Alibaba Cloud's Global Accelerator service can be extremely helpful to many international companies, as setting up services in China may not be an option for them at least temporarily, as going through the process of setting up web services in Mainland China can be lengthy with the application process taking at least one month. Luckily, for this, Alibaba Cloud also offers comprehensive solutions and guidance to help customers enter China. Check out Alibaba Cloud's China Gateway solution, and also check out the ICP filing page for more information about the requirements involved with setting up services in China.
In the meantime, why not start using Global Accelerator to reach your Chinese userbase first? In this tutorial, we're going to help you get started bring your services to China quickly by using Global Accelerator with Source IP Address Persistence. This tutorial can be completed in a matter of just 30 minutes.
For this tutorial, you should already have an website that can be accessed through the Internet. For this purpose, I created a website hosted on an Alibaba Cloud Elastic Compute Service (ECS) instance, located in Hong Kong. As a general recommendation, consider hosting your website on Alibaba Cloud. Doing so will make this process even easier. You can access my example website here.
Now it's time to work on providing the global Accelerator service for your website. Firstly, log in to the Alibaba Cloud international console, then go to Global Accelerator console and click Create Instance.
In this example, I purchased the Small I instance type. For your reference, below are the six instance types supported by Global Accelerator service. Choose whichever instance best matches your needs.
After purchasing the instance, you should see one instance in the Global Accelerator console.
Next we will need to purchase the Accelerator bandwidth between China and the server where your website is hosted. For me, that's Hong Kong. Next, in the Global Accelerator console, click Configure Basic Bandwidth Plan.
A page will show up similar to the one below. On it, you'll need to click Buy Basic Bandwidth Plan.
For a domain without an ICP Filing, you'll need to choose the Premium Bandwidth option. You'll also need to set your peak bandwidth and duration. Once you're all finished, click Buy Now.
After purchasing the plan, you should see the Advanced Bandwidth instance in the console .
Now, it's time to work on the configuration. To start off, navigate yourselve to the Instances area from the left-side navigation pane and click Configure Basic Bandwidth Plan.
Choose the Bandwidth plan that we just purchased and then click OK.
Now that that's done, the Global Accelerator instance is ready, so we can carry on to configure the Listeners, by clicking Configure Listeners.
As part of the configuration process, you'll need to specify the Listener name. For the protocol field, choose
TCP and for the port enter
80. Once everything's complete, click OK.
On this page, specify the Endpoint Group Name, also select the Region. For me, this is Hong Kong and input the original domain name, which again for me is
nginx.alibabacloudhk.com, and last choose a weight of
100, and then click Next.
Finally, review the setup summary and then click Next to complete the setup process.
Now, we can continue to test the accelerated application very soon. When you see the Status is
Active (with a green check mark), you can click the Global Accelerator instance ID to view its details.
On the details page to appear, you should see the instance's basic information, including the CNAME that is generated. Next, we'll need to click Add Acceleration Area to complete the setup.
For this part, choose your Acceleration area and region. For me, this is
Asia Pacific and
Hong Kong. Also, allocate the Bandwidth to your instance, and then click OK. This part of the setup will assign an accelerated IP address in your selected region, and let your China users connect to it to be able to connect to your application.
After a few minutes, you should see an accelerated IP generated for you, you can also use the CNAME to resolve the same IP as well. We can now modify the DNS or host table to do the test. To do so, set up the host table in the PC and set following
18.104.22.168 nginx.alibabacloudhk.com, for example.
This verifies that the Accelerator IP is working, meaning that your application also works normally.
In the previous section, we shown how to purchase and configure the GA instance to make your application work, however, since Global Accelerator involves TCP proxy redirection, one question that remains is how to keep the source IP address persistence. Doing so is important because this is a common practice and standard, especially in the finance industry. Well, to do this, you'll need to set up source IP address persistence (But you will need to talk with your account BD/SA first, as this feature may need to be whitelisted). The setup is actually quite easy. You can start things off by checking the IP address of your computer. For this, you can use the free tool at this website.
So now that we know what our IP address is, we want our IP address to be seen in the orginal Nginx Server. Let's double check what's going on in the access log. For this, use the command tail
What we can see from the access log is that the Global Accelerator instance used a back-to-source IP address, which happens not to be the Client IP address. The numbers are different. We are going to resolve this issue now with the below steps. Global Accelerator implemented the standard "Proxy-Protocol", so what we need to implement this in the Nginx server. You can learn more about doing this here. The configuration is simple, all you need to do is modify the nginx configuration file,
/etc/nginx/nginx.conf by adding the following three lines:
listen 80 proxy_protocol; set_real_ip_from 22.214.171.124/8; real_ip_header proxy_protocol;
After doing that, try accessing the website again, and check what the IP addres is. You should able to get the Original IP in the access log now.
Next, you can monitor the traffic, and the concurrent sessions information in the console
If you have any issues, don't hesitate to contact your Client Business Manager or Solutions Architect or submit a service ticket.
Alibaba Clouder - March 4, 2021
Alibaba Clouder - January 13, 2021
Cheng - February 7, 2022
Alibaba Clouder - April 7, 2021
Haemi Kim - June 14, 2021
Alibaba Clouder - March 2, 2021
Power your progress in China by working with the NO.1 cloud provider of this dynamic market.Learn More
VPN Gateway is an Internet-based service that establishes a connection between a VPC and your on-premise data center.Learn More
Provides comprehensive quality assurance for the release of your apps.Learn More
Alibaba Cloud offers an accelerated global networking solution that makes distance learning just the same as in-class teaching.Learn More