All Products
Search
Document Center

Object Storage Service:OSS domain names

Last Updated:Oct 30, 2023

Object Storage Service (OSS) assigns a domain name to each bucket. This topic describes the composition of OSS domain names and how to use the domain names.

Format

All requests to OSS over OSS domain names, except the GetService (ListBuckets) and DescribeRegions requests, contain bucket information in the domain names.

The domain name used to access a bucket is in the BucketName.Endpoint format, where BucketName is the name of your bucket and Endpoint is the endpoint for the region in which your bucket is located.

OSS endpoints include internal endpoints, public endpoints, and acceleration endpoints.

Note
  • OSS uses RESTful API operations to provide services. Different regions are accessed by using different endpoints. For more information, see Regions and endpoints.

  • You can use internal endpoints and public endpoints without additional configurations.

  • Before you use an acceleration endpoint, you must enable the transfer acceleration feature. For more information, see Enable transfer acceleration.

  • You can also replace a public endpoint with a custom domain name to access OSS resources. For more information, see Map custom domain names or Map an acceleration endpoint.

For example, the following endpoints are used to access buckets located in the China (Hangzhou) region:

Public endpoint

oss-cn-hangzhou.aliyuncs.com

Internal endpoint

oss-cn-hangzhou-internal.aliyuncs.com

Acceleration endpoints

Acceleration endpoints include the global acceleration endpoint and the acceleration endpoint of regions outside the Chinese mainland.

  • Global acceleration endpoint

    oss-accelerate.aliyuncs.com
  • Acceleration endpoint of regions outside the Chinese mainland

    oss-accelerate-overseas.aliyuncs.com

Access OSS over the public network

The public network is the Internet. OSS allows you to upload or write data to OSS over the Internet free of charge. You are charged when you download or read data from OSS.

Note

For more information about the pricing and billing rules of OSS, see OSS pricing and Billing overview.

You can use one of the following methods to access OSS over the Internet:

Method 1: Use a URL to access an OSS object

If you use a URL to access an OSS object, the access control list (ACL) that is configured for the object determines whether you can read and write the object.

Important

To access an object, you must include the path of the object in an OSS domain name. For example, if you use examplebucket.oss-cn-hangzhou.aliyuncs.com to access an object without including the path of the object in the OSS domain name, an error is reported. To use an OSS domain name without including the path of an object to access the object, configure static website hosting. For more information, see Overview.

Object ACL

Public-read or public-read-write

Private

URL format

<Schema>://<Bucket>.<Public endpoint>/<Object>

<Schema>://<Bucket>.<Public endpoint>/<Object>?Signature information

Description

  • Schema: HTTP or HTTPS.

  • Bucket: the name of the OSS bucket.

  • Public endpoint: the endpoint used to access the region in which the bucket is located over the Internet. For more information about the endpoints used to access different regions, see Regions and endpoints.

  • Object: the path to the object.

URLs used to access private objects have all the parameters of URLs for public-read and public-read-write objects plus the signature information. The signature information of a URL includes the Expires, AccessKey ID, and Signature parameters. The Expires parameter specifies the expiration time of the URL.

For more information about how to add a signature to an object URL, see Add signatures to URLs.

Example

You create a bucket named examplebucket in the China (Hangzhou) region. The bucket contains the example.txt object. The object is in the exampledir directory and allows anonymous access. In this case, the object URL is https://examplebucket.oss-cn-hangzhou.aliyuncs.com/exampledir/example.txt.

You create a bucket named examplebucket in the China (Hangzhou) region. The bucket contains the example.txt object. The object is in the exampledir directory. The ACL of the object is set to private. In this case, the object URL is https://examplebucket.oss-cn-hangzhou.aliyuncs.com/exampledir/example.txt?OSSAccessKeyId=nz2pc56s936****&Expires=1141889120&Signature=vjbyPxybdZaNmGa%2ByT272YEAiv****.

Method 2: Use an OSS SDK to configure a public endpoint

An OSS SDK concatenates the endpoint that you specify for each operation. You must specify the endpoint based on the region in which the bucket on which you want to perform the operation resides.

The following sample code provides an example on how to use OSS SDK for Java to specify an endpoint. In this example, the endpoint is specified when OSSClient is created to manage a bucket located in the China (Hangzhou) region.

  import com.aliyun.oss.common.auth.*;
  
  EnvironmentVariableCredentialsProvider credentialsProvider = CredentialsProviderFactory.newEnvironmentVariableCredentialsProvider();
  String endpoint = "oss-cn-hangzhou.aliyuncs.com";
  OSS ossClient = new OSSClientBuilder().build(endpoint, credentialsProvider);

Access OSS over the internal network

You can use an internal endpoint to communicate between Alibaba Cloud services located within the same region over the internal network. For example, you can access an OSS bucket from an Elastic Compute Service (ECS) instance over the internal network if the OSS bucket and the ECS instance are located within the same region. You are not charged for the traffic generated over the internal network. However, you are charged for requests that you send.

Note

For more information about OSS fees, see OSS pricing and Billing overview.

You can use one of the following methods to access OSS over the internal network:

Method 1: Use a URL to access an OSS object

If you use a URL to access an OSS object, the ACL that is configured for the object determines whether you can read and write the object.

Object ACL

Public-read or public-read-write

Private

URL format

<Schema>://<Bucket>.<Internal endpoint>/<Object>

<Schema>://<Bucket>.<Internal endpoint>/<Object>?Signature information

Description

  • Schema: HTTP or HTTPS.

  • Bucket: the name of the OSS bucket.

  • Internal endpoint: the endpoint used by ECS instances to access buckets that are located in the same region as the ECS instances over the internal network. For more information about the endpoint of each region, see Regions and endpoints.

  • Object: the path to the object.

URLs used to access private objects have all the parameters of URLs for public-read and public-read-write objects plus the signature information. The signature information of a URL includes the Expires, AccessKey ID, and Signature parameters. The Expires parameter specifies the expiration time of the URL.

For more information about how to add a signature to an object URL, see Add signatures to URLs.

Example

You create a bucket named examplebucket in the China (Hangzhou) region. The bucket contains the example.txt object. The object is in the exampledir directory and allows anonymous access. The object URL is https://examplebucket.oss-cn-hangzhou-internal.aliyuncs.com/exampledir/example.txt.

You create a bucket named examplebucket in the China (Hangzhou) region. The bucket contains the example.txt object. The object is in the exampledir directory. The ACL of the object is set to private. In this case, the object URL is https://examplebucket.oss-cn-hangzhou-internal.aliyuncs.com/exampledir/example.txt?OSSAccessKeyId=nz2pc56s936****&Expires=1141889120&Signature=vjbyPxybdZaNmGa%2ByT272YEAiv****.

Method 2: Use an OSS SDK to configure an internal endpoint and access OSS from an ECS instance over the internal network

The following sample code provides an example on how to use OSS SDK for Java to specify an internal endpoint. In this example, the endpoint is set to the internal endpoint of the China (Hangzhou) region to manage a bucket located in the China (Hangzhou) region.

  import com.aliyun.oss.common.auth.*;

  EnvironmentVariableCredentialsProvider credentialsProvider = CredentialsProviderFactory.newEnvironmentVariableCredentialsProvider();
  String endpoint = "oss-cn-hangzhou-internal.aliyuncs.com";
  OSS ossClient = new OSSClientBuilder().build(endpoint, credentialsProvider);

If the OSS bucket and the ECS instance are located in the same region, you can use the internal endpoint to access the OSS bucket from the ECS instance over the internal network. If the OSS bucket and the ECS instance are located in different regions, you cannot use the internal endpoint to access the OSS bucket from the ECS instance over the internal network. For example, you have two OSS buckets and you purchased an ECS instance located in the China (Beijing) region.

  • One bucket is named srcbucket and located in the China (Beijing) region. You can use https://srcbucket.oss-cn-beijing-internal.aliyuncs.com to access resources in srcbucket from the ECS instance located in the China (Beijing) region.

  • The other bucket is named destbucket and located in the China (Qingdao) region. You cannot use https://destbucket.oss-cn-qingdao-internal.aliyuncs.com to access resources in destbucket from the ECS instance located in the China (Beijing) region. To access resources in destbucket from the ECS instance located in the China (Beijing) region, you must use https://destbucket.oss-cn-qingdao.aliyuncs.com to access resources in destbucket over the Internet.

Use an acceleration endpoint to access OSS

OSS provides the transfer acceleration feature to accelerate date transfers of data uploads and downloads across countries and regions. To use an acceleration endpoint to access a bucket in OSS, you must enable transfer acceleration for the bucket. After you enable transfer acceleration for a bucket, you can use the acceleration endpoint instead of the public endpoint to access the bucket and accelerate data transfers.

For example, you want to access the myphoto.jpg object in the root directory of the examplebucket bucket from a browser and use the global acceleration endpoint to accelerate your access. The ACL of the object is public-read or public-read-write. In this case, the URL of the object is https://examplebucket.oss-accelerate.aliyuncs.com/myphoto.jpg.

If the ACL of the myphoto.jpg object is private, you must add signature information to the object URL. Example: https://examplebucket.oss-accelerate.aliyuncs.com/myphoto.jpg?OSSAccessKeyId=nz2pc56s936****&Expires=1141889120&Signature=vjbyPxybdZaNmGa%2ByT272YEAiv****. For more information about how to add a signature to an object URL, see Add signatures to URLs.

For more information about transfer acceleration, see Enable transfer acceleration.

Use an endpoint that supports IPv6 to access OSS

Internet Protocol version 6 (IPv6) is the latest version of the Internet Protocol developed by the Internet Engineering Task Force (IETF) to replace Internet Protocol version 4 (IPv4). IPv6 can provide sufficient IP addresses to meet future requirements. You can access OSS by using dual-stack endpoints that support both IPv4 and IPv6.

You can use a dual-stack endpoint to access your bucket from your client. The Domain Name System (DNS) server resolves the endpoint to an IPv6 or an IPv4 address and returns the OSS server address based on the protocol used by the client. For example, the public endpoint for the China (Hangzhou) region is cn-hangzhou.oss.aliyuncs.com. If you have a bucket named examplebucket in this region, you can access the bucket from an IPv4 client and an IPv6 client by using the same domain name: https://examplebucket.cn-hangzhou.oss.aliyuncs.com.

Important

You cannot access OSS from ECS over the classic network by using IPv4 or IPv6.

You can use the following endpoints to access OSS over IPv6:

Note

The OSS console displays only the endpoints that support IPv4. The endpoints that support IPv6 can also be used to access OSS buckets. The following table describes the endpoints that support IPv6. For more information about endpoints, see Regions and endpoints.

Region

Endpoint

China (Hangzhou)

cn-hangzhou.oss.aliyuncs.com

China (Shanghai)

cn-shanghai.oss.aliyuncs.com

China (Qingdao)

cn-qingdao.oss.aliyuncs.com

China (Beijing)

cn-beijing.oss.aliyuncs.com

China (Zhangjiakou)

cn-zhangjiakou.oss.aliyuncs.com

China (Hohhot)

cn-huhehaote.oss.aliyuncs.com

China (Ulanqab)

cn-wulanchabu.oss.aliyuncs.com

China (Shenzhen)

cn-shenzhen.oss.aliyuncs.com

China (Heyuan)

cn-heyuan.oss.aliyuncs.com

China (Guangzhou)

cn-guangzhou.oss.aliyuncs.com

China (Chengdu)

cn-chengdu.oss.aliyuncs.com

China (Hong Kong)

cn-hongkong.oss.aliyuncs.com

China East 1 Finance

cn-hangzhou-finance.oss.aliyuncs.com

China East 2 Finance

cn-shanghai-finance.oss.aliyuncs.com

China South 1 Finance

cn-shenzhen-finance.oss.aliyuncs.com