All Products
Search

This Product

    Container Registry:Use a custom domain name to access a Container Registry Enterprise Edition instance

    Document Center

    Container Registry:Use a custom domain name to access a Container Registry Enterprise Edition instance

    Last Updated:Mar 26, 2026

    By default, Container Registry Enterprise Edition instances are accessible only through Alibaba Cloud-assigned domain names. Adding a custom domain name with an SSL certificate lets you access your instance over HTTPS using a domain you control, which is required for internal branding policies or integration with existing infrastructure.

    Prerequisites

    Before you begin, ensure that you have:

    • An SSL certificate uploaded to SSL Certificate Service. The certificate secures HTTPS access using transport-layer encryption and identity authentication. Domain name certificates support TLS 1.1 and TLS 1.2. To purchase or upload a certificate, see Purchase a commercial SSL certificate. If you obtained a certificate from a third-party certificate authority before using SSL Certificate Service, upload it first — see Upload, synchronize, and share an SSL certificate

    • Alibaba Cloud DNS activated. DNS routes requests for your custom domain name to the instance's IP addresses. See Activate Alibaba Cloud DNS PrivateZone

      Alibaba Cloud DNS routes requests for a custom domain name to the corresponding IP addresses of a Container Registry Enterprise Edition instance. For more information, see Activate Alibaba Cloud DNS PrivateZone.

    • RAM access control configured for custom domain names. Create a Resource Access Management (RAM) role and grant it permissions to manage SSL certificates so Container Registry can access the certificate on your behalf. See Configure RAM access control for using a custom domain name

    Add a custom domain name

    Each Container Registry Enterprise Edition instance has two default domain names: a public domain name and a VPC domain name. Custom domain names are additional domain names you configure.

      Alibaba Cloud DNS routes requests for a custom domain name to the corresponding IP addresses of a Container Registry Enterprise Edition instance. For more information, see Activate Alibaba Cloud DNS PrivateZone.

    1. Log on to the Container Registry console.

    2. Log on to the Container Registry console.

    3. In the top navigation bar, select the region where your instance is located.

    4. On the Instances page, click the Enterprise Edition instance you want to manage.

    5. In the left navigation pane, choose Repository > Domain.

    6. On the Domain Name Management page, click Add Domain Name.

    7. In the Add Domain Name dialog box, select a Domain Name and a Certificate ID, then click Confirm.

    Configure DNS resolution

    After adding the custom domain name, configure DNS resolution to point the domain to your instance. Choose the access type that matches how clients connect to your instance.

    DNS record reference

    Access typeRecord typeHostnameRecord valueTTL
    Public accessCNAMEYour custom domain nameDefault public domain name of the instance10 minutes (default)
    VPC accessCNAME@Default VPC domain name of the instanceDefault

    Set up public access

    1. Configure public access control for your instance. See Configure public access control.

    2. Log on to the Alibaba Cloud DNS console.

    3. In the left navigation pane, click Public Zone.

    4. On the Public Zone page, click Add Zone. In the Add Zone dialog box, enter your custom domain name and click OK.

    5. Find the domain name you added and click DNS Settings in the Actions column.

    6. On the DNS Settings page, click Add Record.

    7. In the Add Record dialog box, set the following parameters:

      ParameterValue
      Record typeCNAME
      HostnameYour custom domain name
      Resolution request sourceDefault
      Record valueDefault public domain name of your instance
      TTL10 minutes (default)

    8. Click OK.

    Once the record propagates, you can access your instance using the custom domain name over the Internet.

    Set up VPC access

    1. Configure VPC access control for your instance. See Configure VPC access control.

    2. Log on to the Alibaba Cloud DNS console.

    3. In the left navigation pane, click Private Zone.

    4. On the Authoritative Zone tab, click Add Zone.

    5. In the Add Authoritative Zone dialog box:

      • Enter your custom domain name (for example, www.example.com) in the Authoritative Zone field.

      • Select Recursive Resolution Proxy for Subdomain Names.

      • Click OK.

    6. On the Authoritative Zone tab, find the zone you created and click DNS Settings in the Actions column.

    7. On the DNS Records tab, click Add Record.

    8. In the Add Record dialog box, set the following parameters:

      ParameterValue
      Record typeCNAME
      Hostname@
      Record valueDefault VPC domain name of your instance
      TTL valueDefault

    9. Click OK.

    10. Go back to the Private Zone (Compatible with on-premises DNS) page. On the Authoritative Zone tab, find the zone and click Scope Settings in the Actions column.

    11. In the Scope Settings panel, under Effective In Alibaba Cloud VPCs, select the VPC you configured in step 1 and click OK.

    After the Scope column shows data for the zone, you can access your instance using the custom domain name from within the associated VPC.