Container Registry supports custom domain names. This feature allows you to create a custom domain name that has an SSL certificate for a Container Registry Enterprise Edition instance. In this case, you can use the custom domain name to access the instance based on the HTTPS protocol. This topic describes how to use a custom domain name to access a Container Registry Enterprise Edition instance.

Prerequisites

  • An Internet Content Provider (ICP) filing is applied for a domain name.
    A domain name consists of a string of labels separated by periods (.). You can identify the location of a Container Registry Enterprise Edition instance based on its domain name. You can register a domain name in the Domains console. For more information, see What is Alibaba Cloud Domains?.
    Note If a Container Registry Enterprise Edition instance is deployed outside China, you do not have to apply for an ICP filing for the domain name.
  • An SSL certificate is obtained.

    SSL certificates comply with the HTTPS protocol. If a Container Registry Enterprise Edition instance has an SSL certificate, you can enable identity verification and HTTPS encryption for the instance. This secures data transmission.

    SSL Certificates Service provides digital server certificates issued by certification authorities (CAs) both inside and outside China on the Alibaba Cloud platform. SSL Certificates Service helps you convert your service from HTTP to HTTPS at a low cost. You can purchase or upload an SSL certificate in the SSL Certificates Service console. For more information, see Overview.

  • Alibaba Cloud DNS is activated.

    Alibaba Cloud DNS can route user traffic to a Container Registry Enterprise Edition instance by resolving a custom domain name to an IP address. For more information, see Activate PrivateZone and Purchase an Alibaba Cloud DNS instance.

  • A RAM role that has permissions on SSL certificates is configured.

    Before you use a custom domain name, create a RAM role for your Alibaba Cloud account and grant the RAM role permissions to access SSL certificates. This enables Container Registry to access SSL certificates. For more information, see Grant permissions to a RAM role before you use a custom domain name.

Create a custom domain name

A Container Registry Enterprise Edition instance supports default and custom domain names.
  • Each instance provides two default domain names: a public domain name and a private domain name.
  • You can create custom domain names for an instance.
  1. Log on to the Container Registry console.
  2. In the top navigation bar, select a region.
  3. In the left-side navigation pane, choose Enterprise Instances > Instances.
  4. On the Instance page, click the name of the Container Registry Enterprise Edition instance or click Manage in the Actions column for the instance.
  5. In the left-side navigation pane, choose Repositories > Domain.
  6. On the page that appears, click Add Domain Name.
  7. In the Add Domain Name dialog box, specify Domain Name and Certificate ID. Then, click OK.
    Note You can take the following steps to delete a domain name. On the Domain page, find the domain name that you want to delete and click Delete in the Actions column. In the message that appears, click OK.

Configure access over the Internet and Alibaba Cloud DNS

Access over the Internet

After you configure access over the Internet and Alibaba Cloud DNS, you can use a custom domain name to access your Container Registry Enterprise Edition instance over the Internet.

  1. Configure access over the Internet. For more information, see Configure access over the public network.
  2. Log on to the Alibaba Cloud DNS console.
  3. In the left-side navigation pane, click Manage DNS.
  4. On the Domains tab, click Add Domain Name. In the Add Domain Name dialog box, enter a custom domain name and click OK.
  5. On the Domains tab, find the domain name that you want to manage, and click Configure in the Actions column.
  6. On the DNS settings page of the domain name, click Add Record.
  7. In the Add Record pane, configure the following parameters and click Confirm.
    Parameter Description
    Type Select CNAME from the drop-down list.
    Host Enter a custom domain name.
    ISP Line In this example, select Default.
    Value Enter the default public domain name.
    TTL The amount of time for a record to be cached. A smaller value indicates the less amount of time. The default value is 10 minutes.
    After you add a record, you can use the custom domain name to access your Container Registry Enterprise Edition instance over the Internet.

Access over a virtual private cloud (VPC)

After you configure access over a VPC and PrivateZone, you can use a custom domain name to access your Container Registry Enterprise Edition instance over a VPC.

  1. Configure access over a VPC. For more information, see Configure access over VPCs.
  2. Log on to the Alibaba Cloud DNS console.
  3. In the left-side navigation pane, click PrivateZone.
  4. On the Hosted Zones tab, click Add Zone.
  5. In the Add PrivateZone dialog box, enter a custom domain name in the Zone Name field. For example, you can enter www.example.com, select the Subdomain recursive resolution proxy check box, and then click OK.
  6. On the Hosted Zones tab, find the zone that you want to manage, and click Configure in the Actions column.
  7. On the resolution settings page of the zone, click Add Record.
  8. In the Add Record dialog box, configure the following parameters and click OK.
    Parameter Description
    Record Type Select CNAME from the drop-down list.
    Resource Records Set the value to @.
    Record Value Enter the default private domain name.
    TTL Value Retain the default value.
    On the Resolution Settings tab, you can view the newly added record.
  9. Return to the PrivateZone page. On the Hosted Zones tab, find the zone that you want to manage, and click Bind VPC in the Actions column.
  10. In the Bind VPC dialog box, click Continue to associate VPC and select the VPC in Step 1. Then, click Confirm.
    On the Hosted Zones tab, Bind VPC Status of the zone changes to Bind. In this case, you can use the custom domain name to access your Container Registry Enterprise Edition instance over the VPC.