Interestingly, this is *precisely* what I did in the CDN module for Drupal [1].
At the beginning of 2012, I added support for "Far Future expiration". Based on the directory a file lives in and the extension of the file, you can choose a different "unique file identifier" method (mtime, md5, perpetual, deployment ID, Drupal version, custom ones — anything). This ensures unique file URLs.
I then have Drupal serve the files with as optimal headers as possible. The only reason this can work without causing too much load on the server is by having a reverse proxy in front of it — precisely the key point of your article.
To prevent access to files that shouldn't be accessed, each file URL also contains a security token (based on a site's private key and a salt). This also somewhat helps prevent overloading the origin server, even when asking an Origin Pull CDN to get the file, because if the security token isn't valid, it'll bail early.
In case you're interested with which headers I serve files, see cdn_basic_farfuture_download() [2] — if you have suggestions to make it better, please let me know! :)
It also does: CORS, DNS prefetching, auto-balancing files over multiple CDNs/domains (using hashing so each file is always served from the same domain to maximize client-side caching effectiveness).
Comment
Interestingly, this is *precisely* what I did in the CDN module for Drupal [1].
At the beginning of 2012, I added support for "Far Future expiration". Based on the directory a file lives in and the extension of the file, you can choose a different "unique file identifier" method (mtime, md5, perpetual, deployment ID, Drupal version, custom ones — anything). This ensures unique file URLs.
I then have Drupal serve the files with as optimal headers as possible. The only reason this can work without causing too much load on the server is by having a reverse proxy in front of it — precisely the key point of your article.
To prevent access to files that shouldn't be accessed, each file URL also contains a security token (based on a site's private key and a salt). This also somewhat helps prevent overloading the origin server, even when asking an Origin Pull CDN to get the file, because if the security token isn't valid, it'll bail early.
In case you're interested with which headers I serve files, see cdn_basic_farfuture_download() [2] — if you have suggestions to make it better, please let me know! :)
It also does: CORS, DNS prefetching, auto-balancing files over multiple CDNs/domains (using hashing so each file is always served from the same domain to maximize client-side caching effectiveness).
[1]: http://drupal.org/project/cdn
[2]: "http://drupalcode.org/project/cdn.git/blob/0f19fca6c4c382cdd751ac97346c0e6446df9c14:/cdn.basic.farfuture.inc#l12"