Container Registry supports custom domain names. This feature allows you to add a custom domain name that has an SSL certificate for a Container Registry Enterprise Edition instance. In this case, you can use the custom domain name to access the instance based on the HTTPS protocol. This topic describes how to use a custom domain name to access a Container Registry Enterprise Edition instance.

Prerequisites

  • An Internet Content Provider (ICP) filing is obtained for a domain name.
    A domain name consists of a series of labels that are separated by periods (.). You can identify the location of a Container Registry Enterprise Edition instance based on its domain name. You can register a domain name in the Alibaba Cloud Domains console. For more information, see What is Alibaba Cloud Domains?.
    Note If a Container Registry Enterprise Edition instance is deployed outside China, you do not need to obtain an ICP filing for the domain name.
  • An SSL certificate is obtained.

    SSL certificates comply with the HTTPS protocol. If a Container Registry Enterprise Edition instance uses a domain name that has an SSL certificate, you can enable identity verification and HTTPS encryption for the instance. This secures data transmission.

    SSL Certificates Service provides digital server certificates that are issued by certification authorities (CAs) both inside and outside China on the Alibaba Cloud platform. SSL Certificates Service helps you convert your service from HTTP to HTTPS at the minimum cost. You can purchase or upload an SSL certificate in the SSL Certificates Service console. For more information, see Select and purchase certificates.

  • Alibaba Cloud DNS is activated.

    Alibaba Cloud DNS can resolve a custom domain name to the IP addresses of the Container Registry Enterprise Edition instance. Then, requests can be routed to the Container Registry Enterprise Edition instance. For more information, see Activate Alibaba Cloud DNS PrivateZone.

  • A RAM role that has permissions on SSL certificates is configured.

    Before you use a custom domain name, create a RAM role for your Alibaba Cloud account and grant the RAM role permissions to access SSL certificates. This enables Container Registry to access SSL certificates. For more information, see Grant permissions to a RAM role before you use a custom domain name.

Add a custom domain name

A Container Registry Enterprise Edition instance supports default and custom domain names.
  • Each instance provides two default domain names: a public domain name and a private domain name.
  • You can add custom domain names for an instance.
  1. Log on to the Container Registry console.
  2. In the top navigation bar, select a region.
  3. In the left-side navigation pane, click Instances.
  4. On the Instances page, click the required Container Registry Enterprise Edition instance.
  5. In the left-side navigation pane, choose Repositories > Domain.
  6. On the page that appears, click Add Domain Name.
  7. In the Add Domain Name dialog box, set the Domain Name and Certificate ID parameters. Then, click Confirm.
    Note You can perform the following steps to delete a domain name. On the Domain page, find the domain name that you want to delete and click Delete in the Actions column. In the message that appears, click OK.

Configure access control and Alibaba Cloud DNS

Access over the Internet

After you configure access over the Internet and manage the custom domain name in Alibaba Cloud DNS, you can use the custom domain name to access your Container Registry Enterprise Edition instance over the Internet.

  1. Configure access over the Internet. For more information, see Configure access over the Internet.
  2. Log on to the Alibaba Cloud DNS console.
  3. In the left-side navigation pane, click Manage DNS.
  4. On the Authority Domains tab, click Add Domain Name. In the Add Domain Name dialog box, enter the custom domain name and click OK.
  5. On the Authority Domains tab, find the domain name that you want to manage, and click Configure in the Actions column.
  6. On the DNS Settings page, click Add Record.
  7. In the Add Record panel, set the following parameters and click Confirm.
    Parameter Description
    Record Type Select CNAME from the drop-down list.
    Host Enter the custom domain name.
    ISP Line In this example, select Default.
    Value Enter the default public domain name.
    TTL The amount of time that the record is cached. A smaller value indicates a higher speed at which the record takes effect. The default time is 10 minutes.
    After you add a record, you can use the custom domain name to access your Container Registry Enterprise Edition instance over the Internet.

Access over a VPC

After you configure access over a virtual private cloud (VPC) and PrivateZone, you can use the custom domain name to access your Container Registry Enterprise Edition instance over a VPC.

  1. Configure access over a VPC. For more information, see Configure access over VPCs.
  2. Log on to the Alibaba Cloud DNS console.
  3. In the left-side navigation pane, click PrivateZone.
  4. On the Hosted Zones tab, click Add Zone.
  5. In the Add PrivateZone dialog box, enter the custom domain name in the Zone Name field. For example, you can enter www.example.com. Then, select Subdomain recursive resolution proxy and click OK.
  6. On the Hosted Zones tab, find the private zone that you want to manage, and click Configure in the Actions column.
  7. On the Resolution Settings page, click Add Record.
  8. In the Add Record dialog box, set the following parameters and click OK.
    Parameter Description
    Record Type Select CNAME from the drop-down list.
    Resource Records Set the parameter to @.
    Record Value Enter the default private domain name.
    TTL Value Retain the default value.
    On the Resolution Settings tab, you can view the newly added record.
  9. Return to the PrivateZone page. On the Hosted Zones tab, find the private zone that you want to manage, and click Bind VPC in the Actions column.
  10. In the Bind VPC message, click Continue to associate VPC. In the Bind VPC panel, select the VPC in Step 1. Then, click Confirm.
    On the Hosted Zones tab, the value in the Bind VPC Status column of the zone changes to Bind. In this case, you can use the custom domain name to access your Container Registry Enterprise Edition instance over the VPC.