Alibaba Cloud CDN caches Object Storage Service (OSS) resources on points of presence (POPs) that are closer to requesters to accelerate access to OSS. Alibaba Cloud CDN provides higher bandwidth than OSS and allows requesters to access OSS without being affected by outbound bandwidth limits of OSS and geographical distances.
Scenarios
You can use Alibaba Cloud CDN to accelerate OSS access for better user experience in various scenarios:
Online audio and video playback
In online audio and video playback scenarios, you can use Alibaba Cloud CDN to deliver audio and video content from OSS to Alibaba Cloud POPs that are distributed globally. This way, you can reduce audio and video buffering time, which improves user experience.
Highly concurrent access
In case of highly concurrent access requests to your website or application, Alibaba Cloud CDN can distribute the access requests to multiple POPs for load balancing. This helps reduce the server load and maintain a fast response speed on the origin website or application.
Transfers of large objects
If you need to access large objects in OSS or download large objects from OSS, you can use Alibaba Cloud CDN to improve bandwidth and data transfer speed, which helps reduce the time required to download objects.
Global access
If your website or application is intended for users around the world, you can use Alibaba Cloud CDN to cache content on POPs that are closer to users for lower latency and faster access.
Prerequisites
An OSS bucket is created and resources are uploaded to the bucket. For more information, see Upload objects.
Alibaba Cloud CDN is activated. For more information, see Activate Alibaba Cloud CDN.
A second-level domain name is registered. You can map a domain name that is not registered with Alibaba Cloud to a bucket. If you do not have a domain name, you can register one with Alibaba Cloud Domain Names. For more information, see Register a domain name on Alibaba Cloud.
An Internet Content Provider (ICP) filing is obtained for your domain name if the bucket to which you want to map the domain name resides in the Chinese mainland. You can map a domain name whose ICP filing is not completed by using the Alibaba Cloud ICP Filing system. If you have not applied for an ICP filing for your domain name, you can apply for an ICP filing by using the Alibaba Cloud ICP Filing system. For more information, see ICP filing application overview.
Background information
To better handle increased data access and avoid performance bottlenecks, we recommend that you store static data in OSS and use Alibaba Cloud CDN to accelerate access to OSS. This transforms the traditional website architecture to the cloud-based website architecture. The architecture transformation greatly improves the stability and reliability of your website and significantly improves the access speed of the website.
Traditional website architecture
Cloud-based website architecture
Billing rules
If the origin server is an OSS bucket, you may be charged for outbound data transfer from Alibaba Cloud CDN (charged by Alibaba Cloud CDN) and data transfer from OSS to Alibaba Cloud CDN (charged by OSS). For more information, see Billing of OSS content acceleration.
Procedure
In the following steps, oss.example.com
is used as an accelerated domain name that accelerates access to a bucket. You can specify a root domain name, second-level domain name, or wildcard domain name as the accelerated domain name.
Step 1: Add and resolve a domain name
Quick deployment
You can use Resource Orchestration Service (ROS) to add a domain name that you want to accelerate and resolve the domain name to the CNAME assigned by Alibaba Cloud CDN.
Go to the Create Stack wizard in the ROS console.
In the Configure Parameters step of the Create Stack wizard, specify the domain name that you want to accelerate (
oss.example.com
in this example) in the Accelerated domain name field, specify the public domain name of the bucket to which you want to accelerate access in the Source station information field, and click Create.On the Stack Information tab of the page that appears, the status of the stack is displayed as Creating.Status
After the status of the stack becomes Created, click the Outputs tab to view the CNAME.
Manual deployment
Add the domain name that you want to accelerate.
Log on to the Alibaba Cloud CDN console. In the left-side navigation pane, click Domain Names.
On the Domain Names page, click Add Domain Name. On the page that appears, configure the following parameters:
Region: Select Chinese Mainland Only.
Domain Name to Accelerate: Enter the domain name that you want to specify as the accelerated domain name. In this example, enter oss.example.com.
Business Type: Select Image and Small File.
Origin Servers: Click Add Origin Server. In the dialog box that appears, select OSS Domain for Origin Info, and then select the domain name of the bucket for which you want to accelerate access from the Domain Name drop-down list. Retain the default settings for other parameters. Click OK.
Read the Compliance Warranty Regarding Cross-border Data Transfers, select I have read and agree to the preceding compliance commitment, click Next, and then click Back to Domain Management.
Wait until the status of the domain name becomes Running. Copy the value of the CNAME record. In this example, the value of the CNAME record is oss.example.com.w.kunlunaq.com.
Resolve the domain name.
Log on to the DNS console. In the left-side navigation pane, select Domain Name Resolution.
On the Domain Name Resolution page, find the accelerated domain name (
oss.example.com
in this example) and click DNS Settings.On the DNS Settings page, click Add DNS Record.
In the Add DNS Record panel, configure the following parameters:
Record Type: Select CNAME from the drop-down list.
Hostname: In this example, enter oss.
Value: Enter oss.example.com.w.kunlunaq.com in this example.
Other parameters: Retain the default settings.
Click OK. Wait a few minutes and then run the ping command to check whether the accelerated domain name takes effect. If the result is similar to the result that is shown in the following figure, the accelerated domain name takes effect.
Step 2: Enable auto CDN cache update
Map the accelerated domain name to the bucket.
In the left-side navigation pane of the OSS console, click Buckets. On the Buckets page, click the name of the bucket.
In the left-side navigation tree, choose
.Click Map Custom Domain Name. In the Map Custom Domain Name panel, enter
oss.example.com
in the Domain Name field, turn on Automatically Add CNAME Record, and click Submit.For more information, see Map custom domain names.
Enable auto CDN cache update.
On the Domain Names page, find the accelerated domain name and click Supported Operations in the Auto CDN Cache Update column.
In the drop-down list, select the API operations that trigger automatic updates of CDN cache and click OK.
Optional. Configure a time-to-live (TTL) for static resources by directory or file name extension.
When the TTL ends, the resources cached on the POPs become invalid and unavailable. Requests that attempt to access expired resources are redirected to the origin server. If the resources are retrieved from the origin server, the resources are cached on the POPs. For more information, see Create a cache rule for resources.
Step 3: Access an OSS object by using the accelerated domain name
View the URL of an object.
In the left-side navigation pane of the OSS console, click Buckets. On the Buckets page, click the name of the bucket.
In the left-side navigation tree, choose Object Management > Objects. On the Objects page, find the object whose URL you want to view and click View Details in the Actions column.
In the View Details panel, select the accelerated domain name (oss.example.com in this example) from the Custom Domain Name drop-down list. The URL of the object starts with the accelerated domain name.
Configure an HTTPS certificate.
To encrypt information that is communicated between clients and POPs for better security, you can configure access over HTTPS. An SSL certificate is required for access over HTTPS. For more information, see Configure an SSL certificate.
Access an object by using its URL in a browser.
Access a public-read object
Click Copy Object URL.
Access the object by using the URL and use the developer tools of your browser to view the details. The following figure shows that the accelerated domain name takes effect and the object is cached on Alibaba Cloud CDN.
Access a private object
Grant Alibaba Cloud CDN access permissions on a private bucket. For more information, see Enable access to private OSS buckets.
ImportantIf back-to-origin routing is enabled for a private bucket, Alibaba Cloud CDN adds the Authorization header to back-to-origin requests that are sent to the bucket and sets the header value to the authentication signature information of the bucket.
Click Copy Object URL.
Delete the signature information from the object URL.
For example, if the original URL of the private object is
https://oss.example.com/outside.jpg?Expires=1700628094&OSSAccessKeyId=TMP.3****&Signature=B****
, the new URL after you delete the signature information ishttps://oss.example.com/outside.jpg
.ImportantA request to an OSS bucket cannot contain signature information in both the Authorization header and URL request parameters. If back-to-origin requests to a bucket have the Authorization header, object URLs cannot contain signature information, such as
Expires
,Signature
, andOSSAccessKeyId
. Otherwise, OSS authentication fails. For more information, see 0002-00000039.Use the object URL that contains no signature information to access the object. Use the developer tools of the browser to check whether the object is cached on Alibaba Cloud CDN. The following figure shows that an object is cached on Alibaba Cloud CDN.
Optional. Configure Referer-based hotlink protection or URL signing to prevent unauthorized access.
Referer-based hotlink protection
Referer-based hotlink protection identifies and filters requesters based on the Referer header in requests to implement access control and prevent unauthorized access. For more information, see Configure a Referer whitelist or blacklist to enable hotlink protection.
URL signing
Content that is delivered by Alibaba Cloud CDN is publicly available. Any requester who has the URL of an object can access the object. To prevent unauthorized access to resources on your website, you can configure URL signing that adds signature strings and timestamps to URLs for access control. For more information, see Configure URL signing.