Cloud-native API Gateway supports multiple domain names with independent protocol, certificate, and route configurations. Wildcard domains are also supported. For example, *.hello.com matches 1.hello.com and 2.hello.com.
Prerequisites
Complete the ICP filing for the domain names.
China region domains require an ICP filing with Alibaba Cloud or an existing filing transferred to Alibaba Cloud. Domains outside China do not require ICP filing.
Procedure
Log on to the API Gateway console.
In the left-side navigation pane, click Domain Name. In the top navigation bar, select a region.
-
Click Add Domain Name. In the Add Domain Name panel, configure the following parameters and click OK.
Parameter
Description
Domain Name
Enter a domain name such as
hello.com, or a wildcard domain name such as*.hello.com. Each domain name has independent protocol, certificate, and routing configurations.Important*.hello.comcan match domain names such asa.hello.com,b.hello.com, anda.b.hello.com. However, a certificate for*.hello.comcan be used only fora.hello.comandb.hello.com, not fora.b.hello.com.Select HTTP or HTTPS. Supported ports:
-
HTTP: Port 80 is supported.
-
HTTPS: Port 443 is supported.
Select the HTTPS protocol.
Certificate
Select an SSL certificate from Certificate Management Service to associate with the HTTPS protocol.
NoteIf you have not purchased or uploaded an SSL certificate, click Purchase/Upload Certificate to go to the Certificate Management Service console. Purchase an SSL certificate.
Always Use HTTPS
When enabled, only the HTTPS port is active. HTTP port access is denied and all requests redirect to HTTPS.
Enable HTTP/2?
The gateway uses ALPN during the TLS handshake to negotiate HTTP/2.
-
Use gateway instance configuration: Determines whether to use HTTP/2 for the current domain name based on the value of the
EnableHttp2parameter. The setting changes dynamically with theEnableHttp2parameter. -
Enable: Uses HTTP/2 after a successful TLS handshake.
-
Disable: Does not use HTTP/2 after a successful TLS handshake.
NoteFor HTTP, the gateway automatically upgrades to HTTP/2 through the HTTP Upgrade mechanism based on client requests. Configure this setting only for HTTPS.
TLS Version
Set the allowed TLS version range for this domain name.
-
Minimum TLS version: Default is 1.0.
-
Maximum TLS version: Default is 1.3.
Select HTTP for the protocol.
resource
Select a resource group. To create one, click Create Resource Group.
-
Verify the results
After you configure a route for the domain name, verify that the domain resolves correctly.
-
If public DNS resolution is active, verify access directly in a browser.
-
If DNS resolution is not configured, use the following commands. Replace {Public IP} with the gateway's public IP address. The examples use
hello.comas the domain name.-
Verify HTTP
curl http://hello.com --resolve "hello.com:80:{Public IP}" -
Verify HTTPS
curl -v -k https://hello.com --resolve "hello.com:443:{Public IP}" --cacert my-cert.pem
-