache. Then, when your Load Balancer origin is accessed via its customizable Edge Services endpoint, the requested content is served from the cache (if present), without the need to fetch this content via the Load Balancer and its backend servers.
+
+Edge Services lets you:
+
+- Define the specific origin (Load Balancer, frontend port, and host) for a given pipeline and its associated cache
+- Choose the TTL for cached objects
+- Purge the entire cache or specific cached objects at any time (cache invalidation)
+- Customize your Edge Services pipeline endpoint using a subdomain of your own domain
+- Add an SSL/TLS certificate so that Edge Services can serve content over HTTPS for your subdomain
+
+An Edge Services pipeline can be created for any Load Balancer with a public IP address. Load Balancers with frontends/backends using both TCP and/or HTTP are supported. [Private Load Balancers](/network/load-balancer/reference-content/public-private-accessibility/#private-load-balancers) are not compatible with Edge Services.
+
+
+
+- A Scaleway account logged into the [console](https://console.scaleway.com)
+- [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization
+- A [Load Balancer](/network/load-balancer/how-to/create-load-balancer/)
+
+## How to create an Edge Services pipeline for Load Balancer
+
+You can create one or more Edge Services pipelines for each of your Load Balancers. Each pipeline has its own [origin](/network/edge-services/concepts/#origin), [endpoint](/network/edge-services/concepts/#endpoint), and [cache](/network/edge-services/concepts/#cache). If you create multiple Edge Services pipelines for the same origin Load Balancer, each one must be configured for a different frontend.
+
+Follow the steps below to create an Edge Services pipeline.
+
+1. Click **Load Balancers** in the **Network** section of the Scaleway console side menu. The list of your Load Balancers displays.
+
+
+
+2. Click the **Edge Services** tab.
+
+3. Click **Create Edge Services pipeline**. The pipeline creation wizard displays.
+
+
+
+4. Configure the [origin](/network/edge-services/concepts/#origin) for this pipeline:
+ - Select the **origin Load Balancer** from the dropdown list. The Edge Services pipeline will connect to this Load Balancer when requesting content.
+ - Select a **frontend** associated with the origin Load Balancer from the dropdown list. The Edge Services pipeline will connect to the Load Balancer on this port when requesting content. We recommend that you select an HTTPS port, e.g. `443`. Note that if you are creating multiple pipelines for the same origin Load Balancer, each one must be configured for a different frontend.
+
+
+ For Kubernetes Load Balancers, see our [dedicated documentation](#help-for-kubernetes-load-balancers) for help selecting the correct Load Balancer and frontend.
+
+
+
+5. Define the protocol and origin host for this pipeline:
+ - Select the protocol that Edge Services should use when making requests to the origin, either `HTTP` or `HTTPS` (recommended). Choose the protocol that corresponds with your Load Balancer setup.
+ - Optionally, enter an [origin host](/network/edge-services/concepts/#origin-host) associated with your Load Balancer for this pipeline. When specified, this host replaces the Load Balancer IP address in the HTTP Host Header of the requests made from Edge Services to your Load Balancer.
+
+6. Enter a name for this Edge Services pipeline, or leave the auto-generated name in place.
+
+ Edge Services for Load Balancer is free during Public Beta. You will be notified before the service leaves beta and becomes billable.
+
+7. Click **Create Edge Services pipeline** to finish.
+
+ Your pipeline is created and you are taken to its **Overview** page. The endpoint displays from which you can access your Load Balancer origin via Edge Services, e.g. `https://pipeline-id.edge.scw.cloud`.
+
+
+
+## Troubleshooting pipeline creation
+
+If you see the message `Edge Services was unable to contact the host via the Load Balancer Please check your origin configuration settings and try again`, check the following elements of your configuration:
+
+- **Protocol**: Ensure you did not select the wrong protocol, e.g. HTTP selected while the frontend chosen is configured to receive HTTPS, or the opposite.
+- **Origin host**: Ensure that you entered the correct origin host, with no typos, for a host that exists behind the selected Load Balancer.
+- **Load Balancer ACLs**: Ensure that there are no [ACLs](/network/load-balancer/how-to/create-manage-acls/) configured on your Load Balancer which are blocking traffic from Edge Services.
+
+## Help for Kubernetes Load Balancers
+
+If you are setting up an Edge Services pipeline for a [Kubernetes Kapsule](/containers/kubernetes) Load Balancer, follow these steps to determine which Load Balancer and frontend to configure for your pipeline:
+
+1. Run `kubectl describe svc`.
+
+ An output displays.
+
+2. Locate the section of the output that relates to your LoadBalancer service. It should look something like this:
+
+ ```
+ Name: myloadbalancer
+ Namespace: default
+ Labels: app=mydeployment
+ Annotations: service.beta.kubernetes.io/scw-loadbalancer-id: fr-par-1/a92de52e-262f-99f9-be66-5220003a2e42
+ Selector: app=mydeployment
+ Type: LoadBalancer
+ IP Family Policy: SingleStack
+ IP Families: IPv4
+ IP: 10.32.220.60
+ IPs: 10.32.220.60
+ LoadBalancer Ingress: 51.159.25.111
+ Port: http 8000/TCP
+ TargetPort: 8000/TCP
+ NodePort: http 32041/TCP
+ Endpoints:
+ Session Affinity: None
+ External Traffic Policy: Cluster
+ ```
+3. Find the `service.beta.kubernetes.io/scw-loadbalancer-id` annotation, and note your Load Balancer ID (e.g. `a92de52e-262f-99f9-be66-5220003a2e42`). Check your Load Balancer list in the [console](https://console.scaleway.com/load-balancer/lbs) to find the Load Balancer name that corresponds to this ID. This is the Load Balancer you should select for the Edge Services pipeline.
+
+4. Find the **NodePort** line and note the port mentioned (in the case above, `32041`). In the [console](https://console.scaleway.com/load-balancer/lbs), find the frontend of the Load Balancer from step 3 that corresponds with this port. This is the frontend and port you should select for the Edge Services pipeline.
+
+## How to edit an Edge Services pipeline origin
+
+You can edit the protocol, origin host, and name of an Edge Services pipeline as follows.
+
+1. Click **Load Balancers** in the **Network** section of the Scaleway console side menu. The list of your Load Balancers displays.
+
+2. Click the **Edge Services** tab.
+
+3. Click the Edge Services pipeline you want to edit. The **Overview** page for the pipeline displays.
+
+4. In the top right corner, click **Edit**. A pop-up displays.
+
+
+
+5. Make the edits required. You can:
+ - Change the **protocol**
+ - Change the **origin host**
+ - Change the pipeline **name**
+
+6. Click **Save**.
\ No newline at end of file
diff --git a/network/edge-services/how-to/delete-pipeline.mdx b/network/edge-services/how-to/delete-pipeline.mdx
new file mode 100644
index 0000000000..2ec3410e6b
--- /dev/null
+++ b/network/edge-services/how-to/delete-pipeline.mdx
@@ -0,0 +1,68 @@
+---
+meta:
+ title: How to delete an Edge Services pipeline
+ description: Learn how to delete or disable a Scaleway Edge Services pipeline with this step-by-step guide. Follow our instructions to ensure a smooth process and manage your domains and SSL/TLS certificates effectively.
+content:
+ h1: How to delete an Edge Services pipeline
+ paragraph: Learn how to delete or disable a Scaleway Edge Services pipeline with this step-by-step guide. Follow our instructions to ensure a smooth process and manage your domains and SSL/TLS certificates effectively.
+dates:
+ validation: 2024-07-24
+ posted: 2024-07-24
+tags: load-balancer edge-services cdn network pipeline
+categories:
+ - network
+---
+
+You can delete an Edge Services pipeline at any time. Follow the steps below, depending on whether your pipeline is towards an Object Storage bucket origin or a Load Balancer origin.
+
+## How to disable Edge Services for an Object Storage bucket
+
+1. Click **Object Storage** in the **Storage** section of the Scaleway console side menu. The list of your buckets displays.
+
+2. Click the name of the bucket you want to disable Edge Services for.
+
+3. Click the **Edge Services** tab.
+
+
+
+4. In the **Disable Edge Services** panel at the bottom of the screen, click **Disable Edge Services**.
+
+ A pop-up displays, informing you that the bucket will be removed from Edge Services.
+ - The bucket will no longer be accessible via its Edge Services endpoint, or any customized domains pointing to this endpoint.
+ - Any files stored in the Edge Services cache will be removed.
+
+
+ Remember to:
+ - Delete your CNAME record from your domain provider, unless your domain is managed with Scaleway Domains and DNS, in which case we take care of deletion for you.
+ - Delete any SSL/TLS certificates you imported into Secret Manager (if no longer required elsewhere, so that you are no longer billed for it). If you generated a managed Let's Encrypt certificate however, Scaleway takes care of the deletion for you.
+
+
+5. Click **Disable Edge Services**.
+
+ Edge Services is disabled and the pipeline for this bucket is deleted. You can enable it again at any time to create a new pipeline, but you will need to reconfigure your custom domain, and the cache will initially be empty.
+
+## How to delete an Edge Services pipeline for a Load Balancer origin
+
+1. Click **Load Balancers** in the **Network** section of the Scaleway console side menu. The list of your Load Balancers displays.
+
+2. Click the **Edge Services** tab. A list of your pipelines displays.
+
+3. Click the pipeline you want to delete. The Edge Services dashboard for that pipeline displays.
+
+
+
+4. In the **Delete Edge Services pipeline** panel at the bottom of the screen, click **Delete Edge Services pipeline**.
+
+ A pop-up displays, informing you that the pipeline will be deleted
+ - The Load Balancer origin will no longer be accessible via its Edge Services endpoint, or any customized domains pointing to this endpoint.
+ - Any files stored in the Edge Services cache for this pipeline will be removed.
+
+
+ If you set up a customized domain for your Edge Services endpoint, remember to:
+ - Delete your CNAME record from your domain provider, unless your domain is managed with Scaleway Domains and DNS, in which case we take care of deletion for you.
+ - Delete any SSL/TLS certificates you imported into Secret Manager (if no longer required elsewhere, so that you are no longer billed for it). If you generated a managed Let's Encrypt certificate however, Scaleway takes care of the deletion for you.
+
+
+5. Click **Confirm*.
+
+ The Edge Services pipeline for this Load Balancer origin is deleted. You create a new pipeline at any time, but you will need to reconfigure any custom domains, and the cache will initially be empty.
\ No newline at end of file
diff --git a/network/edge-services/how-to/index.mdx b/network/edge-services/how-to/index.mdx
new file mode 100644
index 0000000000..7cf1c10784
--- /dev/null
+++ b/network/edge-services/how-to/index.mdx
@@ -0,0 +1,8 @@
+---
+meta:
+ title: Edge Services - How Tos
+ description: Learn how to set up and optimize Scaleway Edge Services. These how to guides cover pipeline creation, customization of your domain, cache configuration, and advanced features for improved performance of your Object Storage bucket and Load Balancer origins.
+content:
+ h1: Edge Services - How Tos
+ paragraph: Learn how to set up and optimize Scaleway Edge Services. These how to guides cover pipeline creation, customization of your domain, cache configuration, and advanced features for improved performance of your Object Storage bucket and Load Balancer origins.
+---
diff --git a/network/edge-services/how-to/monitor-cockpit.mdx b/network/edge-services/how-to/monitor-cockpit.mdx
new file mode 100644
index 0000000000..05b9028787
--- /dev/null
+++ b/network/edge-services/how-to/monitor-cockpit.mdx
@@ -0,0 +1,43 @@
+---
+meta:
+ title: How to monitor Edge Services with Scaleway Cockpit
+ description: Get easy access to your Edge Services metrics via Scaleway Cockpit. Monitor ingress, egress, request rate and cache hit ratio in a convenient managed Grafana dashboard.
+content:
+ h1: How to monitor Edge Services with Scaleway Cockpit
+ paragraph: Get easy access to your Edge Services metrics via Scaleway Cockpit. Monitor ingress, egress, request rate and cache hit ratio in a convenient managed Grafana dashboard.
+dates:
+ validation: 2024-07-24
+ posted: 2024-07-24
+tags: load-balancer edge-services cdn cache-hit-ratio grafana observability
+categories:
+ - network
+---
+
+You can view your Edge Services metrics via [Scaleway Cockpit](/observability/cockpit/quickstart/). This allows you to monitor your ingress, egress, request rate, and cache hit ratio as well as other metrics, in a convenient managed Grafana dashboard.
+
+Access your Edge Services dashboard in the Scaleway console via the shortcut in the Edge Services tab of the pipeline in question. Note that you will first need to [create a Grafana user and credentials](/observability/cockpit/how-to/retrieve-grafana-credentials/).
+
+### Understanding the dashboard
+
+The Grafana dashboard presents a number of different metrics. Use the drop-down in the top left to select which pipeline and origin to view Edge Services metrics for, and the time range drop-down in the top right to modify the time period to apply to the metrics.
+
+
+
+- **Request rate**: The number of requests made to Edge Services per second, for the specified origin, averaged over the specified time period.
+- **Cache hit ratio**: The percentage of requests served from Edge Services' cache, compared to the total number of requests in total to Edge Services for this origin, over the specified time period.
+- **Cache HIT/MISS**: A visual representation of the ratio of cache hits to misses, for the specified origin, over the specified time period.
+ - **Cache hit line**: The number of requests per second made to Edge Services for this origin, which were served directly from its cache.
+ - **Cache miss line**: The number of requests per second made to Edge Services for this origin, where the content was fetched from the origin rather than the cache.
+ - **Total line**: The number of requests per second made to Edge Services for this origin.
+
+- **Egress (to client)**: The total volume of data served to clients from Edge Services, for the specified origin, over the specified time period.
+- **Ingress (from origin)**: The total volume of data from the origin server to Edge Services over the specified time period. This represents the traffic that occurs when Edge Services retrieves content from the origin server in order to fulfill requests.
+- **Edge Services throughput**: A visual representation of the rate of data transfer for the specified origin with Edge Services over the specified time period.
+ - **Output bitrate line**: The rate at which data is being delivered from Edge Services to end users.
+ - **Input bitrate line**: The rate at which Edge Services is fetching data from the origin server. Peaks in this line may represent times when Edge Services had to fetch content from the origin server, rather than being able to serve it directly from its own cache.
+
+- **Requests served**: The total number of requests that Edge Services has successfully served, for the specified origin, over the specified time period.
+- **Edge Services response statuses**: A visual representation of the distribution of HTTP response statuses for requests served by Edge Services over the specified time period. Consult [the full list of HTTP status codes](https://en.wikipedia.org/wiki/List_of_HTTP_status_codes) for more information if necessary.
+
+- **Request origin country**: The proportion of requests (to Edge Services for the specified origin over the specified time period) originating from different countries.
+- **End users location**: A visual representation of where Edge Services end users have been making requests from geographically.
diff --git a/network/edge-services/index.mdx b/network/edge-services/index.mdx
new file mode 100644
index 0000000000..2ca0b62282
--- /dev/null
+++ b/network/edge-services/index.mdx
@@ -0,0 +1,61 @@
+---
+meta:
+ title: Edge Services Documentation
+ description: Dive into Scaleway Edge Services with our quickstart guides, how-tos, tutorials and more.
+---
+
+
+
+## Getting Started
+
+
+
+
+
+
+
+
+
+
+## Changelog
+
+
\ No newline at end of file
diff --git a/network/edge-services/quickstart.mdx b/network/edge-services/quickstart.mdx
new file mode 100644
index 0000000000..bee04680be
--- /dev/null
+++ b/network/edge-services/quickstart.mdx
@@ -0,0 +1,233 @@
+---
+meta:
+ title: Edge Services - Quickstart
+ description: Quickly set up Scaleway Edge Services for Object Storage buckets or Load Balancer origins with our guide. Learn to configure pipelines, customize endpoints, and manage caching for optimal performance.
+content:
+ h1: Edge Services - Quickstart
+ paragraph: Quickly set up Scaleway Edge Services for Object Storage buckets or Load Balancer origins with our guide. Learn to configure pipelines, customize endpoints, and manage caching for optimal performance.
+tags: edge-services edge services pipeline custom-domain cache
+dates:
+ creation: 2024-07-24
+ validation: 2024-07-24
+categories:
+ - networks
+---
+
+Edge Services is an additional feature for Scaleway Load Balancers and Object Storage buckets, currently available in [Public Beta](https://www.scaleway.com/en/betas/). It provides a [caching service](/network/edge-services/how-to/configure-cache/) to improve performance by reducing load on your [origin](#origin), and a customizable and secure [endpoint](#endpoint) for accessing content via Edge Services, which can be set to a subdomain of your choice.
+
+
+
+- A Scaleway account logged into the [console](https://console.scaleway.com)
+- [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization
+- Created either a [Load Balancer](/network/load-balancer/how-to/create-load-balancer/) or an [Object Storage bucket](/storage/object/how-to/create-a-bucket/)
+
+## How to create an Edge Services pipeline
+
+The process differs depending on whether you want to create a pipeline for an Object Storage bucket or a Load Balancer. Choose the correct tab for your case below.
+
+
+
+ 1. Click **Object Storage** in the **Storage** section of the Scaleway console side menu. The list of your buckets displays.
+
+ 2. Click the name of the bucket you want to enable Edge Services on.
+
+ 3. Click the **Edge Services** tab.
+
+
+
+ 4. Click **Enable Edge Services for free**.
+
+ A pop-up informs you that your bucket will be exposed via Edge Services and that you can disable Edge Services at any time. Edge Services is free during the beta stage, and you will be notified before it becomes billable.
+
+ 5. Click **Enable Edge Services** to confirm.
+
+ Edge Services is enabled on your bucket, and a pipeline is automatically created. Various features are now visible on the Edge Services tab, ready to be configured.
+
+
+
+
+
+ For more detailed information about correctly enabling Edge Services in relation to bucket visibility, see the [dedicated documentation](/network/edge-services/how-to/create-pipeline-bucket/). You can also find out here how to access your bucket via Edge Services.
+
+
+
+ 1. Click **Load Balancers** in the **Network** section of the Scaleway console side menu. The list of your Load Balancers displays.
+
+
+
+ 2. Click the **Edge Services** tab.
+
+ 3. Click **create Edge Services pipeline**. The pipeline creation wizard displays.
+
+
+
+ 4. Configure the [origin](/network/edge-services/concepts/#origin) for this pipeline:
+ - Select the **origin Load Balancer** from the dropdown list. The Edge Services pipeline will connect to this Load Balancer when requesting content.
+ - Select a **frontend** associated with the origin Load Balancer from the dropdown list. The Edge Services pipeline will connect to the Load Balancer on this port when requesting content. We recommend that you select an HTTPS port, e.g. `443`. Note that if you are creating multiple pipelines for the same origin Load Balancer, each one must be configured for a different frontend.
+
+
+ For Kubernetes Load Balancers, see our [dedicated documentation](/network/edge-services/how-to/create-pipeline-lb/#help-for-kubernetes-load-balancers) for help selecting the correct Load Balancer and frontend.
+
+
+
+ 5. Define the protocol and origin host for this pipeline:
+ - Select the protocol that Edge Services should use when making requests to the origin, either `HTTP` or `HTTPS` (recommended). Choose the protocol that corresponds with your Load Balancer setup.
+ - Optionally, enter an [origin host](/network/edge-services/concepts/#origin-host) associated with your Load Balancer for this pipeline. When specified, this host replaces the Load Balancer IP address in the HTTP Host Header of the requests made from Edge Services to your Load Balancer.
+
+ 6. Enter a name for this Edge Services pipeline, or leave the auto-generated name in place.
+
+ Edge Services for Load Balancer is free during Public Beta. You will be notified before the service leaves beta and becomes billable.
+
+ 7. Click **Create Edge Services pipeline** to finish.
+
+ Your pipeline is created and you are taken to its **Overview** page. The endpoint displays from which you can access your Load Balancer origin via Edge Services, e.g. `https://pipeline-id.edge.scw.cloud`.
+
+
+
+
+## How to configure a custom domain
+
+If you already own a domain, you can customize an Edge Services pipeline endpoint with a subdomain of your choice, e.g. `subdomain.mydomain.com`. This means you can access your Object Storage bucket or Load Balancer origin through Edge Services via your own subdomain rather than the standardized Edge Services endpoint.
+
+1. In the Scaleway console, navigate to the Edge Services dashboard for the Object Storage bucket or Load Balancer origin whose domain you want to customize:
+
+
+
+2. In the **Endpoint** panel, click **Configure domain**. The following screen displays:
+
+
+
+3. Set a subdomain from which your Object Storage bucket or Load Balancer origin will be accessible via its Edge Services pipeline. You must already own the primary domain. For example, if you own `beautiful-domain.com`, choose any subdomain you like and enter `my-chosen-subdomain.beautiful-domain.com` into the box.
+
+
+ It is **not** possible to use only a root domain (aka primary domain or apex domain), you must use a subdomain. This is because CNAME records, essential to point your domain to your Edge Services endpoint, cannot by definition be created for root domains, only for subdomains.
+ ✅ blog.example.com
+ ❌ example.com
+
+
+4. This step depends on whether the domain used in the previous step is managed with [Scaleway Domains and DNS](/network/domains-and-dns/), or an external domain provider. Choose the appropriate tab below.
+
+
+
+
+ The domain you are using for Edge Services is considered to be managed with Scaleway Domains and DNS if:
+ - You [registered the domain](/network/domains-and-dns/how-to/register-internal-domain/) with Domains and DNS, or
+ - You [transferred an externally-registered domain](/network/domains-and-dns/how-to/transfer-external-domain/) to Domains and DNS
+
+ If either of the above is true, Scaleway will auto-detect that the domain is managed by Domains and DNS, and a message will display confirming that you do not need to create a CNAME record. We will auto-generate the appropriate CNAME record in your domain's [DNS records](/network/domains-and-dns/how-to/manage-dns-records/), to point your subdomain to the Edge Services endpoint. This record is generated when you click `Customize domain` in step 6.
+
+ You should not attempt to modify or delete the CNAME record, which will be visible among your [DNS records](/network/domains-and-dns/how-to/manage-dns-records/) in the Scaleway console.
+
+
+
+ Scaleway cannot itself create the appropriate CNAME record to point your subdomain to Edge Services if your domain is managed by an external provider. You must create the CNAME record yourself.
+
+ Log in to your domain provider, and locate the DNS settings for your domain. Create a new CNAME record pointing your subdomain to the Edge Services pipeline endpoint displayed in the Scaleway console. For help setting up CNAME records and troubleshooting any problems, [check out our dedicated documentation](/network/edge-services/reference-content/cname-record/).
+
+ Back in the Scaleway console, click the `Verify CNAME` button to check whether your CNAME record has been correctly configured. Edge Services will carry out a check, and if it is successful the following message displays:
+
+
+
+ If the check fails, an error message will display. See the documentation linked above for help troubleshooting such errors. Note that it may take a short time for the DNS record to be propagated and the check to pass.
+
+
+
+5. Provide an SSL/TLS certificate for your subdomain so that Edge Services can serve traffic for it over HTTPS. You have three options for this:
+ - Generate a free Let's Encrypt certificate, managed by Scaleway, including automatic renewals.
+ - Select an existing certificate that you have stored in [Scaleway Secret Manager](/identity-and-access-management/secret-manager/quickstart/).
+ - Manually import a certificate into Scaleway Secret Manager:
+ - Enter a name for your certificate (alphanumeric characters only)
+ - Optionally, add tags by typing each tag and then pressing enter
+ - Copy and paste the full PEM-formatted certificate chain into the box.
+ Your certificate will be automatically stored in Secret Manager and [billed accordingly](https://www.scaleway.com/en/pricing/security-and-account/).
+
+
+ For help with SSL/TLS certificates for Edge Services, and/or dealing with any errors you encounter importing a certificate into Secret Manager, see our [dedicated documentation](/network/edge-services/reference-content/ssl-tls-certificate/).
+
+
+6. Click **Customize domain** to finish.
+
+Your customized domain is set up, and you are returned to the Edge Services dashboard. The customized domain displays in the Endpoint panel. When you access your Object Storage or Load Balancer origin through this domain, its content will be served via Edge Services.
+
+## How to configure your cache
+
+The cache feature allows you to cache your origin's content with Edge Services. This means that content can be served directly to users from Edge Services' servers, instead of from your Object Storage bucket or Load Balancer origin, enhancing performance.
+
+You can disable and enable caching at will, as well as control the lifetime of an object in the cache. You can also purge your entire cache, or specific objects within it. A log is displayed to help you track your purge events.
+
+1. In the Scaleway console, navigate to the Edge Services dashboard for the Object Storage bucket or Load Balancer origin for which you want to enable caching:
+
+
+
+2. In the **Cache** panel, use the icon to enable the cache.
+
+ The **Lifetime** configuration box displays. This enables you to define, in seconds, how long an object can be stored in the cache before it must be retrieved freshly from the origin (Object Storage bucket or Load Balancer).
+
+
+
+
+ As an example, a value of 0 means that objects will not be cached, unless they have a separately-defined caching directive. Note that in any case, if an object has a caching directive, the caching directive always takes precedence over any lifetime setting defined here in Edge Services.
+
+
+3. Leave the default value of 1 hour in place, or enter another value.
+
+The cache is now enabled.
+
+For information on purging your cache, see our [dedicated documentation](/network/edge-services/how-to/configure-cache/).
+
+## How to delete an Edge Services pipeline
+
+You can delete an Edge Services pipeline at any time. Follow the steps below, depending on whether your pipeline is towards an Object Storage bucket origin or a Load Balancer origin.
+
+
+
+ 1. Click **Object Storage** in the **Storage** section of the Scaleway console side menu. The list of your buckets displays.
+
+ 2. Click the name of the bucket you want to disable Edge Services for.
+
+ 3. Click the **Edge Services** tab.
+
+
+
+ 4. In the **Disable Edge Services** panel at the bottom of the screen, click **Disable Edge Services**.
+
+ A pop-up displays, informing you that the bucket will be removed from Edge Services.
+ - The bucket will no longer be accessible via its Edge Services endpoint, or any customized domains pointing to this endpoint.
+ - Any files stored in the Edge Services cache will be removed.
+
+
+ Remember to:
+ - Delete your CNAME record from your domain provider, unless your domain is managed with Scaleway Domains and DNS, in which case we take care of deletion for you.
+ - Delete any SSL/TLS certificates you imported into Secret Manager (if no longer required elsewhere, so that you are no longer billed for it). If you generated a managed Let's Encrypt certificate however, Scaleway takes care of the deletion for you.
+
+
+5. Click **Disable Edge Services**.
+
+ Edge Services is disabled and the pipeline for this bucket is deleted. You can enable it again at any time to create a new pipeline, but you will need to reconfigure your custom domain, and the cache will initially be empty.
+
+
+ 1. Click **Load Balancers** in the **Network** section of the Scaleway console side menu. The list of your Load Balancers displays.
+
+ 2. Click the **Edge Services** tab. A list of your pipelines displays.
+
+ 3. Click the pipeline you want to delete. The Edge Services dashboard for that pipeline displays.
+
+
+
+ 4. In the **Delete Edge Services pipeline** panel at the bottom of the screen, click **Delete Edge Services pipeline**.
+
+ A pop-up displays, informing you that the pipeline will be deleted
+ - The Load Balancer origin will no longer be accessible via its Edge Services endpoint, or any customized domains pointing to this endpoint.
+ - Any files stored in the Edge Services cache for this pipeline will be removed.
+
+
+ If you set up a customized domain for your Edge Services endpoint, remember to:
+ - Delete your CNAME record from your domain provider, unless your domain is managed with Scaleway Domains and DNS, in which case we take care of deletion for you.
+ - Delete any SSL/TLS certificates you imported into Secret Manager (if no longer required elsewhere, so that you are no longer billed for it). If you generated a managed Let's Encrypt certificate however, Scaleway takes care of the deletion for you.
+
+
+ 5. Click **Confirm*.
+
+ The Edge Services pipeline for this Load Balancer origin is deleted. You create a new pipeline at any time, but you will need to reconfigure any custom domains, and the cache will initially be empty.
+
+
\ No newline at end of file
diff --git a/storage/object/reference-content/assets/scaleway-cert-expired.webp b/network/edge-services/reference-content/assets/scaleway-cert-expired.webp
similarity index 100%
rename from storage/object/reference-content/assets/scaleway-cert-expired.webp
rename to network/edge-services/reference-content/assets/scaleway-cert-expired.webp
diff --git a/storage/object/reference-content/assets/scaleway-edge-services-cname-error.webp b/network/edge-services/reference-content/assets/scaleway-edge-services-cname-error.webp
similarity index 100%
rename from storage/object/reference-content/assets/scaleway-edge-services-cname-error.webp
rename to network/edge-services/reference-content/assets/scaleway-edge-services-cname-error.webp
diff --git a/network/edge-services/reference-content/assets/scaleway-edge-services-configure-domain.webp b/network/edge-services/reference-content/assets/scaleway-edge-services-configure-domain.webp
new file mode 100644
index 0000000000..520f1f44fb
Binary files /dev/null and b/network/edge-services/reference-content/assets/scaleway-edge-services-configure-domain.webp differ
diff --git a/storage/object/reference-content/assets/scaleway-edge-services-dashboard-error.webp b/network/edge-services/reference-content/assets/scaleway-edge-services-dashboard-error.webp
similarity index 100%
rename from storage/object/reference-content/assets/scaleway-edge-services-dashboard-error.webp
rename to network/edge-services/reference-content/assets/scaleway-edge-services-dashboard-error.webp
diff --git a/network/edge-services/reference-content/cname-record.mdx b/network/edge-services/reference-content/cname-record.mdx
new file mode 100644
index 0000000000..5506012aed
--- /dev/null
+++ b/network/edge-services/reference-content/cname-record.mdx
@@ -0,0 +1,93 @@
+---
+meta:
+ title: CNAME records and DNS for Edge Services
+ description: Learn how to set up and manage CNAME records for Scaleway Edge Services pipelines. Follow our detailed guide to configure your custom domain and enhance your cloud accessibility.
+content:
+ h1: CNAME records and DNS for Edge Services
+ paragraph: Learn how to set up and manage CNAME records for Scaleway Edge Services pipelines. Follow our detailed guide to configure your custom domain and enhance your cloud accessibility.
+tags: edge-services pipeline cname dns
+dates:
+ validation: 2024-07-25
+categories:
+ - network
+---
+
+This document contains information to help you successfully create a CNAME record for your customized [Edge Services](/network/edge-services/) domain, and troubleshoot any potential DNS problems.
+
+## What is a CNAME record?
+
+A **C**anonical **Name** (CNAME) record is a type of [DNS record](/network/domains-and-dns/concepts/#dns-record). Generally, DNS records hold information for translating a domain or subdomain to an IP address, mail server or other domain/subdomain. They are crucial in directing internet traffic to the correct servers. More specifically, CNAME records map one domain name (an alias) to another (the canonical name).
+
+A CNAME record may look like the following:
+
+| Hostname / Alias | Destination / Canonical Name |
+|----------------------------|-------------------------------|
+| `videos.example.com` | `otherdomain.com` |
+
+In this case, when a DNS server sees this record for `videos.example.com` it will know not to direct traffic to `videos.example.com`'s own IP address, but to that of `otherdomain.com`. It will find `othercomain.com`'s IP address via its [A record](/network/domains-and-dns/reference-content/understanding-dns-records/#a-record).
+
+When the client actually connects to `otherdomain.com`'s IP address, the web server can see that the requested URL was `videos.example.com`, and deliver the relevant content.
+
+## When and why do I need to create a CNAME record for Edge Services?
+
+When you create an Edge Services pipeline to an [origin](/network/edge-services/concepts/#origin) (Object Storage bucket or Load Balancer), initially the origin content is served through the standard Edge Services endpoint, e.g. `pipeline-id-or-bucket-name.svc.edge.scw.cloud`. If you do not want to customize the standard Edge Services endpoint, you do not need to worry about CNAME records.
+
+However, if you choose to [customize your Edge Services endpoint with your own subdomain](/network/edge-services/how-to/configure-custom-domain/), a CNAME record must be created to point your subdomain to the Edge Services endpoint.
+
+ - If your domain is managed with [Scaleway Domains and DNS](/network/domains-and-dns/quickstart/), we take care of auto-generating the appropriate CNAME record for you, as well as deleting it if and when you deactivate Edge Services. There is no action for you to take. You should not attempt to modify or delete the CNAME record (which will be visible among your Domains and DNS records in the console).
+ - If your domain is managed by an external provider, Scaleway is unable to create the appropriate CNAME record for you. You will be prompted, as part of the process for customizing your Edge Services domain, to create this record yourself with your domain provider.
+
+
+
+## How to create a CNAME record
+
+Log into your domain provider, and locate the DNS settings for your domain. Create a new CNAME record pointing your subdomain to the Edge Services endpoint for your bucket or Load Balancer origin. This endpoint can be retrieved from the Scaleway console.
+
+The interface used by different domain providers varies, but creating your CNAME record may look like one of the following examples:
+
+| Record | Destination |
+|--------------------------------------------|------------------------------------------|
+| `my-chosen-subdomain.beautiful-domain.com` | `pipeline-id-or-bucket-name.svc.edge.scw.cloud.` |
+
+| Subdomain | Target host |
+|--------------------------------------------|------------------------------------------------|
+| `my-chosen-subdomain` | `pipeline-id-or-bucket-name.svc.edge.scw.cloud.` |
+
+| Host record | Points to |
+|--------------------------------------------|------------------------------------------------|
+| `my-chosen-subdomain` | `pipeline-id-or-bucket-name.svc.edge.scw.cloud.` |
+
+| `my-chosen-subdomain` | Record Type | Value |
+|--------------------------------------------|-----------------|------------------------------------------------|
+| `@` | `CNAME` | is an alias of `pipeline-id-or-bucket-name.svc.edge.scw.cloud.`|
+
+
+The trailing dot at the end of the target endpoint (`pipeline-id-or-bucket-name.svc.edge.scw.cloud.`) is implicitly added by some domain and DNS providers, and must be explicitly added for others. Check with yours whether the dot is necessary.
+
+
+You may also see a `TTL` field, which stands for **T**ime **T**o **L**ive. This tells the DNS resolver how long it can cache this record, before it must re-check the origin source in case something has changed. TTL is measured in seconds, and the default value is usually 12 hours (43200 seconds) or 24 hours (86400 seconds).
+
+ ## Troubleshooting DNS and subdomain errors
+
+When setting up your customized subdomain with Edge Services, you have the option to carry out a verification check on the CNAME record (if your domain is managed with an external provider). Edge Services will query the subdomain and check that it resolves correctly to the Edge Services endpoint. If there is a problem, you will see an error message:
+
+
+
+An error message may also display at a later point from your Edge Services dashboard if a problem is detected at any point with your CNAME record or subdomain:
+
+
+
+See the table below for help with troubleshooting these errors:
+
+| Error message | Solution |
+|-------------------------------------------|---------------------------------------------------------------------|
+| No CNAME record found | Make sure you have created a valid DNS record of type **CNAME** (not **A**, **AAAA** or another type), where your subdomain points to the Edge Services endpoint. |
+| Incorrect CNAME | Make sure your CNAME record points to the Edge Services endpoint in the format `bucket-name.svc.edge.scw.cloud.`, and that you have replaced `pipeline-id-or-bucket-name` with the name of your bucket in the case of an Object Storage origin, or the pipeline ID in the case of a Load Balancer origin. |
+| Domain does not exist | You must own the domain name you are attempting to configure. If you do not already own the domain name, you cannot create a subdomain or CNAME record for it. Register the domain name, for example using our [Domains and DNS](/network/domains-and-dns/how-to/register-internal-domain/) product, then create a CNAME record for the subdomain. Otherwise, ensure you did not make a typo when entering the domain name into the Scaleway console. |
+| scw.cloud is forbidden | You cannot use subdomains of the `scw.cloud` domain, as the domain is owned and managed by Scaleway and you cannot create DNS records for it. Use your own domain and subdomain. |
+| Invalid Top Level Domain | Make sure the Top-Level Domain (e.g. `.com`, `.fr`) you entered is correct. |
+| Root domain not allowed | You cannot use a root domain alone to customize Edge Services (e.g. `example.com`. Make sure you use a subdomain (e.g. `blog.example.com`)) | |
+| Subdomain must be a correctly-formatted, fully-qualified subdomain name | Make sure the subdomain name you entered is [correctly formatted](https://en.wikipedia.org/wiki/Domain_name#Domain_name_syntax), e.g. `foo.example.fr`. |
+| Record already exists for this FQDN in your DNS zone | Choose a different subdomain, or delete the existing DNS record. |
+
+Note that if your domain is managed by Scaleway Domains and DNS and you therefore have an auto-created CNAME record, you should **not** attempt to delete it or modify it in any way. Scaleway will take care of deleting the CNAME record if and when you deactivate Edge Services.
diff --git a/network/edge-services/reference-content/index.mdx b/network/edge-services/reference-content/index.mdx
new file mode 100644
index 0000000000..1fed4496b5
--- /dev/null
+++ b/network/edge-services/reference-content/index.mdx
@@ -0,0 +1,8 @@
+---
+meta:
+ title: Edge Services - Additional Content
+ description: Explore detailed Scaleway configurations, best practices and troubleshooting for Scaleway Edge Services. Optimize creation of your SSL/TLS certificates and CNAME records with our comprehensive reference guide.
+content:
+ h1: Edge Services - Additional Content
+ paragraph: Explore detailed Scaleway configurations, best practices and troubleshooting for Scaleway Edge Services. Optimize creation of your SSL/TLS certificates and CNAME records with our comprehensive reference guide.
+---
diff --git a/network/edge-services/reference-content/ssl-tls-certificate.mdx b/network/edge-services/reference-content/ssl-tls-certificate.mdx
new file mode 100644
index 0000000000..611338c16c
--- /dev/null
+++ b/network/edge-services/reference-content/ssl-tls-certificate.mdx
@@ -0,0 +1,231 @@
+---
+meta:
+ title: SSL/TLS Certificates for Edge Services
+ description: Discover how to configure SSL/TLS certificates for Scaleway Edge Services pipelines. Follow our comprehensive guide to secure your custom domains and ensure data protection.
+content:
+ h1: SSL/TLS Certificates for Edge Services
+ paragraph: Discover how to configure SSL/TLS certificates for Scaleway Edge Services pipelines. Follow our comprehensive guide to secure your custom domains and ensure data protection.
+tags: edge-services pipeline ssl-tls certificate ssl tls pem certificate-authority root-certificate pem chain ca
+dates:
+ validation: 2024-07-25
+categories:
+ - network
+---
+
+This document contains information to help you with SSL/TLS certificates that enable your origin bucket or Load Balancer content to be served over HTTPS, through your customized [Edge Services](/network/edge-services/) domain.
+
+## Introduction
+
+### What is an SSL/TLS certificate?
+
+An SSL/TLS certificate is a digital certificate that enables an encrypted connection between a client and a web server over HTTPS.
+
+You may hear certificates referred to as “SSL certificates”, “TLS certificates” or “SSL/TLS certificates”. These are all the same thing. SSL (Secured Socket Layer) was the protocol initially used for encryption, though it has now been replaced with TLS (Transport Layer Security).
+
+SSL/TLS certificates contain a **public key**, which corresponds to a separate **private key**. These work as a pair. When a client wants to establish an encrypted connection to a host, it requests the host's certificate. The host shares the certificate, which includes the public key (the private key is never shared and is kept by the host). The client checks the certificate, and uses the host's public key to encrypt the data that it transfers to the host. The host uses its private key to decrypt the data that has been encrypted by the public key.
+
+The private key is also used by the host for generating digital signatures, while the public key is used by clients for verifying those signatures.
+
+### When and why do I need an SSL/TLS certificate for Edge Services?
+
+When you enable Edge Services, initially your [origin's](/network/edge-services/concepts/#origin) content is served through the standard Edge Services endpoint, e.g. `https://pipeline-id-or-bucket-name.svc.edge.scw.cloud`. Scaleway's own SSL/TLS certificate, which covers this subdomain, is used to establish the encrypted connection between client and host. If you do not want to customize the standard Edge Services endpoint, you do not need to worry about creating SSL/TLS certificates.
+
+However, if you choose to [customize your Edge Services endpoint with your own subdomain](/network/edge-services/how-to/configure-custom-domain/), Scaleway's own SSL/TLS certificate can no longer be used to establish encrypted connections to your subdomain. Client connections are now initially going to a different domain which needs to be "guaranteed" by its own certificate (despite the CNAME record for the subdomain pointing to the Scaleway endpoint).
+
+Therefore, when you customize your Edge Services endpoint with a subdomain, you are prompted to generate or upload an SSL/TLS certificate for that subdomain.
+
+
+Even if you have an Edge Services pipeline for a Load Balancer origin, and you have already configured your Load Balancer with a certificate for HTTPS (using Let's Encrypt or a custom certificate), you will still need to follow the steps of this document to provide a certificate for your Edge Services pipeline's customized domain.
+
+
+## How can I provide an SSL/TLS certificate for my Edge Services customized domain?
+
+You will be prompted to choose one of the following options when [customizing your domain](/network/edge-services/how-to/configure-custom-domain/):
+
+- **Generate a Let's Encrypt certificate**: Scaleway generates a free, managed Let's Encrypt certificate for your domain and automatically renews it as necessary.
+
+- **Select an existing certificate from Secret Manager**: You select a certificate that you have already uploaded in [Scaleway Secret Manager](/identity-and-access-management/secret-manager/quickstart/).
+
+- **Manually import a certificate into Secret Manager**: You can manually create your own certificate and import it. It will be stored in Scaleway Secret Manager (check the [dedicated pricing page](https://www.scaleway.com/en/pricing/?tags=securityandidentity)).
+
+## Generating a managed Let's Encrypt certificate
+
+This is the hassle-free option if you do not want to create or manage your own SSL/TLS certificate. Scaleway takes care of generating a certificate for your customized domain in the correct format. The certificate is automatically renewed before it expires. This option is available for free: it costs you nothing for Scaleway to generate and manage a Let's Encrypt certificate for your domain.
+
+You must ensure that you have correctly set the [CNAME record](/network/edge-services/reference-content/cname-record/) for your domain. Without having done this, the Let's Encrypt certificate option in the console will not be available. It is also important to check the CNAME is correctly set up so that the certificate is properly generated and reviewed.
+
+Note that you will not have access to the generated certificate itself in Secret Manager or elsewhere. It is ent pipelineirely generated and managed "behind the scenes", and is not configurable by the user. If you reset your domain, or delete your Edge Services, Scaleway automatically deletes the generated Let's Encrypt certificate.
+
+### Troubleshooting
+
+#### Errors
+
+If there is a problem generating your managed Let's Encrypt certificate, an error will be displayed. See the table below for help resolving these errors.
+
+| Error | Solution |
+| ------------------------------------------------------------------------|---------------------------------------------------------------------|
+| Too many certificates already issued for this domain | Wait, before retrying. This error occurs when you hit the limit of generating 50 Let's Encrypt certificates in a rolling 7 day period for the same domain. |
+| Internal managed certificate error | [Open a support ticket](https://console.scaleway.com/support/tickets/create). There has been an unspecified error in generating a managed Let's Encrypt certificate for your subdomain. |
+| Certificate cannot be renewed - Your CNAME record is no longer accurate | Your CNAME record has either been deleted or modified. Without a correct CNAME record, we cannot renew your managed Let's Encrypt certificate. [Rectify your CNAME record](/network/edge-services/reference-content/cname-record/#how-to-create-a-cname-record), and when Edge Services detects the correct record exists, your certificate will be automatically renewed. |
+
+## Using your own certificate
+
+If you wish to use your own certificate, rather than the option of generating a managed Let's Encrypt certificate, take into account the following points.
+
+### Accepted certificate types
+
+Types of validation:
+
+- ❌ **Self-signed certificates**. Certificates for Edge Services must be signed by a Certificate Authority (CA)
+- ✅ **Domain Validated Certificate**. The CA simply checks that the applicant owns the domain.
+- ✅ **Extended/Organization Validation Certificate**. The applicant must pass more in-depth validation procedures and checks by the CA.
+
+Types of domain coverage:
+
+- ✅ **Single domain certificate**. Secures a single domain or subdomain. Note that the certificate must be for `your-sub.domain.com`, where the subdomain corresponds to the [subdomain for Edge Services](/network/edge-services/how-to/configure-custom-domain/). A single domain certificate simply for `yourdomain.com` would not be acceptable, as it would not cover the subdomain for Edge Services.
+- ✅ **Wildcard certificate**. Secures multiple subdomains for a domain, using a wildcard `*` symbol. The **Common Name** of the certificate should look like `*.yourdomain.com`.
+- ✅ **Multi-domain (MD) / Subject Alternative Name (SAN) / Unified Communications Certificate (UCC) certificate**. Secures multiple explicitly-defined fully qualified domain names (`www.yourfirstdomain.com`, `sub.yourfirstdomain.com`, `yourfirstdomain.com`, `yourseconddomain.com`, `sub.yourseconddomain.com` etc.)
+
+### PEM format certificate chain
+
+Edge Services requires that you import your certificate as a PEM-formatted certificate chain, which includes the private key. PEM format is Base64 encoded ASCII, and by definition includes lines stating `-----BEGIN x-----` and `-----END x-----`.
+
+Your PEM formatted certificate chain should look like this:
+
+```
+-----BEGIN PRIVATE KEY-----
+(private key here)
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+(primary certificate (aka server certificate) here)
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+(intermediate certificate here)
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+(root certificate here)
+-----END CERTIFICATE-----
+```
+
+| Section | Contains | Subject (issued for) | Issued and signed by |
+|--------------------------|------------------------------------------------------------------|------------------------|----------------------|
+| Private key | The private key file for the certificate | | |
+| Primary/server certificate | The certificate issued by the CA for your domain name | Your name and public key | CA |
+| Intermediate certificate | The intermediate certificate chaining your primary certificate to the root certificate | CA's name and public key. | Root CA |
+| Root certificate | The root certificate by the CA, for the trusted CA itself | The Root CA's name and public key | Root CA (self signed) |
+
+Note that in certain cases an intermediate certificate may not be necessary, if the root certificate chains directly to the primary/server certificate. The crucial thing is that the subject and issuers of each certificate form a coherent chain of validation. If a certificate is issued by an authority that is not present in the chain, an error will occur.
+
+
+
+You can use the [OpenSSL](https://www.openssl.org/) utility to convert certificates and keys from other formats to PEM, from the command line. Once installed, use a command like the following:
+
+```sh
+openssl x509 -in cert.crt -out cert.pem
+```
+
+```sh
+openssl x509 -in cert.der -out cert.pem
+```
+
+```sh
+openssl x509 -in cert.cer -out cert.pem
+```
+
+When you have your key, your server certificate and your root certificate all in separate files, you can use the `cat` command to chain them together into one file, ready to be copied and pasted:
+
+```sh
+cat private_key.pem cert.pem root_cert.pem > cert_chain.pem
+```
+
+
+
+### Tips for creating a certificate
+
+In general, SSL/TLS certificates can either be **self-signed** (signed by the subject of the certificate, e.g. the owner of the domain) or **CA-signed** (signed by a third party **C**ertificate **A**uthority which is publicly trusted).
+
+**Self-signed certificates cannot be used with Edge Services, all certificates must be signed by a CA that is known and trusted by Edge Services.**
+
+To get an SSL/TLS certificate for your domain or subdomain, you need to generate a Certificate Signing Request (CSR) and submit it to a Certificate Authority (CA) for them to validate your domain, who then send you a signed certificate. You may be able to carry out this procedure via your hosting provider, or from the command line.
+
+CAs of private companies whose primary business is not SSL or domains may not be trusted by Edge Services. If you encounter a self-signed certificate error with Edge Services, but you believe your certificate is legitimately signed by an official CA, [open a support ticket](https://console.scaleway.com/support/tickets) to tell us.
+
+
+
+To get a working Let's Encrypt certificate using certbot on the command line, follow the steps below:
+
+1. Install [certbot](https://certbot.eff.org/) on your machine.
+2. Open a terminal and run the following command, inserting your subdomain where shown:
+ ```bash
+ sudo certbot certonly --manual --preferred-challenges dns -d
+ ```
+ The command returns a token and asks you to create a TXT record in your DNS.
+3. Go to your domain/DNS provider and create a TXT record. The record name should be `_acme-challenge.your-subdomain.your-domain.ext` and the record must contain the token provided by certbot. Make sure the record has a short TTL in case you have to modify it for debugging purposes.
+4. Return to the terminal and press `Enter` once your record is ready.
+ Certbot starts the verification process. If it succeeds, the certificate is downloaded to your machine in two files: the private key and the certificate.
+5. Concatenate the two files into one, using the following command:
+ ```bash
+ cat privkey.pem fullchain.pem > certificate.pem
+ ```
+6. Delete the TXT record from your DNS.
+
+
+
+### Uploading your certificate
+
+When you [configure your customized domain](/network/edge-services/how-to/configure-custom-domain/) with Edge Services for the first time, you are prompted to upload your certificate. You can do so in two ways:
+
+ - Select an existing certificate that you have stored in a secret in [Scaleway Secret Manager](/identity-and-access-management/secret-manager/quickstart/). The secret must be of the **certificate** type in order to be visible to Edge Services. The type can be defined when creating a secret via the [API](https://www.scaleway.com/en/developers/api/secret-manager/#path-secrets-create-a-secret), but not via the console. For that reason, if you prefer to use the console to create your certificates, we suggest using the next option:
+ - Manually import a certificate into Scaleway Secret Manager, directly from the Edge Services **Configure domain** wizard (copy and paste the PEM formatted chain). Your certificate will be automatically stored in Secret Manager, held in a secret that automatically inherits the type "certificate".
+
+### Keeping your certificate up to date
+
+SSL/TLS certificates all expire at some point. If your certificate expires before you upload a new one, you will see an error like this on your Edge Services dashboard:
+
+
+
+You must renew your certificate or create a new one. A number of tools are available to ensure that certificates are automatically renewed before expiry, for example [Certbot for LetsEncrypt](https://eff-certbot.readthedocs.io/en/stable/using.html#renewing-certificates). However, since Certbot or other tools for automatically renewing certificates are not currently integrated into Edge Services, you will need to manually update the certificate via the Scaleway console.
+
+When you have your up to date certificate, go to [Secret Manager](https://console.scaleway.com/secret-manager/secrets) in the console, and access the secret that contains your certificate. [Create a new version](/identity-and-access-management/secret-manager/how-to/create-version/) of the secret, to hold the up to date certificate. Edge Services will automatically detect and use the most recent enabled version of the secret. You can nonetheless choose to disable or delete the old version(s) as you prefer, which will also save your billing costs (since you are billed per version).
+
+
+
+If you change your customized subdomain to something new, you will need to generate and import a new certificate for that subdomain. In this case, it is recommended to create a new [secret](/identity-and-access-management/secret-manager/concepts/#secret) to hold the new certificate, rather than creating a new version of an existing secret.
+
+
+
+### Troubleshooting
+
+#### Errors
+
+If Edge Services detects a problem with your certificate, an error will be displayed. See the table below for help resolving these errors.
+
+| Error | Solution |
+|-------------------------------------------------------------------------|---------------------------------------------------------------------|
+| Certificate format | Make sure your certificate is in [PEM format](#pem-format-certificate-chain). |
+| Certificate private key format | Make sure your private key is in [PEM format](#pem-format-certificate-chain).|
+| Missing server certificate | Make sure the server certificate (which validates your own subdomain) is included in the [PEM-formatted chain](#pem-format-certificate-chain).|
+| Missing private key | Make sure your private key is included in the [PEM-formatted chain](#pem-format-certificate-chain).|
+| Missing root certificate | Make sure a valid root certificate is included in the [PEM-formatted chain](#pem-format-certificate-chain). |
+| Wrong order | Make sure the server certificate (which validates your own subdomain) is listed before the intermediate and root certificates in the [PEM-formatted chain](#pem-format-certificate-chain) |
+| Too many private keys | Make sure the [PEM-formatted chain](#pem-format-certificate-chain) includes only one corresponding private key |
+| Self-signed certificates not allowed | Create and upload a certificate issued by a recognized [certificate authority](#how-to-get-a-certificate). If you receive this error but believe your certificate is legitimately signed by an official CA, [open a support ticket](https://console.scaleway.com/support/tickets) to tell us. |
+| Invalid intermediate or root certificate authority | Make sure each **Issuer** field matches the **Subject** of the next certificate in the [PEM-formatted chain](#pem-format-certificate-chain).|
+| Incorrect root certificate | Make sure your server certificate chains up to the provided root(s) certificate(s) in the [PEM-formatted chain](#pem-format-certificate-chain). |
+| Private key and certificate mismatch | Make sure the private key in the [PEM-formatted chain](#pem-format-certificate-chain) matches the server certificate. |
+| Subdomain and server certificate mismatch | Make sure the subdomain you configured for Edge Services matches that of the server certificate. |
+| Certificate expired | [Create a new certificate](#keeping-your-certificate-up-to-date) and import it. |
+
+If any of these errors are detected while you are initially configuring your subdomain, you will be blocked from continuing until the error is fixed.
+
+However, these errors may also be detected and displayed on your Edge Services dashboard even after you have initially successfully configured your subdomain and certificate. This could be the case, for example, if your certificate has since expired, you have modified your subdomain without modifying the certificate, or you have modified the certificate in Secret Manager. In this case, your initial certificate will remain in use by Edge Services until the error is fixed, but clients may see an error in their browser as they try to access your customized domain.
+
+To fix the problem, you must generate a valid certificate, and then do one of the following:
+
+- [Use Edge Services to import a new certificate directly](/network/edge-services/how-to/configure-custom-domain/#how-to-edit-your-customized-domain-or-its-certificate)
+- [Create a new secret](/identity-and-access-management/secret-manager/how-to/create-secret/) to hold the certificate in Secret Manager, and [edit your customized endpoint with Edge services](/network/edge-services/how-to/configure-custom-domain/#how-to-edit-your-customized-domain-or-its-certificate) to tell it to use this secret
+- [Create a new version](/identity-and-access-management/secret-manager/how-to/create-version/) of the existing secret holding your expired certificate, where the new version contains a valid certificate. If Edge Services is already using this secret, it will automatically detect and use the new version - it always uses the most recent enabled version of a secret.
+
+#### Secret not visible for selection in Edge Services
+
+You may find that a certificate you have stored in Secret Manager is not available for selection from Edge Services. This is probably because the secret does not have the "certificate" type, which is necessary for it to be visible to Edge Services. The "type" of a secret can be defined when creating a secret via the [API](https://www.scaleway.com/en/developers/api/secret-manager/#path-secrets-create-a-secret), but not via the console. For that reason, if you prefer to use the console to create your certificates, we suggest manually importing the certificate via Edge Services rather than via Secret Manager. This way, it will automatically inherit the "certificate" type.
\ No newline at end of file
diff --git a/storage/object/how-to/assets/scaleway-edge-services-dashboard.webp b/storage/object/how-to/assets/scaleway-edge-services-dashboard.webp
deleted file mode 100644
index 0d29c2736d..0000000000
Binary files a/storage/object/how-to/assets/scaleway-edge-services-dashboard.webp and /dev/null differ
diff --git a/storage/object/how-to/assets/scaleway-edge-services-select-bucket.webp b/storage/object/how-to/assets/scaleway-edge-services-select-bucket.webp
deleted file mode 100644
index d5538db14a..0000000000
Binary files a/storage/object/how-to/assets/scaleway-edge-services-select-bucket.webp and /dev/null differ
diff --git a/storage/object/how-to/get-started-edge-services.mdx b/storage/object/how-to/get-started-edge-services.mdx
index 02adf1e265..51bbc7e9b9 100644
--- a/storage/object/how-to/get-started-edge-services.mdx
+++ b/storage/object/how-to/get-started-edge-services.mdx
@@ -7,350 +7,13 @@ content:
paragraph: Introduction to getting started with Scaleway Edge Services.
tags: object storage edge services edge-services cdn content delivery network cache domain certificate custom-domain https
dates:
- validation: 2024-03-18
+ validation: 2024-09-05
posted: 2023-09-14
categories:
- storage
- object-storage
---
-Edge Services is an additional feature for Scaleway Object Storage buckets, currently available in [Public Beta](https://www.scaleway.com/en/betas/).
+Edge Services is an additional feature for Scaleway Object Storage buckets and Load Balancers, currently available in [Public Beta](https://www.scaleway.com/en/betas/).
-Enabling Edge Services on your Object Storage bucket brings you a number of possible benefits:
-
-- Customize your bucket's endpoint using a subdomain of your own domain
-- Add your own SSL/TLS certificate, safeguarded in [Scaleway Secret Manager](/identity-and-access-management/secret-manager/quickstart/), or generate a managed Let's Encrypt certificate, so your subdomain can serve content from your bucket over HTTPS
-- Enhance performance by caching your stored objects, to be served directly by Edge Services from the cache
-- Finely control your cached objects via purging (cache invalidation)
-
-Read on to learn how to enable Edge Services on your bucket, and configure your endpoint and cache.
-
-
-
-- A Scaleway account logged into the [console](https://console.scaleway.com)
-- [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization
-- An [Object Storage bucket](/storage/object/how-to/create-a-bucket/)
-
-## How to enable Edge Services
-
-Edge Services is available as a feature on Object Storage buckets. It must be enabled on a bucket-by-bucket basis.
-
-1. Click **Object Storage** in the **Storage** section of the Scaleway console side menu. The list of your buckets displays.
-
-2. Click the name of the bucket you want to enable Edge Services on.
-
-
-3. Click the **Edge Services** tab.
-
-
-
-4. Click **Enable Edge Services for free**.
-
- A pop-up informs you that your bucket will be exposed via Edge Services and that you can disable Edge Services at any time. Edge Services is free during the beta stage, and you will be notified before it becomes billable.
-
-5. Click **Enable Edge Services** to confirm.
-
- Edge Services is enabled on your bucket, and its various features are now visible on the Edge Services tab, ready to be configured.
-
-
-
-
-
- Your bucket's [visibility](/storage/object/concepts/#visibility) can be set to **private**, but any objects within it that you want to expose via Edge Services must be set to [**public** visibility](/storage/object/how-to/manage-object-visibility/). However, in the case that you are using Edge Services with bucket website, objects can remain private.
-
-
-
-## How to access your bucket via Edge Services
-
-Once you have enabled Edge Services on your bucket, you can access your bucket and its content via the following endpoints (replace `bucket-name` with the name of your bucket.)
-
-| Endpoint | Where to find this endpoint in the console | Notes |
-|-----------------------------------------|--------------------------|-----------------------------------------------------------------------------------|
-| `https://bucket-name.s3.nl-ams.scw.cloud` | The **Bucket settings** tab | Edge Services is bypassed when bucket is accessed via this endpoint |
-| `https://bucket-name.svc.edge.scw.cloud` | The **Edge Services** tab | Edge Services serves bucket content when this endpoint is used |
-
-The two endpoints shown above are available as standard. However, with Edge Services, you can also choose to configure a **custom domain** from which your bucket can be accessed. Read more about this in the next section.
-
-## How to use custom domains
-
-### How to configure a custom domain
-
-If you already own a domain, you can use Edge Services to set a subdomain of your choice through which your bucket can be accessed.
-
-For example, if you own `beautiful-domain.com`, you can configure your bucket to be accessed via the subdomain `whatever-i-want.beautiful-domain.com`. You must also add an SSL/TLS certificate so that your subdomain can securely serve your bucket's content via HTTPS.
-
-| Endpoint | Where to find this endpoint in the console |Notes |
-|----------------------------------------------|-------------------------------------------------|-------------------------------------------------------------|
-| `https://whatever-i-want.beautiful-domain.com`| The **Edge Services** tab (after customization) | Edge Services serves bucket content when this endpoint is used. The pre-existing endpoints shown in the table in the previous section also continue to be functional as before. |
-
-You cannot customize your endpoint with a primary domain directly (e.g. `beautiful-domain.com`), only with a subdomain of it.
-
-The procedure for adding a customized endpoint is as follows:
-
-1. Click **Object Storage** in the **Storage** section of the Scaleway console side menu. The list of your buckets displays.
-
-2. Click the name of the bucket you want to configure a custom domain for.
-
-3. Click the **Edge Services** tab.
-
-
-
-4. In the **Endpoint** panel, click **Configure domain**. The following screen displays:
-
-
-
-5. Set a subdomain from which your bucket will be accessible. You must already own the primary domain. For example, if you own `beautiful-domain.com`, choose any subdomain you like and enter `my-chosen-subdomain.beautiful-domain.com` into the box.
-
-
- It is **not** possible to use only a root domain (aka primary domain or apex domain), you must use a subdomain. This is because CNAME records, essential to point your domain to your Edge Services endpoint, cannot by definition be created for root domains, only for subdomains.
- ✅ blog.example.com
- ❌ example.com
-
-
-6. This step depends on whether the domain used in the previous step is managed with [Scaleway Domains and DNS](https://www.scaleway.com/en/docs/network/domains-and-dns/), or an external domain provider. Choose the appropriate tab below.
-
-
-
-
- The domain you are using for Edge Services is considered to be managed with Scaleway Domains and DNS if:
- - You [registered the domain](/network/domains-and-dns/how-to/register-internal-domain/) with Domains and DNS, or
- - You [transferred an externally-registered domain](/network/domains-and-dns/how-to/transfer-external-domain/) to Domains and DNS
-
- If either of the above is true, Scaleway will auto-detect that the domain is managed by Domains and DNS, and a message will display confirming that you do not need to create a CNAME record. We will auto-generate the appropriate CNAME record in your domain's [DNS records](/network/domains-and-dns/how-to/manage-dns-records/), to point your subdomain to the Edge Services endpoint for your bucket. This record is generated when you click `Customize domain` in step 8.
-
- You should not attempt to modify or delete the CNAME record, which will be visible among your [DNS records](/network/domains-and-dns/how-to/manage-dns-records/) in the Scaleway console.
-
-
-
- Scaleway cannot itself create the appropriate CNAME record to point your subdomain to Edge Services if your domain is managed by an external provider. You must create the CNAME record yourself.
-
- Log into your domain provider, and locate the DNS settings for your domain. Create a new CNAME record pointing your subdomain to the Edge Services endpoint for your bucket displayed in the Scaleway console. For help setting up CNAME records and troubleshooting any problems, [check out our dedicated documentation](/storage/object/reference-content/cname-record/)
-
- Back in the Scaleway console, click the `Verify CNAME` button to check whether your CNAME record has been correctly configured. Edge Services will carry out a check, and if it is successful the following message displays:
-
-
-
- If the check fails, an error message will display. See the documentation linked above for help troubleshooting such errors.
-
-
-
-7. Provide an SSL/TLS certificate for your subdomain so that it can serve traffic over HTTPS. You have three options for this:
- - Generate a free Let's Encrypt certificate, managed by Scaleway, including automatic renewals.
- - Select an existing certificate that you have stored in [Scaleway Secret Manager](/identity-and-access-management/secret-manager/quickstart/).
- - Manually import a certificate into Scaleway Secret Manager:
- - Enter a name for your certificate (alphanumeric characters only)
- - Optionally, add tags by typing each tag and then pressing enter
- - Copy and paste the full PEM-formatted certificate chain into the box.
- Your certificate will be automatically stored in Secret Manager and [billed accordingly](https://www.scaleway.com/en/pricing/?tags=available,securityandidentity-secretmanager-secretmanager).
-
-
- For help with SSL/TLS certificates for Edge Services, and/or dealing with any errors you encounter importing a certificate into Secret Manager, see our [dedicated documentation](/storage/object/reference-content/ssl-tls-certificate/).
-
-
-8. Click **Customize domain** to finish.
-
-Your customized domain is set up, and you are returned to the Edge Services dashboard. The customized domain displays in the Endpoint panel. When you access your bucket through this domain, its content will be served via Edge Services.
-
-
-If you chose to generate a managed Let's Encrypt certificate, allow a few minutes for the certificate to finish creating. When the process is complete and the certificate is ready, you will see a green status light for **SSL/TLS certificate** on your endpoint dashboard.
-
-
-
-
-
-### How to edit your customized domain or its certificate
-
-After customizing your domain, you can edit it (or its certificate) at any time as follows:
-
-1. Click **Object Storage** in the **Storage** section of the Scaleway console side menu. The list of your buckets displays.
-
-2. Click the name of the bucket you want to configure a custom domain for.
-
-3. Click the **Edge Services** tab.
-
-
-
-4. In the **Endpoint** panel, click **Edit**. The **Edit Domain** screen displays.
-
-5. Edit the subdomain as desired - do not forget to also set up a new CNAME record, if necessary.
-
-6. Edit your certificate options as required - choose to generate a managed Let's Encrypt certificate, managed by Scaleway including automatic renewals, or select a different certificate from Secret Manager, or manually import a new certificate for your custom domain.
-
-7. Click **Edit domain** to finish.
-
-### How to reset your customized domain to the original Edge Services endpoint
-
-Even though the original Edge Services endpoint (e.g. `https://bucket-name.svc.edge.scw.cloud`) will continue to work after you add a customized domain, you can choose to remove your customized domain completely and go back to the original Edge Services endpoint only. This is done via the reset function:
-
-1. Click **Object Storage** in the **Storage** section of the Scaleway console side menu. The list of your buckets displays.
-
-2. Click the name of the bucket you want to configure a custom domain for.
-
-3. Click the **Edge Services** tab.
-
-
-
-4. In the **Endpoint** panel, click **Reset**.
-
- A screen displays warning you that this will reset the bucket's domain back to the default Edge Services endpoint. Edge Services will consider your customized subdomain as unknown. You should also remember to:
- - Delete your CNAME record from your domain provider, unless your domain is managed with Scaleway Domains and DNS, in which case we take care of deletion for you.
- - Delete any SSL/TLS certificates you imported into Secret Manager (if no longer required elsewhere, so that you are no longer billed for it). If you generated a managed Let's Encrypt certificate however, Scaleway takes care of the deletion for you.
-
-5. Click **Reset domain** to finish.
-
-## How to configure your cache
-
-The cache feature allows you to cache your bucket's content with Edge Services. This means that content can be served directly to users from Edge Services' servers, enhancing performance.
-
-You can disable and enable caching at will, as well as control the lifetime of an object in the cache. You can also purge your entire cache, or specific objects within it. A log is displayed to help you track your purge events.
-
-### How to enable your cache
-
-1. Click **Object Storage** in the **Storage** section of the Scaleway console side menu. The list of your buckets displays.
-
-2. Click the name of the bucket you want to configure a cache for.
-
-3. Click the **Edge Services** tab.
-
-
-
-4. In the **Cache** panel, use the icon to enable the cache.
-
- The **Lifetime** configuration box displays. This enables you to define, in seconds, how long an object can be stored in the cache before it must be retrieved freshly from the bucket.
-
-
-
-
- As an example, a value of 0 means that objects will not be cached, unless they have a separately-defined caching directive. Note that in any case, if an object has a caching directive, the caching directive always takes precedence over any lifetime setting defined here in Edge Services.
-
-
-5. Leave the default value of 1 hour in place, or enter another value.
-
-The cache is now enabled.
-
-### How to purge all objects from your cache
-
-This clears all objects from your cache. Afterwards, Edge Services will retrieve fresh copies from the bucket before it stores them again in the cache.
-
-1. Click **Object Storage** in the **Storage** section of the Scaleway console side menu. The list of your buckets displays.
-
-2. Click the name of the bucket you want to purge the cache for.
-
-3. Click the **Edge Services** tab.
-
-4. In the **Purge cache** panel, click **Purge all**.
-
-
-
- A screen displays warning you that your cache will be emptied, and Edge Services will have to retrieve objects from your bucket before re-caching them.
-
-5. Click **Purge cache** to confirm.
-
-### How to purge specific objects from your cache
-
-This allows you to specify the precise objects that you want to clear from the cache. Afterwards, Edge Services will retrieve fresh copies from the bucket before it stores them again in the cache.
-
-1. Click **Object Storage** in the **Storage** section of the Scaleway console side menu. The list of your buckets displays.
-
-2. Click the name of the bucket you want to purge cache objects for.
-
-3. Click the **Edge Services** tab.
-
-4. In the **Purge cache** panel, click **Purge by object**.
-
-
-
- A screen displays prompting you to enter the path of each object you want to purge from the cache.
-
-
-
-5. Enter the path of each object you want to purge. You can purge a maximum of 5 objects at a time.
-
-
-
- The path for each object should be defined from the root of the bucket, and must start with a slash. If we imagine a bucket containing one file at the root level called `object1.jpg`, and a subfolder at root level called `videos` containing an item called `my-video.mp4`, we would enter the object paths as follows:
-
- - `/object1.jpg`
- - `/videos/my-video.mp4`
-
- You **cannot** purge entire subfolders by simply specifying the path to the subfolder, e.g. `/videos`. Purging objects must done strictly object-by-object, so `/videos/my-video1.mp4`, `/videos/my-video2.mp4`, `/videos/my-video3.mp4` etc. Watch this space for updates to this feature in the future.
-
-
-6. Click **Purge objects from cache**
-
- The specified objects are purged from your cache and you are returned to the Edge Services dashboard.
-
-### How to disable your cache
-
-1. Click **Object Storage** in the **Storage** section of the Scaleway console side menu. The list of your buckets displays.
-
-2. Click the name of the bucket you want to disable caching for.
-
-3. Click the **Edge Services** tab.
-
-4. In the **Cache** panel, use the icon to disable the cache.
-
- A pop-up displays, asking you to confirm the action.
-
-5. Click **Disable cache**.
-
- Your cache is purged and disabled. Edge Services will now serve content by fetching it from your Object Storage bucket directly. If you reenable your cache at a later point, you will begin with an empty cache.
-
-## How to monitor Edge Services with Scaleway Cockpit
-
-You can view your Edge Services metrics via [Scaleway Cockpit](/observability/cockpit/quickstart/). This allows you to monitor your ingress, egress, request rate and cache hit ratio as well as other metrics, in a convenient managed Grafana dashboard.
-
-Access your Edge Services dashboard in the Scaleway console via the shortcut in Edge Services tab of the bucket in question. Note that you will first need to [create a Grafana user and credentials](https://www.scaleway.com/en/docs/observability/cockpit/how-to/retrieve-grafana-credentials/).
-
-### Understanding the dashboard
-
-The Grafana dashboard presents a number of different metrics. Use the `Bucket name` drop-down in the top left to select which bucket to view Edge Services metrics for, and the time range drop-down in the top right to modify the time period to apply to the metrics.
-
-
-
-- **Request rate**: The number of requests made to Edge Services per second, for the specified bucket, averaged over the specified time period.
-- **Cache hit ratio**: The percentage of requests served from Edge Services' cache, compared to the total number of requests in total to Edge Services for this bucket, over the specified time period.
-- **Cache HIT/MISS**: A visual representation of the ratio of cache hits to misses, for the specified bucket, over the specified time period.
- - **Cache hit line**: The number of requests per second made to Edge Services for this bucket, which were served directly from its cache.
- - **Cache miss line**: The number of requests per second made to Edge Services for this bucket, where the content was fetched from the bucket rather than the cache.
- - **Total line**: The number of requests per second made to Edge Services for this bucket.
-
-- **Egress (to client)**: The total volume of data served to clients from Edge Services, for the specified bucket, over the specified time period.
-- **Ingress (from origin)**: The total volume of data from the origin bucket's server to Edge Services over the specified time period. This represents the traffic that occurs when Edge Services retrieves content from the bucket's server in order to fulfill requests.
-- **Edge Services throughput**: A visual representation of the rate of data transfer for the specified bucket with Edge Services over the specified time period.
- - **Output bitrate line**: The rate at which data is being delivered from Edge Services to end users.
- - **Input bitrate line**: The rate at which Edge Services is fetching data from the origin bucket server. Peaks in this line may represent times when Edge Services had to fetch content from the origin bucket, rather than being able to serve it directly from its own cache.
-
-- **Requests served**: The total number of requests that Edge Services has successfully served, for the specified bucket, over the specified time period.
-- **Edge Services response statuses**: A visual representation of the distribution of HTTP response statuses for requests served by Edge Services over the specified time period. Consult [the full list of HTTP status codes](https://en.wikipedia.org/wiki/List_of_HTTP_status_codes) for more information if necessary.
-
-- **Request origin country**: The proportion of requests (to Edge Services for the specified bucket over the specified time period) originating from different countries.
-- **End users location**: A visual representation of where Edge Services end users have been making requests from geographically.
-
-## How to disable Edge Services
-
-You can disable Edge Services at any time via the following procedure:
-
-1. Click **Object Storage** in the **Storage** section of the Scaleway console side menu. The list of your buckets displays.
-
-2. Click the name of the bucket you want to disable Edge Services for.
-
-3. Click the **Edge Services** tab.
-
-
-
-4. In the **Disable Edge Services** panel at the bottom of the screen, click **Disable Edge Services**.
-
- A pop-up displays, informing you that the bucket will be removed from Edge Services.
- - The bucket will no longer be accessible via its Edge Services endpoint, or any customized domains pointing to this endpoint.
- - Any files stored in the Edge Services cache will be removed.
-
-
- Remember to:
- - Delete your CNAME record from your domain provider, unless your domain is managed with Scaleway Domains and DNS, in which case we take care of deletion for you.
- - Delete any SSL/TLS certificates you imported into Secret Manager (if no longer required elsewhere, so that you are no longer billed for it). If you generated a managed Let's Encrypt certificate however, Scaleway takes care of the deletion for you.
-
-
-5. Click **Disable Edge Services**.
-
- Edge Services is disabled. You can enable it again at any time, but you will need to reconfigure your custom domain, and the cache will initially be empty.
\ No newline at end of file
+Documentation has moved to the new dedicated [Edge Services](/network/edge-services/) section.
diff --git a/storage/object/reference-content/cname-record.mdx b/storage/object/reference-content/cname-record.mdx
index 4deb167b60..d5fdb9277f 100644
--- a/storage/object/reference-content/cname-record.mdx
+++ b/storage/object/reference-content/cname-record.mdx
@@ -1,93 +1,15 @@
---
meta:
- title: CNAME records and DNS for Object Storage with Edge Services
- description: Set up CNAME records for efficient routing to Scaleway Object Storage.
+ title: CNAME records and DNS for Edge Services
+ description: Learn how to set up and manage CNAME records for Scaleway Edge Services pipelines. Follow our detailed guide to configure your custom domain and enhance your cloud accessibility.
content:
- h1: CNAME records and DNS for Object Storage with Edge Services
- paragraph: Set up CNAME records for efficient routing to Scaleway Object Storage.
-tags: object-storage edge-services cname dns
+ h1: CNAME records and DNS for Edge Services
+ paragraph: Learn how to set up and manage CNAME records for Scaleway Edge Services pipelines. Follow our detailed guide to configure your custom domain and enhance your cloud accessibility.
+tags: edge-services pipeline cname dns
dates:
- validation: 2024-05-06
+ validation: 2024-07-25
categories:
- - storage
+ - network
---
-This document contains information to help you successfully create a CNAME record for your customized [Edge Services](/storage/object/how-to/get-started-edge-services/) domain, and troubleshoot any potential DNS problems.
-
-## What is a CNAME record?
-
-A **C**anonical **Name** (CNAME) record is a type of [DNS record](/network/domains-and-dns/concepts/#dns-record). Generally, DNS records hold information for translating a domain or subdomain to an IP address, mail server or other domain/subdomain. They are crucial in directing internet traffic to the correct servers. More specifically, CNAME records map one domain name (an alias) to another (the canonical name).
-
-A CNAME record may look like the following:
-
-| Hostname / Alias | Destination / Canonical Name |
-|----------------------------|-------------------------------|
-| `videos.example.com` | `otherdomain.com` |
-
-In this case, when a DNS server sees this record for `videos.example.com` it will know not to direct traffic to `videos.example.com`'s own IP address, but to that of `otherdomain.com`. It will find `othercomain.com`'s IP address via its [A record](/network/domains-and-dns/reference-content/understanding-dns-records/#a-record).
-
-When the client actually connects to `otherdomain.com`'s IP address, the web server can see that the requested URL was `videos.example.com`, and deliver the relevant content.
-
-## When and why do I need to create a CNAME record for Edge Services?
-
-When you enable Edge Services, initially your bucket content is served through the standard Edge Services endpoint, e.g. `bucket-name.svc.edge.scw.cloud`. If you do not want to customize the standard Edge Services endpoint, you do not need to worry about CNAME records.
-
-However, if you choose to [customize your Edge Services endpoint with your own subdomain](/storage/object/how-to/get-started-edge-services/#how-to-configure-a-custom-domain), a CNAME record must be created to point your subdomain to the Edge Services endpoint for your bucket.
-
- - If your domain is managed with [Scaleway Domains and DNS](/network/domains-and-dns/quickstart/), we take care of auto-generating the appropriate CNAME record for you, as well as deleting it if and when you deactivate Edge Services. There is no action for you to take. You should not attempt to modify or delete the CNAME record (which will be visible among your Domains and DNS records in the console).
- - If your domain is managed by an external provider, Scaleway is unable to create the appropriate CNAME record for you. You will be prompted, as part of the process for customizing your Edge Services domain, to create this record yourself with your domain provider.
-
-
-
-## How to create a CNAME record
-
-Log into your domain provider, and locate the DNS settings for your domain. Create a new CNAME record pointing your subdomain to the Edge Services endpoint for your bucket. This endpoint can be retrieved from the Scaleway console.
-
-The interface used by different domain providers varies, but creating your CNAME record may look like one of the following examples:
-
-| Record | Destination |
-|--------------------------------------------|------------------------------------------|
-| `my-chosen-subdomain.beautiful-domain.com` | `bucket-name.svc.edge.scw.cloud.` |
-
-| Subdomain | Target host |
-|--------------------------------------------|------------------------------------------------|
-| `my-chosen-subdomain` | `bucket-name.svc.edge.scw.cloud.` |
-
-| Host record | Points to |
-|--------------------------------------------|------------------------------------------------|
-| `my-chosen-subdomain` | `bucket-name.svc.edge.scw.cloud.` |
-
-| `my-chosen-subdomain` | Record Type | Value |
-|--------------------------------------------|-----------------|------------------------------------------------|
-| `@` | `CNAME` | is an alias of `bucket-name.svc.edge.scw.cloud.`|
-
-
-The trailing dot at the end of the target endpoint (`bucket-name.svc.edge.scw.cloud.`) is implicitly added by some domain and DNS providers, and must be explicitly added for others. Check with yours whether the dot is necessary.
-
-
-You may also see a `TTL` field, which stands for **T**ime **T**o **L**ive. This tells the DNS resolver how long it can cache this record, before it must re-check the original source in case something has changed. TTL is measured in seconds, and the default value is usually 12 hours (43200 seconds) or 24 hours (86400 seconds).
-
- ## Troubleshooting DNS and subdomain errors
-
-When setting up your customized subdomain with Edge Services, you have the option to carry out a verification check on the CNAME record (if your domain is managed with an external provider). Edge Services will query the subdomain and check that it resolves correctly to the Edge Services endpoint. If there is a problem, you will see an error message:
-
-
-
-An error message may also display at a later point from your Edge Services dashboard if a problem is detected at any point with your CNAME record or subdomain:
-
-
-
-See the table below for help with troubleshooting these errors:
-
-| Error message | Solution |
-|-------------------------------------------|---------------------------------------------------------------------|
-| No CNAME record found | Make sure you have created a valid DNS record of type **CNAME** (not **A**, **AAAA** or another type), where your subdomain points to the Edge Services endpoint. |
-| Incorrect CNAME | Make sure your CNAME record points to the Edge Services endpoint in the format `bucket-name.svc.edge.scw.cloud.`, and that you have replaced `bucket-name` with the name of your bucket. |
-| Domain does not exist | You must own the domain name you are attempting to configure. If you do not already own the domain name, you cannot create a subdomain or CNAME record for it. Register the domain name, for example using our [Domains and DNS](/network/domains-and-dns/how-to/register-internal-domain/) product, then create a CNAME record for the subdomain. Otherwise, ensure you did not make a typo when entering the domain name into the Scaleway console. |
-| scw.cloud is forbidden | You cannot use subdomains of the `scw.cloud` domain, as the domain is owned and managed by Scaleway and you cannot create DNS records for it. Use your own domain and subdomain. |
-| Invalid Top Level Domain | Make sure the Top-Level Domain (e.g. `.com`, `.fr`) you entered is correct. |
-| Root domain not allowed | You cannot use a root domain alone to customize Edge Services (e.g. `example.com`. Make sure you use a subdomain (e.g. `blog.example.com`)) | |
-| Subdomain must be a correctly-formatted, fully-qualified sub domain name | Make sure the subdomain name you entered is [correctly formatted](https://en.wikipedia.org/wiki/Domain_name#Domain_name_syntax), e.g. `foo.example.fr`. |
-| Record already exists for this FQDN in your DNS zone | Choose a different subdomain, or delete the existing DNS record. |
-
-Note that if your domain is managed by Scaleway Domains and DNS and you therefore have an auto-created CNAME record, you should **not** attempt to delete it or modify it in any way. Scaleway will take care of deleting the CNAME record if and when you deactivate Edge Services.
+This document has moved to the new [dedicated Edge Services section](/network/edge-services/reference-content/cname-record/).
diff --git a/storage/object/reference-content/ssl-tls-certificate.mdx b/storage/object/reference-content/ssl-tls-certificate.mdx
index 7a22405111..595cbc0efe 100644
--- a/storage/object/reference-content/ssl-tls-certificate.mdx
+++ b/storage/object/reference-content/ssl-tls-certificate.mdx
@@ -1,227 +1,15 @@
---
meta:
- title: SSL/TLS Certificates for Object Storage with Edge Services
- description: Implement SSL/TLS certificates with Scaleway Object Storage for secure access.
+ title: SSL/TLS Certificates for Edge Services
+ description: Discover how to configure SSL/TLS certificates for Scaleway Edge Services pipelines. Follow our comprehensive guide to secure your custom domains and ensure data protection.
content:
- h1: SSL/TLS Certificates for Object Storage with Edge Services
- paragraph: Implement SSL/TLS certificates with Scaleway Object Storage for secure access.
-tags: object-storage edge-services ssl-tls certificate ssl tls pem certificate-authority root-certificate pem chain ca
+ h1: SSL/TLS Certificates for Edge Services
+ paragraph: Discover how to configure SSL/TLS certificates for Scaleway Edge Services pipelines. Follow our comprehensive guide to secure your custom domains and ensure data protection.
+tags: edge-services pipeline ssl-tls certificate ssl tls pem certificate-authority root-certificate pem chain ca
dates:
- validation: 2024-05-13
+ validation: 2024-07-25
categories:
- - storage
+ - network
---
-This document contains information to help you with SSL/TLS certificates that enable your bucket's content to be served over HTTPS, through your customized [Edge Services](/storage/object/how-to/get-started-edge-services/) domain.
-
-## Introduction
-
-### What is an SSL/TLS certificate?
-
-An SSL/TLS certificate is a digital certificate that enables an encrypted connection between a client and a web server over HTTPS.
-
-You may hear certificates referred to as “SSL certificates”, “TLS certificates” or “SSL/TLS certificates”. These are all the same thing. SSL (Secured Socket Layer) was the protocol initially used for encryption, though it has now been replaced with TLS (Transport Layer Security).
-
-SSL/TLS certificates contain a **public key**, which corresponds to a separate **private key**. These work as a pair. When a client wants to establish an encrypted connection to a host, it requests the host's certificate. The host shares the certificate, which includes the public key (the private key is never shared and is kept by the host). The client checks the certificate, and uses the host's public key to encrypt the data that it transfers to the host. The host uses its private key to decrypt the data that has been encrypted by the public key.
-
-The private key is also used by the host for generating digital signatures, while the public key is used by clients for verifying those signatures.
-
-### When and why do I need an SSL/TLS certificate for Edge Services?
-
-When you enable Edge Services, initially your bucket content is served through the standard Edge Services endpoint, e.g. `https://bucket-name.svc.edge.scw.cloud`. Scaleway's own SSL/TLS certificate, which covers this subdomain, is used to establish the encrypted connection between client and host. If you do not want to customize the standard Edge Services endpoint, you do not need to worry about creating SSL/TLS certificates.
-
-However, if you choose to [customize your Edge Services endpoint with your own subdomain](/storage/object/how-to/get-started-edge-services/#how-to-configure-a-custom-domain), Scaleway's own SSL/TLS certificate cannot longer be used to establish encrypted connections to your subdomain. Client connections are now initially going to a different domain which needs to be "guaranteed" by its own certificate (despite the CNAME record for the subdomain pointing to the Scaleway endpoint).
-
-Therefore, when you customize your Edge Services endpoint with a subdomain, you are prompted to generate or upload an SSL/TLS certificate for that subdomain.
-
-## How can I provide an SSL/TLS certificate for my Edge Services customized domain?
-
-You will be prompted to choose one of the following options when [customizing your domain](/storage/object/how-to/get-started-edge-services/#how-to-configure-a-custom-domain):
-
-- **Generate a Let's Encrypt certificate**: Scaleway generates a free, managed Let's Encrypt certificate for your domain and automatically renews it as necessary.
-
-- **Select an existing certificate from Secret Manager**: You select a certificate that you have already uploaded in [Scaleway Secret Manager](/identity-and-access-management/secret-manager/quickstart/).
-
-- **Manually import a certificate into Secret Manager**: You can manually create your own certificate and import it. It will be stored in Scaleway Secret Manager (check the [dedicated pricing page](https://www.scaleway.com/en/pricing/?tags=securityandidentity)).
-
-## Generating a managed Let's Encrypt certificate
-
-This is the hassle-free option if you do not want to create or manage your own SSL/TLS certificate. Scaleway takes care of generating a certificate for your customized domain in the correct format. The certificate is automatically renewed before it expires. This option is available for free: it costs you nothing for Scaleway to generate and manage a Let's Encrypt certificate for your domain.
-
-You must ensure that you have correctly set the [CNAME record](/storage/object/reference-content/cname-record/) for your domain. Without having done this, the Let's Encrypt certificate option in the console will not be available. It is also important to check the CNAME is correctly set up so that the certificate is properly generated and reviewed.
-
-Note that you will not have access to the generated certificate itself in Secret Manager or elsewhere. It is entirely generated and managed "behind the scenes", and is not configurable by the user. If you reset your domain, or disable Edge Services, Scaleway automatically deletes the generated Let's Encrypt certificate.
-
-### Troubleshooting
-
-#### Errors
-
-If there is a problem generating your managed Let's Encrypt certificate, an error will be displayed. See the table below for help resolving these errors.
-
-| Error | Solution |
-| ------------------------------------------------------------------------|---------------------------------------------------------------------|
-| Too many certificates already issued for this domain | Wait, before retrying. This error occurs when you hit the limit of generating 50 Let's Encrypt certificates in a rolling 7 day period for the same domain. |
-| Internal managed certificate error | [Open a support ticket](https://console.scaleway.com/support/tickets/create). There has been an unspecified error in generating a managed Let's Encrypt certificate for your subdomain. |
-| Certificate cannot be renewed - Your CNAME record is no longer accurate | Your CNAME record has either been deleted or modified. Without a correct CNAME record, we cannot renew your managed Let's Encrypt certificate. [Rectify your CNAME record](/storage/object/reference-content/cname-record/#how-to-create-a-cname-record), and when Edge Services detects the correct record exists, your certificate will be automatically renewed. |
-
-## Using your own certificate
-
-If you wish to use your own certificate, rather than the option of generating a managed Let's Encrypt certificate, take into account the following points.
-
-### Accepted certificate types
-
-Types of validation:
-
-- ❌ **Self-signed certificates**. Certificates for Edge Services must be signed by a Certificate Authority (CA)
-- ✅ **Domain Validated Certificate**. The CA simply checks that the applicant owns the domain.
-- ✅ **Extended/Organization Validation Certificate**. The applicant must pass more in-depth validation procedures and checks by the CA.
-
-Types of domain coverage:
-
-- ✅ **Single domain certificate**. Secures a single domain or subdomain. Note that the certificate must be for `your-sub.domain.com`, where the subdomain corresponds to the [subdomain for Edge Services](/storage/object/how-to/get-started-edge-services/#how-to-configure-a-custom-domain). A single domain certificate simply for `yourdomain.com` would not be acceptable, as it would not cover the subdomain for Edge Services.
-- ✅ **Wildcard certificate**. Secures multiple subdomains for a domain, using a wildcard `*` symbol. The **Common Name** of the certificate should look like `*.yourdomain.com`.
-- ✅ **Multi-domain (MD) / Subject Alternative Name (SAN) / Unified Communications Certificate (UCC) certificate**. Secures multiple explicitly-defined fully qualified domain names (`www.yourfirstdomain.com`, `sub.yourfirstdomain.com`, `yourfirstdomain.com`, `yourseconddomain.com`, `sub.yourseconddomain.com` etc.)
-
-### PEM format certificate chain
-
-Edge Services requires that you import your certificate as a PEM-formatted certificate chain, which includes the private key. PEM format is Base64 encoded ASCII, and by definition includes lines stating `-----BEGIN x-----` and `-----END x-----`.
-
-Your PEM formatted certificate chain should look like this:
-
-```
------BEGIN PRIVATE KEY-----
-(private key here)
------END PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-(primary certificate (aka server certificate) here)
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-(intermediate certificate here)
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-(root certificate here)
------END CERTIFICATE-----
-```
-
-| Section | Contains | Subject (issued for) | Issued and signed by |
-|--------------------------|------------------------------------------------------------------|------------------------|----------------------|
-| Private key | The private key file for the certificate | | |
-| Primary/server certificate | The certificate issued by the CA for your domain name | Your name and public key | CA |
-| Intermediate certificate | The intermediate certificate chaining your primary certificate to the root certificate | CA's name and public key. | Root CA |
-| Root certificate | The root certificate by the CA, for the trusted CA itself | The Root CA's name and public key | Root CA (self signed) |
-
-Note that in certain cases an intermediate certificate may not be necessary, if the root certificate chains directly to the primary/server certificate. The crucial thing is that the subject and issuers of each certificate form a coherent chain of validation. If a certificate is issued by an authority that is not present in the chain, an error will occur.
-
-
-
-You can use the [OpenSSL](https://www.openssl.org/) utility to convert certificates and keys from other formats to PEM, from the command line. Once installed, use a command like the following:
-
-```sh
-openssl x509 -in cert.crt -out cert.pem
-```
-
-```sh
-openssl x509 -in cert.der -out cert.pem
-```
-
-```sh
-openssl x509 -in cert.cer -out cert.pem
-```
-
-When you have your key, your server certificate and your root certificate all in separate files, you can use the `cat` command to chain them together into one file, ready to be copied and pasted:
-
-```sh
-cat private_key.pem cert.pem root_cert.pem > cert_chain.pem
-```
-
-
-
-### Tips for creating a certificate
-
-In general, SSL/TLS certificates can either be **self-signed** (signed by the subject of the certificate, e.g. the owner of the domain) or **CA-signed** (signed by a third party **C**ertificate **A**uthority which is publicly trusted).
-
-**Self-signed certificates cannot be used with Edge Services, all certificates must be signed by a CA that is known and trusted by Edge Services.**
-
-To get an SSL/TLS certificate for your domain or subdomain, you need to generate a Certificate Signing Request (CSR) and submit it to a Certificate Authority (CA) for them to validate your domain, who then send you a signed certificate. You may be able to carry out this procedure via your hosting provider, or from the command line.
-
-CAs of private companies whose primary business is not SSL or domains may not be trusted by Edge Services. If you encounter a self-signed certificate error with Edge Services, but you believe your certificate is legitimately signed by an official CA, [open a support ticket](https://console.scaleway.com/support/tickets) to tell us.
-
-
-
-To get a working Let's Encrypt certificate using certbot on the command line, follow the steps below:
-
-1. Install [certbot](https://certbot.eff.org/) on your machine.
-2. Open a terminal and run the following command, inserting your subdomain where shown:
- ```bash
- sudo certbot certonly --manual --preferred-challenges dns -d
- ```
- The command returns a token and asks you to create a TXT record in your DNS.
-3. Go to your domain/DNS provider and create a TXT record. The record name should be `_acme-challenge.your-subdomain.your-domain.ext` and the record must contain the token provided by certbot. Make sure the record has a short TTL in case you have to modify it for debugging purposes.
-4. Return to the terminal and press `Enter` once your record is ready.
- Certbot starts the verification process. If it succeeds, the certificate is downloaded to your machine in two files: the private key and the certificate.
-5. Concatenate the two files into one, using the following command:
- ```bash
- cat privkey.pem fullchain.pem > certificate.pem
- ```
-6. Delete the TXT record from your DNS.
-
-
-
-### Uploading your certificate
-
-When you [configure your customized domain](/storage/object/how-to/get-started-edge-services/#how-to-configure-a-custom-domain) with Edge Services for the first time, you are prompted to upload your certificate. You can do so in two ways:
-
- - Select an existing certificate that you have stored in a secret in [Scaleway Secret Manager](/identity-and-access-management/secret-manager/quickstart/). The secret must be of the **certificate** type in order to be visible to Edge Services. The type can be defined when creating a secret via the [API](https://www.scaleway.com/en/developers/api/secret-manager/#path-secrets-create-a-secret), but not via the console. For that reason, if you prefer to use the console to create your certificates, we suggest using the next option:
- - Manually import a certificate into Scaleway Secret Manager, directly from the Edge Services **Configure domain** wizard (copy and paste the PEM formatted chain). Your certificate will be automatically stored in Secret Manager, held in a secret that automatically inherits the type "certificate".
-
-### Keeping your certificate up to date
-
-SSL/TLS certificates all expire at some point. If your certificate expires before you upload a new one, you will see an error like this on your Edge Services dashboard:
-
-
-
-You must renew your certificate or create a new one. A number of tools are available to ensure that certificates are automatically renewed before expiry, for example [Certbot for LetsEncrypt](https://eff-certbot.readthedocs.io/en/stable/using.html#renewing-certificates). However, since Certbot or other tools for automatically renewing certificates are not currently integrated into Edge Services, you will need to manually update the certificate via the Scaleway console.
-
-When you have your up to date certificate, go to [Secret Manager](https://console.scaleway.com/secret-manager/secrets) in the console, and access the secret that contains your certificate. [Create a new version](/identity-and-access-management/secret-manager/how-to/create-version/) of the secret, to hold the up to date certificate. Edge Services will automatically detect and use the most recent enabled version of the secret. You can nonetheless choose to disable or delete the old version(s) as you prefer, which will also save your billing costs (since you are billed per version).
-
-
-
-If you change your customized subdomain to something new, you will need to generate and import a new certificate for that subdomain. In this case, it is recommended to create a new [secret](/identity-and-access-management/secret-manager/concepts/#secret) to hold the new certificate, rather than creating a new version of an existing secret.
-
-
-
-### Troubleshooting
-
-#### Errors
-
-If Edge Services detects a problem with your certificate, an error will be displayed. See the table below for help resolving these errors.
-
-| Error | Solution |
-|-------------------------------------------------------------------------|---------------------------------------------------------------------|
-| Certificate format | Make sure your certificate is in [PEM format](#pem-format-certificate-chain). |
-| Certificate private key format | Make sure your private key is in [PEM format](#pem-format-certificate-chain).|
-| Missing server certificate | Make sure the server certificate (which validates your own subdomain) is included in the [PEM-formatted chain](#pem-format-certificate-chain).|
-| Missing private key | Make sure your private key is included in the [PEM-formatted chain](#pem-format-certificate-chain).|
-| Missing root certificate | Make sure a valid root certificate is included in the [PEM-formatted chain](#pem-format-certificate-chain). |
-| Wrong order | Make sure the server certificate (which validates your own subdomain) is listed before the intermediate and root certificates in the [PEM-formatted chain](#pem-format-certificate-chain) |
-| Too many private keys | Make sure the [PEM-formatted chain](#pem-format-certificate-chain) includes only one corresponding private key |
-| Self-signed certificates not allowed | Create and upload a certificate issued by a recognized [certificate authority](#how-to-get-a-certificate). If you receive this error but believe your certificate is legitimately signed by an official CA, [open a support ticket](https://console.scaleway.com/support/tickets) to tell us. |
-| Invalid intermediate or root certificate authority | Make sure each **Issuer** field matches the **Subject** of the next certificate in the [PEM-formatted chain](#pem-format-certificate-chain).|
-| Incorrect root certificate | Make sure your server certificate chains up to the provided root(s) certificate(s) in the [PEM-formatted chain](#pem-format-certificate-chain). |
-| Private key and certificate mismatch | Make sure the private key in the [PEM-formatted chain](#pem-format-certificate-chain) matches the server certificate. |
-| Subdomain and server certificate mismatch | Make sure the subdomain you configured for Edge Services matches that of the server certificate. |
-| Certificate expired | [Create a new certificate](#keeping-your-certificate-up-to-date) and import it. |
-
-If any of these errors are detected while you are initially configuring your subdomain, you will be blocked from continuing until the error is fixed.
-
-However, these errors may also be detected and displayed on your Edge Services dashboard even after you have initially successfully configured your subdomain and certificate. This could be the case, for example, if your certificate has since expired, or you have modified your subdomain without modifying the certificate, or you have modified the certificate in Secret Manager. In this case, your initial certificate will remain in use by Edge Services until the error is fixed, but clients may see an error in their browser as they try to access your customized domain.
-
-To fix the problem, you must generate a valid certificate, and then do one of the following:
-
-- [Use Edge Services to import a new certificate directly](/storage/object/how-to/get-started-edge-services/#how-to-edit-your-customized-domain-or-its-certificate)
-- [Create a new secret](/identity-and-access-management/secret-manager/how-to/create-secret/) to hold the certificate in Secret Manager, and [edit your customized endpoint with Edge services](/storage/object/how-to/get-started-edge-services/#how-to-edit-your-customized-domain-or-its-certificate) to tell it to use this secret
-- [Create a new version](/identity-and-access-management/secret-manager/how-to/create-version/) of the existing secret holding your expired certificate, where the new version contains a valid certificate. If Edge Services is already using this secret, it will automatically detect and use the new version - it always uses the most recent enabled version of a secret.
-
-#### Secret not visible for selection in Edge Services
-
-You may find that a certificate you have stored in Secret Manager is not available for selection from Edge Services. This is probably because the secret does not have the "certificate" type, which is necessary for it to be visible to Edge Services. The "type" of a secret can be defined when creating a secret via the [API](https://www.scaleway.com/en/developers/api/secret-manager/#path-secrets-create-a-secret), but not via the console. For that reason, if you prefer to use the console to create your certificates, we suggest manually importing the certificate via Edge Services rather than via Secret Manager. This way, it will automatically inherit the "certificate" type.
\ No newline at end of file
+This document has moved to the new [dedicated Edge Services section](/network/edge-services/reference-content/ssl-tls-certificate/).