All Products
Search
Document Center

CDN:Accelerate the retrieval of resources from an OSS bucket

Last Updated:Oct 31, 2023

You can use Alibaba Cloud CDN to accelerate the retrieval of static resources from an Object Storage Service (OSS) bucket. This topic describes how to accelerate the retrieval of resources from an OSS bucket by using the Alibaba Cloud CDN console and the use scenarios of Alibaba Cloud CDN.

Benefits

OSS is a cost-effective storage service. Alibaba Cloud CDN can accelerate the delivery of static resources. OSS buckets as origin servers provide the following benefits:

  • All requests destined for the origin server are redirected to Alibaba Cloud CDN points of presence (POPs). This reduces loads on the origin server.

  • You are charged for outbound data transfer from Alibaba Cloud CDN instead of outbound data transfer over the Internet from OSS. Outbound data transfer from Alibaba Cloud CDN is billed at a lower price.

  • Clients retrieve static resources from the nearest POPs. This minimizes the network transmission distance and ensures the quality of data transmission.

Architecture

If an origin server is an OSS bucket, Alibaba Cloud CDN caches the static resources, including scripts, images, audio files, and video files, from the bucket to POPs. When users request the resources, the POPs return the requested resources to the users. This accelerates content delivery.

The following figure shows the architecture.场景图

Sample scenario

The website image.example.com requires acceleration for image retrieval from an OSS bucket. The following table describes the business requirements and related information.

Item

Description

Example

Website domain name

The domain name that is accelerated by Alibaba Cloud CDN.

image.example.com

Business type

Determine the business type based on the website content.

If the website distributes images, set the business type to Image and Small File.

Image and Small File

Acceleration region

The region where the website visitors are located.

Chinese Mainland Only

Origin server domain name

Select an OSS bucket that belongs to the current Alibaba Cloud account, or enter the public domain name of an OSS bucket.

***.oss-cn-hangzhou.aliyuncs.com

Other features

Enable other features based on your business requirements.

  • Increase cache hit ratios by adding cache rules.

  • Specify domain names for back-to-origin routing by configuring origin hosts.

  • Protect OSS buckets from unauthorized access by enabling access control for private OSS buckets.

  • Accelerate delivery for specific resources by enabling range origin fetch.

  • Increase the cache hit ratio and accelerate file distribution by enabling parameter filtering.

  • Protect POPs from hotlinking by configuring Referer whitelists or Referer blacklists.

  • Protect websites from hotlinking issues and IP theft by enabling URL signing.

Procedure

The following procedure shows how to use Alibaba Cloud CDN to accelerate content delivery for a website. The preceding scenario is used as an example.流程图

Billing

If the origin server is an OSS bucket, you are charged for outbound data transfer from Alibaba Cloud CDN (charged by Alibaba Cloud CDN) and data transfer from OSS to Alibaba Cloud CDN (charged by OSS). For more information, see Billing of OSS content acceleration.

Step 1: Make preparations

  • An Alibaba Cloud account is created, and real-name verification is completed for the account. For more information, visit the Sign up to Alibaba Cloud and Real-name Registration pages.

  • Alibaba Cloud CDN and OSS are activated. For more information, see Activate Alibaba Cloud CDN and Activate OSS.

  • An OSS bucket is created and its access control list (ACL) is set to private. For more information, see Create buckets and Bucket ACL.

    Note

    Private OSS buckets do not allow unauthorized access. This prevents hotlinking.

  • A domain name to be accelerated is prepared.

Step 2: Add the domain name to be accelerated

  1. Log on to the Alibaba Cloud CDN console.

  2. In the left-side navigation pane, click Domain Names, click Add Domain Name, and then configure the following parameters. The scenario that is described in Sample scenario is used an as example.

    Note
    • Domain Name to Accelerate: Enterimage.example.com.

    • Business Type: Select Image and Small File.

    • Region: Select Chinese Mainland Only.

  3. Click Add Origin Server to add an origin server.

    Set Origin Info to OSS Domain and select an OSS bucket that belongs to the current account from the Domain Name drop-down list or enter the public domain name of an OSS bucket. Keep the default values for other parameters. ***.oss-cn-hangzhou.aliyuncs.com is used in this example.

    Note
    • Internal domain names of OSS buckets are not supported.

    • You can obtain the public domain name of an OSS bucket in the OSS console.

    • For information about the parameters and usage notes, see Step 2: Set up origin servers.

  4. After you add an origin server, click Next.

  5. Wait for manual verification.

    Note

    If the domain name does not need to be manually verified, proceed to the next step. In the next step, you can set the parameters based on your business requirements.

    After the domain name passes the verification, the status of the domain name changes to Enabled. In this case, the domain name is added to Alibaba Cloud CDN.

  6. View the CNAME that is assigned to the domain name when the value in the Status column changes to Enabled. The CNAME for the domain name that is used in this example is image.example.com.w.kunlunsl.com.

Step 3: Configure the domain name

To improve acceleration performance, secure data transmission, and accelerate content delivery, you can enable relevant features based on your business requirements.

  1. In the Alibaba Cloud CDN console, navigate to the Domain Names page, find the domain name that you want to manage, and then click Manage.

  2. Configure the following features based on your business requirements.

    Scenario

    Description

    References

    Increase the cache hit ratio

    Specify a time to live (TTL) value for cached resources based on the following rules to increase the cache hit ratio:

    • Specify a TTL of one month or longer for static files that are infrequently updated, such as images and application packages.

    • Specify a TTL based on your business requirements for static files that are frequently updated, such as JavaScript and CSS files.

    • Specify a TTL of 0 seconds to disable caching for dynamic files, such as PHP, JSP, and ASP files.

    Create a cache rule for resources

    Specify a site to which POPs redirect requests

    By default, the address of the host is the domain name of the OSS bucket. In this example, the domain name of the OSS bucket is ***.oss-cn-hangzhou.aliyuncs.com.

    If a custom domain name such as origin.developer.aliyundoc.com is mapped to the OSS bucket, you need to set Domain Type to Custom Domain, and set the origin host to origin.developer.aliyundoc.com. For more information, see Configure the default origin host.

    Configure the default origin host

    Protect OSS buckets from unauthorized access

    By default, OSS buckets are accessible over the Internet. If you want to protect OSS buckets from unauthorized access, you can set the ACL of OSS buckets to private and enable the private bucket access feature. This way, Alibaba Cloud CDN has permissions to redirect requests only to OSS buckets that belong to the same account as Alibaba Cloud CDN.

    Grant Alibaba Cloud CDN access permissions on private OSS buckets

    Note

    Before you perform this operation, set the ACL of OSS buckets to private to allow only authorized access. For more information, see Modify the ACL of a bucket.

    Accelerate file distribution on POPs

    After you enable range origin fetch, the OSS bucket that serves as the origin server returns the chunk of file that is specified by the Range header to POPs. This reduces origin traffic and accelerates content delivery.

    Note

    Range origin fetch is suitable for large file distribution scenarios such as audio and video streaming. Range origin fetch is not suitable for small file distribution scenarios. You do not need to enable range origin fetch when you use Alibaba Cloud CDN to accelerate the delivery of images.

    Range origin fetch

    • Increase the cache hit ratio

    • Increase file distribution efficiency

    After you enable parameter filtering, POPs remove parameters that follow the question mark (?) from request URLs. This way, requests that carry different query strings but are destined for the same resource can hit the cache. This increases the cache hit ratio and reduces origin traffic.

    Ignore parameters

    Protect websites from hotlinking

    After you configure a Referer whitelist or blacklist, Alibaba Cloud CDN allows or blocks requests based on user identities. If a request is allowed, Alibaba Cloud CDN returns the URL of the requested resource. If a request is blocked, Alibaba Cloud CDN returns the HTTP 403 status code.

    Configure a Referer whitelist or blacklist to enable hotlink protection

    Protect websites from hotlinking and IP theft

    URL signing cannot be performed without the origin server. The origin server generates signed URLs based on the URL signing settings on the POPs. After you enable URL signing, only requests that pass authentication can access resources on POPs.

    Configure URL signing

Step 4: Add a CNAME record

You need to add a CNAME record in the system of your DNS service provider to map the domain name to the CNAME before requests can be redirected to POPs. Otherwise, CDN acceleration cannot take effect.

In the following example, Alibaba Cloud DNS is used to show how to add a CNAME record.

Note

For more information, see Add a CNAME record for a domain name.

  1. Log on to the Alibaba Cloud DNS console with the Alibaba Cloud account to which the accelerated domain name belongs.

  2. Navigate to the Manage DNS page, find the root domain name of the accelerated domain name example.com, and then click Configure in the Actions column.

  3. Click Add DNS Record and add a CNAME record.

    • Record Type: Select CNAME.

    • Hostname: Enter image.

    • Record Value: Enter the CNAME that is assigned to the accelerated domain name. In this example, image.example.com.w.kunlunsl.com is used.

    • Keep the default values for other parameters.

  4. Optional: Check whether the CNAME record is in effect.

    • Method 1: Quick verification in the Alibaba Cloud CDN console
      1. Log on to the Alibaba Cloud CDN console and navigate to the Domain Names page.
      2. Select the domain name and move the pointer over the CNAME Status column. The CNAME Configuration Guide tooltip appears.
      3. Click Open Configuration Guide and then click Search.
    • Method 2: Run the ping command
      1. Open Command Prompt in Windows.
      2. Run the ping Accelerated domain name command in the CLI. If the CNAME in the output is the same as the CNAME that is assigned to the domain name in the CDN console, CDN acceleration is enabled for the domain name. Check whether the CNAME record is in effect

What to do next

After you set the ACL of the OSS bucket to private, requests that are sent to the domain name of the OSS bucket trigger the AccessDenied error. After the CNAME record takes effect and you set the ACLs of the resources to be accessed to public-read, you can access resources in the OSS bucket by using one of the following methods:

  • Concatenate the accelerated domain name and file path, and then enter the concatenated URL into a web browser. For example, if the accelerated domain name is aliyundoc.com and you want to access the file image_01.jpg in the root directory, you can send a request to http://aliyundoc.com/image_01.jpg.

  • Set the domain name of the OSS bucket to the accelerated domain name in your client. This way, you can access resources in the OSS bucket by using the accelerated domain name from your client.

References

For information about how to map an accelerated domain name in the OSS console and use Alibaba Cloud CDN to accelerate access to OSS, see Map accelerated domain names and Use CDN to accelerate access to OSS.