You can use Alibaba Cloud CDN to accelerate the retrieval of static resources from an Object Storage Service (OSS) bucket. This topic describes how to accelerate the retrieval of resources from an OSS bucket in the Alibaba Cloud CDN console and the use scenarios of Alibaba Cloud CDN.
- All requests destined for the origin server are redirected to CDN edge nodes to reduce loads on the origin server.
- You are charged for outbound data transfer from Alibaba Cloud CDN instead of outbound data transfer over the Internet from OSS. Outbound data transfer from Alibaba Cloud CDN is billed at a lower price.
- Clients retrieve static resources from the nearest CDN edge nodes to minimize the network transmission distance and ensure the quality of data transmission.
If the origin server is an OSS bucket, Alibaba Cloud CDN caches the static resources, including scripts, images, audio files, and video files, from the bucket to CDN edge nodes. When users request the resources, the edge nodes return the requested resources to the users. This accelerates content delivery.
The website image.example.com requires acceleration for image retrieval from an OSS bucket. The following table describes the business information and requirements.
|Domain name||The domain name that is accelerated by Alibaba Cloud CDN.||image.example.com|
|Business type||Determine the business type based on the website content.
If the website distributes images, set the business type to Image and Small File.
|Image and Small File|
|Accelerated region||The region where the website visitors are located.||Mainland China Only|
|Origin server domain name||You can select an OSS bucket that belongs to the current Alibaba Cloud account, or enter the public endpoint of an OSS bucket.||***.oss-cn-hangzhou.aliyuncs.com|
|Other features||Enable other features based on your business requirements.||
The following procedure shows how to use Alibaba Cloud CDN to accelerate content delivery for a website. The preceding scenario is used as an example.
Step 1: Make preparations
- An Alibaba Cloud account is created and the account has passed real-name verification.
- Alibaba Cloud CDN and OSS are activated. For more information, see Activate Alibaba Cloud CDN and Activate OSS.
- An OSS bucket is created and set to private. For more information, see Create buckets and Modify the ACL of a bucket.
Note Private OSS buckets do not allow unauthorized access and prevent hotlinking issues.
- A domain name to be accelerated is prepared.
Step 2: Add the domain name to be accelerated
- Log on to the Alibaba Cloud CDN console.
- In the left-side navigation pane, click Domain Names, click Add Domain Name, and then set the following parameters. The scenario described in Use scenarios is used as an example. Note
- The first time a domain name is added to Alibaba Cloud CDN, Alibaba Cloud CDN must verify the ownership of the domain name. Alibaba Cloud CDN verifies the ownership only of the root domain name. For more information, see Verify the ownership of a domain name. If the root domain name has already passed ownership verification, ignore this message.
- For more information about the parameters and usage notes, see Step 1: Complete basic settings and specify business information.
- Domain Name to Accelerate: Enter
- Business Type: Select Image and Small File.
- Region: Select Mainland China Only.
- Click Add Origin Server to add an origin server. Set Origin Info to OSS Domain and select an OSS bucket that belongs to the current account from the Domain Name drop-down list. Keep the default values for other parameters.
***.oss-cn-hangzhou.aliyuncs.comis used in this example.
- After you set up origin servers, click Next.
- Wait for manual verification. Note If the domain name does not need to be manually verified, proceed to the next step. In the next step, you can set the parameters based on your business requirements.
It takes one to two business days to complete the verification. If you require prioritized verification, Submit a ticket.
After the domain name passes the verification, the status of the domain name changes to Enabled. In this case, the domain name is added to Alibaba Cloud CDN.
- When the value in the Status column changes to Enabled, the CNAME assigned to the domain name is displayed. The
CNAME for the domain name used in this example is
Step 3: Configure the domain name
To improve acceleration performance, secure data transmission, and accelerate content delivery, you can enable relevant features based on your business requirements.
- In the Alibaba Cloud CDN console, navigate to the Domain Names page, find the domain name that you want to manage, and then click Manage.
- Enable the following features based on your business requirements.
Scenario Description Parameter Increase the cache hit ratioSet a proper time-to-live (TTL) value for cached resources based on the following rules to increase the cache hit ratio:
- Specify a TTL of one month or longer for static files that are infrequently updated, such as images and application packages.
- Specify a TTL of 0 seconds to disable caching for dynamic files, such as PHP, JSP, and ASP files.
Add a cache rule Specify a site to which edge nodes redirect requests By default, the address of the host is the endpoint of the OSS bucket. The endpoint of the OSS bucket in this example is
If the OSS bucket is associated with a custom domain name, such as
origin.developer.aliyundoc.com, you must set the Domain Type to Custom Domain, and set the origin host to
origin.developer.aliyundoc.com. For more information, see Configure an origin host.
Configure an origin host Protect OSS buckets from unauthorized access
By default, OSS buckets are accessible over the Internet. If you want to protect OSS buckets from unauthorized access, you can set the OSS buckets to private and enable access control. This way, Alibaba Cloud CDN has permissions to redirect requests only to OSS buckets that belong to the same account as Alibaba Cloud CDN.
Grant Alibaba Cloud CDN access permissions on private OSS bucketsNote Before you perform this operation, set the OSS buckets to private, which allows only authorized access. For more information, see Modify the ACL of a bucket. Accelerate file distribution on CDN edge nodes After object chunking is enabled, the OSS bucket that functions as the origin server returns the chunk of file that is specified by the Range header to edge nodes. This reduces data transfer on the origin server and accelerates content delivery.Note Object chunking is suitable for large file distribution scenarios such as audio and video streaming. It is not suitable for small file distribution. You do not need to enable object chunking when you use Alibaba Cloud CDN to accelerate the delivery of images. Object chunking
- Increase the cache hit ratio
- Increase file distribution efficiency
After parameter filtering is enabled, CDN edge nodes remove parameters that follow the question (
?) from request URLs. This way, requests that carry different query strings but for the same resource can hit cache. This increases the cache hit ratio and reduces back-to-origin traffic.
Ignore parameters Protect websites from hotlinking issues After you configure a Referer whitelist or blacklist, Alibaba Cloud CDN allows or blocks requests based on user identities. If a request is authorized, Alibaba Cloud CDN returns the URL of the requested resource. If a request is not authorized, Alibaba Cloud CDN returns the HTTP 403 status code. Configure a Referer whitelist or blacklist to enable hotlink protection Protect a website from hotlinking and IP theft URL signing cannot be performed without the origin server. The origin server generates signed URLs based on the URL signing settings on the CDN edge nodes. After URL signing is enabled, only requests that pass authentication can access resources on CDN edge nodes. Configure URL signing
Step 4: Add a CNAME record
You must add a CNAME record in the system of your DNS service provider to map the domain name to the CNAME before requests can be redirected to edge nodes. Otherwise, CDN acceleration cannot take effect.
- Log on to the Alibaba Cloud DNS console with the Alibaba Cloud account to which the accelerated domain name belongs.
- Navigate to the Manage DNS page, find the root domain name of the accelerated domain name that you want to manage, and then click Configure in the Actions column.
- Click Add Record and add a CNAME record.
- Type: Select CNAME.
- Host: Enter
- Value: Enter the CNAME that is assigned to the accelerated domain name.
image.example.com.w.kunlunsl.comis used in this example.
- Keep the default values for other parameters.
- Optional:Check whether the CNAME record has taken effect.
Method 1: Quick verification in the Alibaba Cloud CDN console
- Log on to the Alibaba Cloud CDN console and navigate to the Domain Names page.
- Select the domain name and move the pointer over the CNAME Status column. The CNAME Configuration Guide tooltip appears.
- Click Open Configuration Guide and then click Search.
Method 2: Run the ping command to ping the domain name
- Open Command Prompt in Windows.
- Run the ping command to ping the domain name. If the CNAME in the output is the same as the CNAME that is assigned to the domain name, it indicates that CDN acceleration is enabled for the domain name.
What to do next
- Concatenate the accelerated domain name and file path, and then enter the concatenated
URL into a web browser. For example, if the accelerated domain name is
aliyundoc.comand you want to access the file image_01.jpg under the root directory, you can send a request to
- Set the domain name of the OSS bucket to the accelerated domain name in your client. Then, you can access resources in the OSS bucket through the accelerated domain name from your client.