All Products
Search
Document Center

Object Storage Service:Use Alibaba Cloud CDN to accelerate access to OSS

Last Updated:Jan 04, 2024

Alibaba Cloud CDN caches Object Storage Service (OSS) resources on points of presence (POPs) that are closer to requesters to accelerate access to OSS. Alibaba Cloud CDN provides higher bandwidth than OSS and allows requesters to access OSS without being affected by outbound bandwidth limits of OSS and geographical distances.

Scenarios

You can use Alibaba Cloud CDN to accelerate OSS access for better user experience in various scenarios:

  • Online audio and video playback

    In online audio and video playback scenarios, you can use Alibaba Cloud CDN to deliver audio and video content from OSS to Alibaba Cloud POPs that are distributed globally. This way, you can reduce audio and video buffering time, which improves user experience.

  • Highly concurrent access

    In case of highly concurrent access requests to your website or application, Alibaba Cloud CDN can distribute the access requests to multiple POPs for load balancing. This helps reduce the server load and maintain a fast response speed on the origin website or application.

  • Transfers of large objects

    If you need to access large objects in OSS or download large objects from OSS, you can use Alibaba Cloud CDN to improve bandwidth and data transfer speed, which helps reduce the time required to download objects.

  • Global access

    If your website or application is intended for users around the world, you can use Alibaba Cloud CDN to cache content on POPs that are closer to users for lower latency and faster access.

Prerequisites

  • An OSS bucket is created and resources are uploaded to the bucket. For more information, see Upload objects.

  • Alibaba Cloud CDN is activated. For more information, see Activate Alibaba Cloud CDN.

  • A second-level domain name is registered. You can map a domain name that is not registered with Alibaba Cloud to a bucket. If you do not have a domain name, you can register one with Alibaba Cloud Domain Names. For more information, see Register a domain name on Alibaba Cloud.

  • An Internet Content Provider (ICP) filing is obtained for your domain name if the bucket to which you want to map the domain name resides in the Chinese mainland. You can map a domain name whose ICP filing is not completed by using the Alibaba Cloud ICP Filing system. If you have not applied for an ICP filing for your domain name, you can apply for an ICP filing by using the Alibaba Cloud ICP Filing system. For more information, see ICP filing application overview.

Background information

To better handle increased data access and avoid performance bottlenecks, we recommend that you store static data in OSS and use Alibaba Cloud CDN to accelerate access to OSS. This transforms the traditional website architecture to the cloud-based website architecture. The architecture transformation greatly improves the stability and reliability of your website and significantly improves the access speed of the website.

Traditional website architecture

In the traditional website architecture, dynamic and static resources are not separated. Therefore, the performance of a website is bottlenecked when access to the website increases. The following figure shows an example of the traditional website architecture.

image

The traditional architecture has the following characteristics:

  • Dynamic and static resources are stored on the same server.

  • Users can directly access the server to request data.

The traditional website architecture has the following disadvantages:

  • Web server overloading

    Dynamic data and static data share the same server. When access to the website increases, the server may not be able to accommodate the high load, which may cause the website to slow down or even crash.

  • Storage space expansion

    The storage space of static resources is limited by the hard disk capacity of the server. When the storage space is insufficient, the hard disks of the server must be expanded or upgraded, which requires additional capital and time.

Cloud-based website architecture

In the cloud-based website architecture, dynamic and static resources are separated. Therefore, the performance of a website is ensured when access to the website increases. The following figure shows an example of the cloud-based website architecture.

image

The cloud-based website architecture has the following characteristics:

  • Dynamic resources, such as web applications and databases, are stored on Elastic Compute Service (ECS) instances.

  • Static resources, such as images, video and audio files, and static scripts, are stored in OSS buckets.

  • OSS buckets serve as the origins of Alibaba Cloud CDN, which distributes objects cached on the POPs that are closest to users to accelerate data access.

The cloud-based website architecture provides the following benefits:

  • Reduced web server workload

    OSS resources are cached on and distributed from the POPs that are closest to the regions in which users are located. This way, data access is accelerated because the transmission distance is reduced.

  • Unlimited storage

    The capacity of OSS buckets can be elastically expanded. You do not need to upgrade your storage architecture.

  • Reduced storage and traffic costs

    In this architecture, you are charged storage fees for storing data in OSS buckets, outbound traffic fees for Alibaba Cloud CDN, and a low back-to-origin traffic fee. The storage fees for storing data in OSS buckets are 50% cheaper than those for the same capacity of cloud disks. The unit price of CDN traffic is only about 30% to 40% of the unit price of OSS outbound traffic over the Internet.

    Note

    For more information about storage fees in OSS, see Storage fees.

Billing rules

If the origin server is an OSS bucket, you may be charged for outbound data transfer from Alibaba Cloud CDN (charged by Alibaba Cloud CDN) and data transfer from OSS to Alibaba Cloud CDN (charged by OSS). For more information, see Billing of OSS content acceleration.

Procedure

In the following steps, oss.example.com is used as an accelerated domain name that accelerates access to a bucket. You can specify a root domain name, second-level domain name, or wildcard domain name as the accelerated domain name.

Step 1: Add and resolve a domain name

Quick deployment

You can use Resource Orchestration Service (ROS) to add a domain name that you want to accelerate and resolve the domain name to the CNAME assigned by Alibaba Cloud CDN.

  1. Go to the Create Stack wizard in the ROS console.

  2. In the Configure Parameters step of the Create Stack wizard, specify the domain name that you want to accelerate (oss.example.com in this example) in the Accelerated domain name field, specify the public domain name of the bucket to which you want to accelerate access in the Source station information field, and click Create.

    On the Stack Information tab of the page that appears, the status of the stack is displayed as Creating.Status

  3. After the status of the stack becomes Created, click the Outputs tab to view the CNAME.

Manual deployment

  1. Add the domain name that you want to accelerate.

    1. Log on to the Alibaba Cloud CDN console. In the left-side navigation pane, click Domain Names.

    2. On the Domain Names page, click Add Domain Name. On the page that appears, configure the following parameters:

      • Region: Select Chinese Mainland Only.

      • Domain Name to Accelerate: Enter the domain name that you want to specify as the accelerated domain name. In this example, enter oss.example.com.

      • Business Type: Select Image and Small File.

      • Origin Servers: Click Add Origin Server. In the dialog box that appears, select OSS Domain for Origin Info, and then select the domain name of the bucket for which you want to accelerate access from the Domain Name drop-down list. Retain the default settings for other parameters. Click OK.

    3. Read the Compliance Warranty Regarding Cross-border Data Transfers, select I have read and agree to the preceding compliance commitment, click Next, and then click Back to Domain Management.

    4. Wait until the status of the domain name becomes Running. Copy the value of the CNAME record. In this example, the value of the CNAME record is oss.example.com.w.kunlunaq.com.

  2. Resolve the domain name.

    1. Log on to the DNS console. In the left-side navigation pane, select Domain Name Resolution.

    2. On the Domain Name Resolution page, find the accelerated domain name (oss.example.com in this example) and click DNS Settings.

    3. On the DNS Settings page, click Add DNS Record.

    4. In the Add DNS Record panel, configure the following parameters:

      • Record Type: Select CNAME from the drop-down list.

      • Hostname: In this example, enter oss.

      • Value: Enter oss.example.com.w.kunlunaq.com in this example.

      • Other parameters: Retain the default settings.

    5. Click OK. Wait a few minutes and then run the ping command to check whether the accelerated domain name takes effect. If the result is similar to the result that is shown in the following figure, the accelerated domain name takes effect.

      ping

Step 2: Enable auto CDN cache update

  1. Map the accelerated domain name to the bucket.

    1. In the left-side navigation pane of the OSS console, click Buckets. On the Buckets page, click the name of the bucket.

    2. In the left-side navigation tree, choose Bucket Settings > Domain Names.

    3. Click Map Custom Domain Name. In the Map Custom Domain Name panel, enter oss.example.com in the Domain Name field, turn on Automatically Add CNAME Record, and click Submit.

      For more information, see Map custom domain names.

  2. Enable auto CDN cache update.

    1. On the Domain Names page, find the accelerated domain name and click Supported Operations in the Auto CDN Cache Update column.

    2. In the drop-down list, select the API operations that trigger automatic updates of CDN cache and click OK.

  3. Optional. Configure a time-to-live (TTL) for static resources by directory or file name extension.

    When the TTL ends, the resources cached on the POPs become invalid and unavailable. Requests that attempt to access expired resources are redirected to the origin server. If the resources are retrieved from the origin server, the resources are cached on the POPs. For more information, see Create a cache rule for resources.

Step 3: Access an OSS object by using the accelerated domain name

  1. View the URL of an object.

    1. In the left-side navigation pane of the OSS console, click Buckets. On the Buckets page, click the name of the bucket.

    2. In the left-side navigation tree, choose Object Management > Objects. On the Objects page, find the object whose URL you want to view and click View Details in the Actions column.

    3. In the View Details panel, select the accelerated domain name (oss.example.com in this example) from the Custom Domain Name drop-down list. The URL of the object starts with the accelerated domain name.

    4. Configure an HTTPS certificate.

      To encrypt information that is communicated between clients and POPs for better security, you can configure access over HTTPS. An SSL certificate is required for access over HTTPS. For more information, see Configure an SSL certificate.

  2. Access an object by using its URL in a browser.

    Access a public-read object

    1. Click Copy Object URL.

      image.png

    2. Access the object by using the URL and use the developer tools of your browser to view the details. The following figure shows that the accelerated domain name takes effect and the object is cached on Alibaba Cloud CDN.

      outside.jpg

    Access a private object

    1. Grant Alibaba Cloud CDN access permissions on a private bucket. For more information, see Enable access to private OSS buckets.

      Important

      If back-to-origin routing is enabled for a private bucket, Alibaba Cloud CDN adds the Authorization header to back-to-origin requests that are sent to the bucket and sets the header value to the authentication signature information of the bucket.

    2. Click Copy Object URL.

      2.jpg

    3. Delete the signature information from the object URL.

      For example, if the original URL of the private object is https://oss.example.com/outside.jpg?Expires=1700628094&OSSAccessKeyId=TMP.3****&Signature=B****, the new URL after you delete the signature information is https://oss.example.com/outside.jpg.

      Important

      A request to an OSS bucket cannot contain signature information in both the Authorization header and URL request parameters. If back-to-origin requests to a bucket have the Authorization header, object URLs cannot contain signature information, such as Expires, Signature, and OSSAccessKeyId. Otherwise, OSS authentication fails. For more information, see 0002-00000039.

    4. Use the object URL that contains no signature information to access the object. Use the developer tools of the browser to check whether the object is cached on Alibaba Cloud CDN. The following figure shows that an object is cached on Alibaba Cloud CDN.

      outside.jpg

  3. Optional. Configure Referer-based hotlink protection or URL signing to prevent unauthorized access.

    • Referer-based hotlink protection

      Referer-based hotlink protection identifies and filters requesters based on the Referer header in requests to implement access control and prevent unauthorized access. For more information, see Configure a Referer whitelist or blacklist to enable hotlink protection.

    • URL signing

      Content that is delivered by Alibaba Cloud CDN is publicly available. Any requester who has the URL of an object can access the object. To prevent unauthorized access to resources on your website, you can configure URL signing that adds signature strings and timestamps to URLs for access control. For more information, see Configure URL signing.