After uploading an object to a bucket, you can obtain an object address including two parts: an OSS domain name address (<BucketName>.<Endpoint>) and an object file name. To avoid possible cross-origin or security problems in your business, we recommend that you access OSS using a user-defined domain name. After the domain name is successfully bound, you also need to add a CNAME record pointing to the Internet domain name of the bucket to guarantee proper domain name-based access to the OSS.
Note:
- You must apply for an ICP license for your bound domain name. Otherwise, the domain name is not accessible.
- Each bucket can be bound with a maximum of 20 domain names.
After a user-defined domain name is successfully bound, access addresses of the files stored in your OSS uses the user-defined domain name. For example, if your bucket test-1-001 is located at the Hangzhou node, the object file name is test001.jpg, and the bound user-defined domain name is hello-world.com, then the access address of this object is as follows:
- Before binding: test-1-001.oss-cn-hangzhou.aliyuncs.com/test001.jpg
- After successful binding: hello-world.com/test001.jpg
Bind a domain name
Go to the OSS console.
On the left-side navigation pane, select a bucket from the bucket list to open the bucket overview page.
Click the Domain Names tab.
Click Bind User Domain to open the Bind User Domain dialog box.
Bind your domain.
- In the User Domain textbox, enter your domain name.
- If you need CDN acceleration, open the Alibaba Cloud CDN switch. For more information, see CDN-based OSS acceleration.
- If you want to add a CNAME record automatically, open the Add CNAME Record Automatically switch.
Note: If the domain name has completed cloud resolution under another Alibaba Cloud account, then a CNAME record cannot be automatically added for this domain name under your account. In this case, you must add a CNAME record manually. For more information, see the Procedure for domain name resolution section.
Click Submit.
Note: If the domain name you want to bind has been maliciously bound by another user, the system message Domain name conflict is displayed. You can verify the ownership of the domain name by adding a TXT record. In this way, the domain name can be forcibly bound to the correct bucket and its binding to the previous bucket is released. For detailed procedure, see the Procedure for verifying domain name ownership section.
Upload an HTTPS certificate
If you want your domain to access OSS through HTTPS, you must purchase an HTTPS certificate. You can purchase an HTTPS certificate from any certificate provider or from Alibaba Cloud Certificates Service (see Certificate Service Quick Start), and upload your certificate on the OSS console.
If Alibaba Cloud CDN is not enabled for OSS, you can upload your certificate on the OSS console:
- On the Domain Names tab page, click Upload Cert under Action。
- On the Upload Cert page, enter your public key and private key, and then click Upload.
If Alibaba Cloud CDN is enabled for OSS, you must upload your certificate on the CDN console. For more information, see HTTPS Security Acceleration.
Procedure for verifying domain name ownership
Click Obtain TXT. The system generates a TXT record based on your information.
Log on to your DNS provider and add the corresponding TXT record.
In the OSS console, click I have added the TXT verification file. Continue submission. If the system detects that the TXT record value for this domain name is as expected, the domain name ownership passes verification.
Procedure for domain name resolution
- Go to the Alibaba Cloud console.
- From the left-side navigation pane, click Alibaba Cloud DNS to enter the domain name resolution list page.
- Click the Configure link corresponding to the target domain name.
- Click Add Record.
- In the Add Record dialog box, select CNAME from the Type drop-down box, , and enter the Internet domain name of the bucket in the Value text box.
- Click Confirm.