OSS assigns domain names to each bucket. This topic describes the composition of OSS domain names and how to use the domain names.

Format

All requests except the GetService requests to OSS include third-level domains. The third-level domains contain bucket information.

OSS domain names are in the BucketName.Endpoint format. BucketName indicates the name of your bucket. Endpoint indicates the domain name used to access the region where your bucket is located.

OSS endpoints include internal endpoints, public endpoints, and transfer accelerate endpoints. Accelerate endpoints include global accelerate endpoints and the accelerate endpoint of regions outside mainland China. For example, you can use the following endpoints to access the China (Hangzhou) region:
  • Public endpoint: https://oss-cn-hangzhou.aliyuncs.com
  • Internal endpoint: https://oss-cn-hangzhou-internal.aliyuncs.com
  • Global accelerate endpoint: https://oss-accelerate.aliyuncs.com
  • Accelerate endpoint of regions outside mainland China: https://oss-accelerate-overseas.aliyuncs.com

You can use internal endpoints and public endpoints without additional configurations. Before you use an accelerate endpoint, you must enable the transfer acceleration feature. For more information, see Enable transfer acceleration.

Note

Access OSS over the public network

The public network indicates the Internet. OSS allows you to upload or write data to OSS over the Internet free of charge. You are charged when you download or read data from OSS.

Note For more information about OSS fees, see OSS Pricing and Billing items and methods.

You can use one of the following methods to access OSS over the Internet:

  • Method 1: Use a URL to access an OSS object
    If you use a URL to access an OSS object, the access control list (ACL) that is configured for the object determines the permissions to read and write the object.
    Object ACL Public read or public read/write Private
    URL format <Schema>://<Bucket>.<Public endpoint>/<Object> <Schema>://<Bucket>.<Public endpoint>/<Object>?Signature information
    Parameter description
    • Schema: HTTP or HTTPS.
    • Bucket: the name of the OSS bucket.
    • Public endpoint: the domain name used to access the region where the bucket is located over the Internet. For more information about the endpoints used to access each region, see Regions and endpoints.
    • Object: the path to access the OSS object.
    Parameters in URLs, except for signature information, are configured in a similar manner in which public read objects and public read/write objects are configured. The signature information of a URL includes the Expires, AccessKey ID, and Signature elements. Expires specifies the expiration time of the URL.

    For more information about how to add signatures to an object URL, see Add signatures to a URL.

    Examples You create a bucket named examplebucketBucket in the China (Hangzhou) region. The bucket contains the example.txt object. The object is in the exampledir directory and allows anonymous access. The object URL is https://examplebucket.oss-cn-hangzhou.aliyuncs.com/exampledir/example.txt. You create a bucket named examplebucketBucket in the China (Hangzhou) region. The bucket contains the example.txt object. The object is in the exampledir directory. The ACL of the object is set to private. The object URL is https://examplebucket.oss-cn-hangzhou.aliyuncs.com/exampleobject.pdf?OSSAccessKeyId=nz2pc56s936****&Expires=1141889120&Signature=vjbyPxybdZaNmGa%2ByT272YEAiv****.
    Notice To access an object, you must include the path of an object in an OSS endpoint. If you use examplebucket.oss-cn-hangzhou.aliyuncs.com to access an object without including the path of the object in the OSS endpoint, an error is reported. To use an OSS endpoint to access an object without including the path of the object, configure static website hosting. For more information, see Overview.
  • Method 2: Use an OSS SDK to configure a public endpoint

    An OSS SDK concatenates each operation to generate an endpoint. A different endpoint is generated for operations on a bucket located in a different region.

    The following code provides an example on how to use OSS SDK for Java to specify an endpoint. In the example, the endpoint is specified when OSSClient is created to manage a bucket located in the China (Hangzhou) region.

    String accessKeyId = "<yourAccessKeyId>";
      String accessKeySecret = "<yourAccessKeySecret>";
      String endpoint = "oss-cn-hangzhou.aliyuncs.com";
      OSSClient client = new OSSClient(endpoint, accessKeyId, accessKeySecret);

Access OSS over the internal network

You can use an internal endpoint to access OSS over the internal network, which is used for communications between Alibaba Cloud services located within the same region. For example, you can access an OSS bucket from an Elastic Compute Service (ECS) instance over the internal network when the OSS bucket and the ECS instance are located within the same region. You are not charged for the inbound and outbound traffic over the internal network. However, you are charged for requests that you send.

You can use one of the following methods to access OSS over the internal network:

  • Method 1: Use a URL to access an OSS object
    If you use a URL to access an OSS object, the access control list (ACL) that is configured for the object determines the permissions to read and write the object.
    Object ACL Public read or public read/write Private
    URL format <Schema>://<Bucket>.<Internal endpoint>/<Object> <Schema>://<Bucket>.<Internal endpoint>/<Object>?Signature information
    Parameter description
    • Schema: HTTP or HTTPS.
    • Bucket: the name of the OSS bucket.
    • Internal endpoint: the domain name used to access ECS instances over the internal network within the same region. For more information about the endpoint of each region, see Regions and endpoints.
    • Object: the path to access the OSS object.
    Parameters in URLs, except for signature information, are configured in a similar manner in which public read objects and public read/write objects are configured. The signature information of a URL includes the Expires, AccessKey ID, and Signature elements. Expires specifies the expiration time of the URL.

    For more information about how to add signatures to an object URL, see Add signatures to a URL.

    Examples You create a bucket named examplebucketBucket in the China (Hangzhou) region. The bucket contains the example.txt object. The object is in the exampledir directory and allows anonymous access. The URL of the directory is https://examplebucket.oss-cn-hangzhou-internal.aliyuncs.com/exampledir/example.txt. You create a bucket named examplebucketBucket in the China (Hangzhou) region. The bucket contains the example.txt object. The object is in the exampledir directory. The ACL of the object is set to private. The object URL is https://examplebucket.oss-cn-hangzhou-internal.aliyuncs.com/exampleobject.pdf?OSSAccessKeyId=nz2pc56s936****&Expires=1141889120&Signature=vjbyPxybdZaNmGa%2ByT272YEAiv****.
  • Method 2: Use an OSS SDK to configure an internal endpoint and access OSS from an ECS instance over the internal network
    The following code provides an example on how to use OSS SDK for Java to specify an internal endpoint. In the example, the endpoint is set to the internal endpoint of the China (Hangzhou) region when you manage a bucket located in the China (Hangzhou) region.
    String accessKeyId = "<yourAccessKeyId>";
      String accessKeySecret = "<yourAccessKeySecret>";
      String endpoint = "oss-cn-hangzhou-internal.aliyuncs.com";
      OSSClient client = new OSSClient(endpoint, accessKeyId, accessKeySecret);
    If the OSS bucket and the ECS instance are located in the same region, you can use an internal endpoint to access an OSS bucket from an ECS instance over the internal network. If OSS and the ECS instance are located in different regions, you cannot use the internal endpoint to access the OSS bucket from the ECS instance over the internal network. For example, you have two buckets in OSS and you have purchased an ECS instance located in the China (Beijing) region.
    • One bucket is named srcbucket and located in the China (Beijing) region. You can use https://srcbucket.oss-cn-beijing-internal.aliyuncs.com to access resources in srcbucket from the ECS instance located in the China (Beijing) region.
    • The other bucket is named destbucket and located in the China (Qingdao) region. You cannot use https://destbucket.oss-cn-qingdao-internal.aliyuncs.com to access resources in destbucket from the ECS instance located in the China (Beijing) region. To access resources in destbucket from the ECS instance located in the China (Beijing) region, you must use https://destbucket.oss-cn-qingdao.aliyuncs.com to access resources in destbucket over the Internet.

Use an accelerate endpoint to access OSS

OSS provides transfer acceleration to improve data upload and download speeds. This feature can improve user experiences in uploads and downloads when you transfer data across countries or continents. To use an accelerate endpoint to access a bucket in OSS, you must enable transfer acceleration for the bucket. After you enable transfer acceleration for a bucket, you can use the accelerate endpoint instead of the public endpoint to access the bucket and accelerate data transfer.

An accelerate endpoint is used in the example. A browser is used to access the myphoto.jpg object in the root directory of the examplebucket bucket. The ACL of the object is set to public read or public read/write. The URL of the object is https://examplebucket.oss-accelerate.aliyuncs.com/myphoto.jpg.

If the ACL of the myphoto.jpg object is set to private, you must add signature information to the object URL. Example: https://examplebucket.oss-accelerate.aliyuncs.com/myphoto.jpg?OSSAccessKeyId=nz2pc56s936****&Expires=1141889120&Signature=vjbyPxybdZaNmGa%2ByT272YEAiv****. For more information about how to add signatures to an object URL, see Add signatures to a URL.

For more information about transfer acceleration, see Transfer acceleration.

Use an endpoint that supports IPv6 to access OSS

Internet Protocol version 6 (IPv6) is the latest version of the Internet Protocol developed by the Internet Engineering Task Force (IETF) to replace Internet Protocol version 4 (IPv4). IPv6 can provide sufficient IP addresses to meet future requirements. You can access OSS by using dual-stack endpoints that support both IPv4 and IPv6.

You can use a dual-stack endpoint to access your bucket by using both IPv4 and IPv6 from your client. Your DNS server resolves the endpoint and returns the OSS server address to you based on the protocol that you use. For example, the endpoint of the China (Hangzhou) region is cn-hangzhou.oss.aliyuncs.com. If you have a bucket named myiotdata in this region, you can use the same endpoint https://myiotdata.cn-hangzhou.oss.aliyuncs.com to access the bucket by using both IPv4 and IPv6 from your client.

Notice ECS instances that use virtual private cloud (VPC) networks or classic networks cannot use a dual-stack endpoint to access OSS.
You can use the following endpoints to access OSS over IPv6:
  • China (Beijing): https://cn-beijing.oss.aliyuncs.com
  • China (Shanghai): https://cn-shanghai.oss.aliyuncs.com
  • China (Hangzhou): https://cn-hangzhou.oss.aliyuncs.com
  • China (Shenzhen): https://cn-shenzhen.oss.aliyuncs.com
  • China (Hong Kong): https://cn-hongkong.oss.aliyuncs.com
  • China (Hohhot): https://cn-huhehaote.oss.aliyuncs.com
  • China East 1 Finance: https://cn-hangzhou-finance.oss.aliyuncs.com
  • China East 2 Finance: https://cn-shanghai-finance.oss.aliyuncs.com
  • China South 1 Finance: https://cn-shenzhen-finance.oss.aliyuncs.com