Access an Enterprise Edition instance by using a custom domain name - Container Registry

Container Registry (ACR) supports custom domain names. This feature lets you add a custom domain name and a corresponding SSL certificate to a Container Registry Enterprise Edition instance. You can then use the custom domain name to access the instance over HTTPS.

Prerequisites

You have a domain name that has an Internet Content Provider (ICP) filing.
A domain name consists of a series of labels separated by periods (.). It identifies the location of a Container Registry Enterprise Edition instance during data transfer. You can register a domain name using the Domain Names service. For more information, see What is Domain Names?.
Note
If your Container Registry Enterprise Edition instance is in a region that does not require ICP filings, you do not need to obtain an ICP filing for your domain name.
You have an SSL certificate.
SSL certificates comply with the HTTPS protocol. They provide transport-layer encryption and identity authentication for a Container Registry Enterprise Edition instance over HTTPS to ensure secure data transmission.
Alibaba Cloud partners with multiple digital certificate authorities in and outside China to provide SSL certificates. This lets you switch your services from HTTP to HTTPS at a minimal cost. You can purchase or upload a certificate in the SSL Certificate Service console. For more information, see Purchase a commercial SSL certificate.
Note
- If you obtained an SSL certificate from a third-party certificate authority before you started to use SSL Certificate Service, you must upload the certificate to SSL Certificate Service. For more information, see Upload, synchronize, and share an SSL certificate.
- Domain name certificates support TLS 1.1 and TLS 1.2.
Alibaba Cloud DNS is activated.
Alibaba Cloud DNS routes requests for a custom domain name to the corresponding IP addresses of a Container Registry Enterprise Edition instance. For more information, see Activate Alibaba Cloud DNS PrivateZone.
You have configured Resource Access Management (RAM) access control to use a custom domain name.
When you use a custom domain name, you must create a RAM role for your account and grant the RAM role permissions to manage SSL certificates. This allows Container Registry to access the SSL certificates. For more information, see Configure RAM access control for using a custom domain name.

Create a custom domain name

A Container Registry Enterprise Edition instance has the following two types of domain names:

Default domain names: Each instance has two default domain names: a public domain name and a VPC domain name.
Custom domain names: Domain names that you add.

Log on to the Container Registry console.
In the top navigation bar, select a region.
On the Instances page, click the Enterprise Edition instance that you want to manage.
In the navigation pane on the left, choose Repository > Domain.
On the Domain Name Management page, click Add Domain Name.
In the Add Domain Name dialog box, select a Domain Name and a Certificate ID, and then click Confirm.

Configure access control and DNS resolution

Public Access

Configure public access control. For more information, see Configure public access control.
Log on to the Alibaba Cloud DNS console.
In the navigation pane on the left, click Public Zone.
On the Public Zone page, click Add Zone. In the Add Zone dialog box, enter your custom domain name and click OK.
On the Public Zone page, find the domain name that you want to manage and click DNS Settings in the Actions column.
On the DNS Settings page, click Add Record.

In the Add Record dialog box, set the parameters and click OK.

Parameter	Configuration
Record Type	Select CNAME.
Hostname	Set to the custom domain name.
Resolution Request Source	The region and carrier network of the visitor. In this example, Default is used.
Record Value	Set to the default public domain name.
TTL	The cache time. The smaller the value, the faster the record modification takes effect globally. The default value is 10 minutes.

After the DNS record is added, you can use the custom domain name to access the Container Registry Enterprise Edition instance over the Internet.

VPC Access

Configure VPC access control. For more information, see Configure VPC access control.
Log on to the Alibaba Cloud DNS console.
In the navigation pane on the left, click Private Zone.
On the Authoritative Zone tab, click Add Zone.
In the Add Authoritative Zone dialog box, enter the custom domain name, such as www.example.com, in the Authoritative Zone text box, select Recursive Resolution Proxy for Subdomain Names, and click OK.
On the Authoritative Zone tab, find the target zone and click DNS Settings in the Actions column.
On the DNS Records tab, click Add Record.
In the Add Record dialog box, set the parameters and click OK.
Parameter
Configuration
Record Type
Select CNAME.
Hostname
Set to @.
Record Value
The default domain name of the VPC.
TTL Value
Use the default value.
On the DNS Records tab, you can view the new host record.
Go back to the Private Zone (Compatible with on-premises DNS) page. On the Authoritative Zone tab, find the target zone and click Scope Settings in the Actions column.
In the Scope Settings panel, in the Effective In Alibaba Cloud VPCs section, select the VPC from Step 1. Then, click OK.
On the Authoritative Zone tab, after data is displayed in the Scope column for the new zone, you can use the custom domain name to access the Container Registry Enterprise Edition instance from the associated VPC.

Parameter	Configuration
Record Type	Select CNAME.
Hostname	Set to @.
Record Value	The default domain name of the VPC.
TTL Value	Use the default value.