Folio — Anime Image CDN
January 28, 2026
Fast global anime image CDN + gallery with 10k+ assets. Deep focus on Google Cloud: global load balancer, CDN, Cloud Armor WAF, rate limiting, and Terraform IaC.
What is it?
A production-grade global image CDN serving 10K+ anime images with sub-50ms latency worldwide. The application (a gallery) is minimal — the point was to master GCP's full cloud networking stack end-to-end, provisioned entirely via Terraform.
The full infrastructure stack
All defined in Terraform (Google provider ≥4.0.0):
GCS bucket (origin storage) → Cloud Run image-processor (Node.js + Sharp for resize/format) → Serverless NEG linking GCLB to Cloud Run → Global External Load Balancer → Cloud CDN (cache_mode=CACHE_ALL_STATIC, TTL 1h default, 24h max) → Cloud Armor WAF → Static global anycast IP → Managed SSL cert for api.cbproforge.com.
Cloud Armor: default-deny allowlist model
Most WAF configurations block specific bad actors. This one does the opposite — default deny, explicit allowlist:
Allow: VM IP 34.60.154.82, Netlify origin (anime-splash.netlify.app), custom domain (cbproforge.com). Everything else: denied at the edge before reaching Cloud Run. Rate limit: 5000 req/min per IP → rate_based_ban, 60s ban. SQL injection: preconfigured sqli-stable rule set blocks injection patterns in query strings.
Allowlist model means a misconfigured bot, scanner, or forgotten endpoint can't hit your backend at all.
The billing circuit breaker
The most unusual part: a financial kill switch. Budget set to ₹500 INR hard cap.
At 100% budget: Cloud Billing fires a Pub/Sub message → Cloud Function (Python 3.10, google-cloud-run-v2 SDK) receives it → calls client.update_service() setting ingress = INGRESS_TRAFFIC_INTERNAL_ONLY → public traffic to Cloud Run stops instantly.
The circuit breaker code is in circuit_breaker/main.py. This pattern prevents a CDN misconfiguration or viral traffic spike from generating a surprise cloud bill. It's a safety net that makes the project safe to leave running publicly.
Cache key design
The CDN cache key includes query string parameters w, h, and fmt (width, height, format). This means /image.jpg?w=400&h=300&fmt=webp and /image.jpg?w=800&h=600&fmt=png are cached as separate entries. The image-processor serves different variants; the CDN caches each one at the nearest PoP globally. Users in Tokyo get the image from Tokyo, not your origin server.
Key takeaways
- GCP Cloud CDN: anycast routing, PoPs, cache key design including query params
- Cloud Armor allowlist model: default deny + explicit allow is more secure than default allow + blocklist
- Billing circuit breaker: Pub/Sub → Cloud Function → Cloud Run ingress = INTERNAL_ONLY
- Terraform IaC: full GCP networking stack reproducible from terraform apply
- Node.js Sharp for on-the-fly image resizing: format conversion, quality settings