You can use Alibaba Cloud CDN to accelerate the retrieval of static resources from an Object Storage Service (OSS) bucket. This topic describes how to accelerate the retrieval of resources from an OSS bucket in the Alibaba Cloud CDN console and the use scenarios of Alibaba Cloud CDN.

Benefits

OSS is a cost-effective storage service. Alibaba Cloud CDN can accelerate the delivery of static resources. OSS buckets as origin servers provide the following benefits:
  • All requests destined for the origin server are redirected to CDN edge nodes to reduce loads on the origin server.
  • You are charged for outbound data transfer from Alibaba Cloud CDN instead of outbound data transfer over the Internet from OSS. Outbound data transfer from Alibaba Cloud CDN is billed at a lower price.
  • Clients retrieve static resources from the nearest CDN edge nodes to minimize the network transmission distance and ensure the quality of data transmission.

Architecture

If the origin server is an OSS bucket, Alibaba Cloud CDN caches the static resources, including scripts, images, audio files, and video files, from the bucket to CDN edge nodes. When users request the resources, the edge nodes return the requested resources to the users. This accelerates content delivery.

The following figure shows the architecture.Architecture

Use scenarios

The website image.example.com requires acceleration for image retrieval from an OSS bucket. The following table describes the business information and requirements.

Item Description Scenario
Domain name The domain name that is accelerated by Alibaba Cloud CDN. image.example.com
Business type Determine the business type based on the website content.

If the website distributes images, set the business type to Image and Small File.

Image and Small File
Accelerated region The region where the website visitors are located. Mainland China Only
Origin server domain name You can select an OSS bucket that belongs to the current Alibaba Cloud account, or enter the public endpoint of an OSS bucket. ***.oss-cn-hangzhou.aliyuncs.com
Other features Enable other features based on your business requirements.
  • Increase cache hit ratios by adding cache rules.
  • Specify domain names for back-to-origin routing by configuring origin hosts.
  • Protect OSS buckets from unauthorized access by enabling access control on private OSS buckets.
  • Accelerate delivery for specific resources by enabling object chunking.
  • Increase the cache hit ratio and accelerate file distribution by enabling parameter filtering.
  • Protect CDN edge nodes from hotlinking by configuring Referer whitelists or blacklists.
  • Protect websites from hotlinking issues and IP theft by enabling URL signing.

Procedure

The following procedure shows how to use Alibaba Cloud CDN to accelerate content delivery for a website. The preceding scenario is used as an example.

Diagram

Step 1: Make preparations

Step 2: Add the domain name to be accelerated

  1. Log on to the Alibaba Cloud CDN console.
  2. In the left-side navigation pane, click Domain Names, click Add Domain Name, and then set the following parameters. The scenario described in Use scenarios is used as an example.
    Note
    • Domain Name to Accelerate: Enter image.example.com.
    • Business Type: Select Image and Small File.
    • Region: Select Mainland China Only.
    intl
  3. Click Add Origin Server to add an origin server.
    Set Origin Info to OSS Domain and select an OSS bucket that belongs to the current account from the Domain Name drop-down list. Keep the default values for other parameters. ***.oss-cn-hangzhou.aliyuncs.com is used in this example.
    Note
    • Internal endpoints of OSS buckets are not supported.
    • You can check the public endpoint of an OSS bucket in the OSS console.
    • For more information about the parameters and usage notes, see Set up origin servers.
    Configure an origin server
  4. After you set up origin servers, click Next.
  5. Wait for manual verification.
    Note If the domain name does not need to be manually verified, proceed to the next step. In the next step, you can set the parameters based on your business requirements.

    It takes one to two business days to complete the verification. If you require prioritized verification, Submit a ticket.

    After the domain name passes the verification, the status of the domain name changes to Enabled. In this case, the domain name is added to Alibaba Cloud CDN.

  6. When the value in the Status column changes to Enabled, the CNAME assigned to the domain name is displayed. The CNAME for the domain name used in this example is image.example.com.w.kunlunsl.com.

Step 3: Configure the domain name

To improve acceleration performance, secure data transmission, and accelerate content delivery, you can enable relevant features based on your business requirements.

  1. In the Alibaba Cloud CDN console, navigate to the Domain Names page, find the domain name that you want to manage, and then click Manage.
  2. Enable the following features based on your business requirements.
    Scenario Description Parameter
    Increase the cache hit ratio
    Set a proper time-to-live (TTL) value for cached resources based on the following rules to increase the cache hit ratio:
    • Specify a TTL of one month or longer for static files that are infrequently updated, such as images and application packages.
    • Specify a TTL based on your business requirements for static files that are frequently updated, such as JavaScript and CSS files.
    • Specify a TTL of 0 seconds to disable caching for dynamic files, such as PHP, JSP, and ASP files.
    Add a cache rule
    Specify a site to which edge nodes redirect requests By default, the address of the host is the endpoint of the OSS bucket. The endpoint of the OSS bucket in this example is ***.oss-cn-hangzhou.aliyuncs.com.

    If the OSS bucket is associated with a custom domain name, such as origin.developer.aliyundoc.com, you must set the Domain Type to Custom Domain, and set the origin host to origin.developer.aliyundoc.com. For more information, see Configure an origin host.

    Configure an origin host
    Protect OSS buckets from unauthorized access

    By default, OSS buckets are accessible over the Internet. If you want to protect OSS buckets from unauthorized access, you can set the OSS buckets to private and enable access control. This way, Alibaba Cloud CDN has permissions to redirect requests only to OSS buckets that belong to the same account as Alibaba Cloud CDN.

    Grant Alibaba Cloud CDN access permissions on private OSS buckets
    Note Before you perform this operation, set the OSS buckets to private, which allows only authorized access. For more information, see Modify the ACL of a bucket.
    Accelerate file distribution on CDN edge nodes After object chunking is enabled, the OSS bucket that functions as the origin server returns the chunk of file that is specified by the Range header to edge nodes. This reduces data transfer on the origin server and accelerates content delivery.
    Note Object chunking is suitable for large file distribution scenarios such as audio and video streaming. It is not suitable for small file distribution. You do not need to enable object chunking when you use Alibaba Cloud CDN to accelerate the delivery of images.
    Object chunking
    • Increase the cache hit ratio
    • Increase file distribution efficiency
    After parameter filtering is enabled, CDN edge nodes remove parameters that follow the question (?) from request URLs. This way, requests that carry different query strings but for the same resource can hit cache. This increases the cache hit ratio and reduces back-to-origin traffic. Ignore parameters
    Protect websites from hotlinking issues After you configure a Referer whitelist or blacklist, Alibaba Cloud CDN allows or blocks requests based on user identities. If a request is authorized, Alibaba Cloud CDN returns the URL of the requested resource. If a request is not authorized, Alibaba Cloud CDN returns the HTTP 403 status code. Configure a Referer whitelist or blacklist to enable hotlink protection
    Protect a website from hotlinking and IP theft URL signing cannot be performed without the origin server. The origin server generates signed URLs based on the URL signing settings on the CDN edge nodes. After URL signing is enabled, only requests that pass authentication can access resources on CDN edge nodes. Configure URL signing

Step 4: Add a CNAME record

You must add a CNAME record in the system of your DNS service provider to map the domain name to the CNAME before requests can be redirected to edge nodes. Otherwise, CDN acceleration cannot take effect.

In the following example, Alibaba Cloud DNS is used to show how to add a CNAME record.
Note For more information, see Add a CNAME record for a domain name.
  1. Log on to the Alibaba Cloud DNS console with the Alibaba Cloud account to which the accelerated domain name belongs.
  2. Navigate to the Manage DNS page, find the root domain name of the accelerated domain name that you want to manage, and then click Configure in the Actions column.
  3. Click Add Record and add a CNAME record.
    • Type: Select CNAME.
    • Host: Enter image
    • Value: Enter the CNAME that is assigned to the accelerated domain name. image.example.com.w.kunlunsl.com is used in this example.
    • Keep the default values for other parameters.
  4. Optional:Check whether the CNAME record has taken effect.

    Method 1: Quick verification in the Alibaba Cloud CDN console

    1. Log on to the Alibaba Cloud CDN console and navigate to the Domain Names page.
    2. Select the domain name and move the pointer over the CNAME Status column. The CNAME Configuration Guide tooltip appears.
    3. Click Open Configuration Guide and then click Search.

    Method 2: Run the ping command to ping the domain name

    1. Open Command Prompt in Windows.
    2. Run the ping command to ping the domain name. If the CNAME in the output is the same as the CNAME that is assigned to the domain name, it indicates that CDN acceleration is enabled for the domain name. Check whether the CNAME record takes effect

What to do next

After you set the OSS bucket to private, requests that are sent to the endpoint of the OSS bucket trigger the AccessDenied error. After the CNAME record takes effect, you can access resources in the OSS bucket by using the following methods:
  • Concatenate the accelerated domain name and file path, and then enter the concatenated URL into a web browser. For example, if the accelerated domain name is aliyundoc.com and you want to access the file image_01.jpg under the root directory, you can send a request to http://aliyundoc.com/image_01.jpg.
  • Set the domain name of the OSS bucket to the accelerated domain name in your client. Then, you can access resources in the OSS bucket through the accelerated domain name from your client.

References

Use CDN to accelerate access to OSS