CloudFront is a commercial content delivery network that can assist with caching MediaWiki content. It is particularly useful as an alternative to CloudFlare, which restricts a lot of its configuration behind a pay wall.

CloudFront is not free, however, and if you run a small wiki, it is probably not cost efficient to put your wiki behind CloudFront; if you're running a wiki farm, however, it can potentially reduce the strain on your server. CloudFront charges per request and the amount of data transferred, but gives users a quota of free usage per month. As with any cache, however, there are certain configuration variables you will need to take into account to ensure that your wiki runs smoothly. Likewise, MediaWiki needs to be aware of any of the CloudFront IP's to ensure that the actual IP of the an editor ends up in Special:RecentChanges and in extensions such as CheckUser.

Integration with MediaWiki


There isn't much configuration needed on MediaWiki's end to make things run smoothly, the majority of configuration is done through CloudFront. MediaWiki is pretty good at dictating when something can be cached, whilst it sends the "cache-control: private" header if things should not be cached. By default, CloudFront will respect these headers, but this can be turned of in CloudFront's settings.

To ensure that MediaWiki sends the correct headers for content that can be cached, you'll need to add `$wgUseCdn = true;` to your LocalSettings.php

One of the difficulties with putting MediaWiki behind a proxy like CloudFront (or CloudFlare), is that when a user visits your wiki, MediaWiki won't see the user's IP address, but will see CloudFront's instead. This can potentially mess with things like Special:RecentChanges, or anything that relies on the user IP. To fix this, your server must be configured to send the `X-Forwarded-For` header, and in turn, CloudFront must be configured to include this with the request that it sends to your server.

To do this, ensure that your server is sending the header, and then head to the 'behaviour' section of your CloudFront Distribution, and edit the origin of your wiki. Select `Legacy Cache Settings`, and then in the 'headers' section, add the X-Forwarded-For header; it isn't pre-configured so will not appear in the list, but add it as a custom header.

This partly solves the problem, because now CloudFront will send both the CloudFront IP and the user IP to MediaWiki, and MediaWiki doesn't know which is which and will more often than not select the CloudFront IP. You'll need to add the CloudFront IP's into $wgCdnServersNoPurge = [ <list of CloudFront ranges> ];, which will ensure that MediaWiki ignores these and selects the user's IP from the header; the list can be found here, but changes every now and then, so double check it once in a while—or be cautious when blocking IPs because you could very well block CloudFront's IP.