Container Registry supports custom domain names. This feature allows you to configure a custom domain name with an SSL certificate for a Container Registry Enterprise Edition instance. Then, you can use the custom domain name to access the instance based on the HTTPS protocol. This topic describes how to use a custom domain name to access a Container Registry Enterprise Edition instance.

Prerequisites

  • A domain name with an Internet Content Provider (ICP) filing is obtained.
    A domain name consists of a series of labels that are separated by periods (.). You can identify the location of a Container Registry Enterprise Edition instance based on its domain name. You can register a domain name in the Alibaba Cloud Domains console. For more information, see What is Domains?.
    Note If the Container Registry Enterprise Edition instance for which you want to configure a domain name is deployed outside China, you do not need to obtain an ICP filing for the domain name.
  • An SSL certificate is obtained.

    SSL certificates comply with the HTTPS protocol. If a Container Registry Enterprise Edition instance uses a domain name that has an SSL certificate, you can enable HTTPS authentication and encryption for the instance. This secures data transmission.

    SSL Certificates Service provides digital server certificates that are issued by certification authorities (CAs) both inside and outside China on the Alibaba Cloud platform. SSL Certificates Service helps you transform your services from HTTP to HTTPS at the minimum cost. You can purchase or upload an SSL certificate in the SSL Certificates Service console. For more information, see Purchase an SSL Certificates Service instance.

    Note If you want to use an SSL certificate that is purchased from and signed by a third-party certificate service provider, you must upload the SSL certificate to SSL Certificates Service. For more information, see Upload certificates.
  • Alibaba Cloud DNS is activated.

    Alibaba Cloud DNS can resolve a custom domain name to the IP addresses of the Container Registry Enterprise Edition instance. Then, requests can be routed to the Container Registry Enterprise Edition instance. For more information, see Activate Alibaba Cloud DNS PrivateZone.

  • A RAM role that has permissions on SSL certificates is configured.

    Before you use a custom domain name, create a RAM role for your Alibaba Cloud account and grant the RAM role permissions to access SSL certificates. This allows Container Registry to access SSL certificates. For more information, see Grant permissions to a RAM role before you use a custom domain name.

Add a custom domain name

A Container Registry Enterprise Edition instance supports default and custom domain names.
  • Each instance provides two default domain names: a public domain name and a private domain name.
  • You can add custom domain names for an instance.
  1. Log on to the Container Registry console.
  2. In the top navigation bar, select a region.
  3. In the left-side navigation pane, click Instances.
  4. On the Instances page, click the required Container Registry Enterprise Edition instance.
  5. In the left-side navigation pane, choose Repository > Domain.
  6. On the page that appears, click Add Domain Name.
  7. In the Add Domain Name dialog box, set the Domain Name and Certificate ID parameters. Then, click Confirm.
    Note To delete a domain name, find the domain name on the Domain page and click Delete in the Actions column. In the message that appears, click OK.

Configure access control and Alibaba Cloud DNS

Access over the Internet

After you configure access over the Internet and add the custom domain name in Alibaba Cloud DNS, you can use the custom domain name to access your Container Registry Enterprise Edition instance over the Internet.

  1. Configure access over the Internet. For more information, see Configure access over the Internet.
  2. Log on to the Alibaba Cloud DNS console.
  3. In the left-side navigation pane, click Manage DNS.
  4. On the Authority Domains tab, click Add Domain Name. In the Add Domain Name dialog box, enter the custom domain name and click OK.
  5. On the Domains tab, find the domain name that you want to manage, and click Configure in the Actions column.
  6. On the DNS Settings page, click Add Record.
  7. In the Add Record panel, configure the parameters and click Confirm.
    Parameter Description
    Record Type Select CNAME from the drop-down list.
    Host Enter the custom domain name.
    ISP Line In this example, select Default.
    Value Enter the default public domain name.
    TTL The amount of time that the record is cached. A smaller value indicates a higher speed at which the record takes effect. The default time is 10 minutes.
    After you add a record, you can use the custom domain name to access your Container Registry Enterprise Edition instance over the Internet.

Access over a VPC

After you configure access over a virtual private cloud (VPC) and PrivateZone, you can use the custom domain name to access your Container Registry Enterprise Edition instance over a VPC.

  1. Configure access over a VPC. For more information, see Configure access over VPCs.
  2. Log on to the Alibaba Cloud DNS console.
  3. In the left-side navigation pane, click PrivateZone.
  4. On the Hosted Zones tab, click Add Zone.
  5. In the Add PrivateZone dialog box, enter the custom domain name in the Zone Name field. For example, you can enter www.example.com. Then, select Subdomain recursive resolution proxy and click OK.
  6. On the Hosted Zones tab, find the private zone that you want to manage, and click Configure in the Actions column.
  7. On the Resolution Settings page, click Add Record.
  8. In the Add Record dialog box, configure the parameters and click OK.
    Parameter Description
    Record Type Select CNAME from the drop-down list.
    Resource Records Set the parameter to @.
    Record Value Enter the default private domain name.
    TTL Value Retain the default value.
    On the Resolution Settings tab, you can view the newly added record.
  9. Return to the PrivateZone page. On the Hosted Zones tab, find the private zone that you want to manage, and click Bind VPC in the Actions column.
  10. In the Bind VPC message, click Continue to associate VPC. In the Bind VPC panel, select the VPC that is configured in Step 1. Then, click Confirm.
    On the Hosted Zones tab, the value in the Bind VPC Status column of the zone changes to Bind. Then, you can use the custom domain name to access your Container Registry Enterprise Edition instance over the VPC.