---
title: "CDN Embedder with Cloudflare Workers"
description: "This guide explains how to configure and deploy the DoveRunner CDN Embedder using Cloudflare Workers."
---
> For the complete documentation index, see [llms.txt](/llms.txt).

The CDN Embedder leverages Cloudflare Workers to deliver forensically watermarked content through a content delivery network. 
This guide walks you through configuring and deploying the embedder for your DoveRunner Forensic Watermarking implementation.

Sample code is available on GitHub.
[CloudFlare Embedder CDK sample](https://github.com/doverunner/fwm-cdn-embedder-cloudflare-workers)

The CDN Embedder is responsible for:
- Validating watermark tokens issued by the **Session Manager**  
- Resolving the correct **watermark file path** (based on user/session/variant)  
- Fetching files from **Cloudflare R2** and serving them through your CDN domain  

Configuration is primarily done through:
- `src/config.js` – Watermark token and folder structure configuration  
- `wrangler.jsonc` – Cloudflare Worker and R2 binding configuration  

## Configuration

#### Source Configuration (`src/config.js`)

Begin by updating your `config.js` file with the appropriate settings for your deployment:

```javascript
export const config = {
  "aesKey": "YOUR_DOVERUNER_SITE_KEY",
  "type": "unlabeled_a_variant",
  "availableInterval": 60000,
  "prefixFolder": ["folder1", "folder2"],
  "wmtPublicKey": "YOUR_PUBLIC_KEY", // PEM format public key for Akamai WMT
  "wmtPassword": "YOUR_PASSWORD" // Password for WMT token generation/verification
}
```

#### Configuration Parameters

| Parameter | Token Type | Description |
|-----------|------------|-------------|
| `aesKey` | AES | The Site Key issued by DoveRunner ContentSecurity Service |
| `type` | AES, JWT | Watermark token request specification type. Default: `unlabeled_a_variant` |
| `availableInterval` | AES, JWT | Token validity period in milliseconds (set to `0` for unlimited validity) |
| `prefixFolder` | AES | Array of top-level folders containing watermarked files. Corresponds to `prefix_folder` in the watermark token request specification |
| `wmtPublicKey` | JWT | PEM-formatted public key for Akamai WMT integration |
| `wmtPassword` | JWT | Password credential for WMT token generation and verification |

:::info
The `wmt_type` parameter determines whether your watermark tokens use AES encryption or JWT format. This must align with the specification provided when requesting watermark tokens from DoveRunner.
:::

### Worker Configuration (`wrangler.jsonc`)

Configure your Cloudflare Worker deployment settings in the `wrangler.jsonc` file:

```json
{
  "name": "doverunner-fwm-cdn-embedder",
  "main": "src/index.js",
  "compatibility_date": "2024-01-01",
  
  // R2 bucket binding
  "r2_buckets": [
    {
      "binding": "FWM_BUCKER",
      "bucket_name": "your-watermark-bucket-name"
    }
  ],
  
  // Custom routes (optional)
  "routes": [
    {
      "pattern": "cdn.yourdomain.com/*",
      "zone_name": "yourdomain.com"
    }
  ]
}
```

#### Key Configuration Options

- **name**: A unique identifier for your worker within your Cloudflare account
- **main**: File path to the worker's entry point (typically `src/index.js`)
- **compatibility_date**: The Cloudflare Workers compatibility date for API versioning
- **r2_buckets**: Binding configuration for R2 storage where watermarked content is stored
- **routes** (optional): Custom domain routing rules for production environments

## Deployment

### Prerequisites

Before proceeding with deployment, ensure you have:

- An active Cloudflare account with Workers enabled
- A Cloudflare R2 bucket created and configured for storing watermarked content
- Node.js and npm installed on your development machine

### Step 1: Install Wrangler CLI

Install the Wrangler command-line interface to manage your Cloudflare Workers deployment. 
For comprehensive installation instructions, refer to the [Wrangler Installation Guide](https://developers.cloudflare.com/workers/wrangler/install-and-update/).

``bash
npm install -g wrangler
``

### Step 2: Development Testing

Before deploying to production, test your worker in a local development environment:

``bash
npm run dev ``
 Or alternatively
``wrangler dev
``

This command launches a local development server accessible at `http://localhost:8787/`, allowing you to test the embedder functionality before production deployment.

### Step 3: Production Deployment

Once testing is complete, deploy your worker to Cloudflare's edge network:

`bash
npm run deploy
`
or alternatively
`
wrangler deploy
`

Upon successful deployment, Cloudflare will provide a worker URL in the format:

```
https://worker-name.your-subdomain.workers.dev
```

:::note
This URL serves as your CDN endpoint for delivering watermarked content.
:::

## Watermark File Folder Structure

Organize your watermarked content in R2 storage according to the folder structure specified in the `prefixFolder` configuration parameter. The top-level folders should correspond to the `prefix_folder` values defined in your watermark token request specification.

## Additional Resources

- [Cloudflare Workers Documentation](https://developers.cloudflare.com/workers/)
- [Wrangler CLI Reference](https://developers.cloudflare.com/workers/wrangler/)
- [R2 Documentation](https://developers.cloudflare.com/r2/)
- [DoveRunner Forensic Watermarking Embedding Documentation](https://docs.doverunner.com/content-security/forensic-watermarking/embedding/)

## Support

For additional assistance with CDN Embedder configuration or deployment, please [contact DoveRunner support](https://support.doverunner.com/) or consult the comprehensive Forensic Watermarking documentation.