Core concepts

Regardless of whether you are using Compute or VCL, your Fastly services need domains (to receive traffic), backends (to forward traffic onward), TLS (to secure connections between Fastly and end users), and DNS (to point your domains to Fastly).

Setting up a backend

Backends are servers you can make requests to from Fastly, usually your own servers, and are typically defined as part of your service configuration. To create a backend:

  1. Web interface
  2. CLI
  3. API
  4. VCL
  1. Log in to and select the appropriate service. You can use the search box to search by ID, name, or domain.
  2. Click Edit configuration and then select the option to clone the active version.
  3. Click Origins.
  4. If you don't see the Hosts field, click Create a host.
  5. In the Hosts field, enter the hostname or IP address of your origin server.
  6. Click Add to add your host.
  7. (Optional) Click the pencil icon next to the host to edit more detailed settings:
    • In Name, enter a derivative of the hostname (example_com) or the purpose of the backend (primary_content), using only lowercase alphanumeric characters and underscores.
    • In Override host, enter the same hostname as the backend's hostname.

Compute services also support defining backends dynamically (at runtime). For more details and other things to consider when creating backends refer to integrating with backend technologies.

Setting up a domain

Domains point traffic to your Fastly services. To allow clients to connect to Fastly using your domain, Fastly must be able to establish a secure connection on your behalf. We have many TLS service options available (for full details consult routing traffic to Fastly), but if you are happy to use a default TLS configuration and have Fastly issue certificates on your behalf, create a TLS subscription for your domain.

To do this, clone the active version of your service, add the domain, and activate the new version. Next, add a TLS subscription for that domain to your account. Finally, configure your DNS provider or domain registrar to verify your domain ownership.

  1. Web interface
  2. CLI
  1. Log in to and select the appropriate service. You can use the search box to search by ID, name, or domain.
  2. Click Edit configuration and then select the option to clone the active version.
  3. If you already have domains, click Create domain.
  4. Enter a hostname or IP address.
  5. Click Add.
  6. Click Activate to save and activate the new version of your service.
  7. Click Secure in the top navigation bar.
  8. Click Manage certificates. The TLS domains page appears displaying any domains for which TLS has been or can be activated.
  9. Click Get started if it is available. Otherwise, click the Secure another domain button and select Use certificates Fastly obtains for you.
  10. In Domain, enter the domain name and click Add. If your account has access to multiple certification authorities or TLS configurations, learn more about your options.
  11. Click Submit.
  12. Note the CNAME record required for verification.

You now have the ACME challenge CNAME record required to prove that you own the domain. Log in to your DNS provider or domain registrar and configure the required record. For example:

  • Record type: CNAME
  • Subdomain: _acme-challenge
  • Target host:

Fastly will periodically check for these records to be published. When verification is complete, the status of the subscription will change from "Pending verification" to "Activated".

Once the domain is activated, you can retrieve the DNS records that point traffic on your domain to Fastly:

  1. Web interface
  2. CLI
  1. Log in to
  2. Click Secure in the top navigation bar.
  3. Click Manage certificates.
  4. Find the domain you want and click View details.
  5. Note the CNAME, A, and AAAA records.

Back in your DNS provider or domain registrar, add the DNS records to point your domain to Fastly.

  • If the domain is a subdomain, such as or, use the CNAME records.
  • If the domain is an apex, such as or, use the A and AAAA records.

HINT: Use subdomains if possible. We can do more resilient, faster routing if you use a CNAME with a subdomain instead of using an apex domain. Find out more about routing traffic to Fastly.

Once these records are configured, you should be able to visit your Fastly-hosted website by entering your new domain into the browser (you may need to wait some time for the DNS records to propagate across the Internet).

Advanced concepts

Read more about all Fastly's features and technical principles:

Content served through Fastly is cached based on freshness rules you define in Cache-Control headers or in the configuration of your Fastly service. Within each Point of Presence (POP), many servers act together in a cluster to provide a single large, efficient pool of cache storage.

Fastly POPs operate independently of each other and forward requests to your origin server if a request cannot be satisfied in that POP. Similar requests arriving at the same time in the same POP are collapsed and only one is forwarded. However, using shielding you can opt to focus all origin requests from across the Fastly network to a single Fastly POP, greatly reducing origin traffic, especially if your customers are spread globally.

Our purging system allows objects previously cached by Fastly to be marked stale or invalidated entirely. Globally purging an object takes around 150ms.