All Products
Search

This Product

    CDN:Get started with Alibaba Cloud CDN

    Document Center

    CDN:Get started with Alibaba Cloud CDN

    Last Updated:Nov 06, 2025

    Accelerate content delivery with Alibaba Cloud Content Delivery Network (CDN). This guide covers the core concepts and essential configuration steps, from adding your domain to verifying the acceleration.

    Note

    This document uses www.example.com as the example domain that users access and 10.10.10.1 as the example IP address for the origin server.

    How it works

    If you are new to CDN, we recommend reading this section. If you are familiar with the concepts, skip ahead to the configuration steps.

    Illustration

    Request process without a CDN

    When you enter a URL in the browser, a webpage, video, or song appears on your screen. This triggers a complex series of parsing and forwarding across various software and hardware. The following example shows a simple request process without a CDN:

    image

    Imagine you want to access an image by visiting www.example.com. Your browser cannot locate the server storing the image using the domain name directly. Instead, the browser first queries a DNS server to get the corresponding IP address, 10.10.10.1. The browser then uses this IP address to find the server and retrieve the image.

    Note

    • A domain name is like a person's name, and an IP address is like their physical address. To find someone, you first look up their address using their name. A web request works in similar way.

    • A DNS server is like a large phonebook that maps domain names to IP addresses. For more information about DNS servers and domains, see DNS concepts and terms.

    Request process with Alibaba Cloud CDN

    image

    The requests increase as more users access the image through www.example.com, gradually slowing image loading due to server capacity or network conditions.

    Alibaba Cloud CDN can greatly accelerate these requests. Think of CDN as a massive caching layer between your server and your users. When a user makes a request that reaches CDN, the system first checks if a cached copy of the image exists. If the image is found, CDN returns it to the browser without contacting the origin server. If the image is not in the cache, CDN requests it from the origin server, returns it to the user, and stores it in the cache to serve subsequent requests for the same image.

    Note

    • Accelerating request is a fundamental feature of Alibaba Cloud CDN. To learn more about its advanced capabilities, see What is Alibaba Cloud CDN?

    • CDN accelerates your content without making any changes to your origin server's architecture or code.

    • The actual request process is complex. This guide simplifies it to explain the core CDN concept.

    Procedure

    A key advantage of CDN is that it is non-intrusive to your servers. You do not need to modify any business code. Simply direct your website's traffic to CDN with a few configuration steps to accelerate content delivery. This guide will walk you through the configuration with a use case, explaining each setting along the way.

    Note

    Before you begin, complete the following steps:

    Step 1: Add a domain and an origin server

    1. Configure your domain

      Add your domain to CDN. It allows CDN to identify and accelerate requests for your domain.

      Steps

      1. Log on to the CDN console.

      2. In the left-side navigation pane, click Domain Names.

      3. Click Add Domain Name. On the Business Information page, configure Region, Domain Name to Accelerate, and Business Type. Keep the default values for all other parameters.

        加速域名-cn.jpg

      Note

      • Domain Name to Accelerate: the domain that your end users will access. In this example, it is www.example.com.

      • Region: Select an acceleration region that suits your needs. For a more information about the options, see Acceleration Region. For this example, it is Global. If your acceleration region includes the Chinese mainland, your domain must have an ICP filing. Otherwise, the domain cannot be accessed.

      • Business Type: Select a business type that matches your use cases. For this example, it is Image and Small File.

    2. Verify domain ownership

      Alibaba Cloud CDN needs to verify that you own the domain you are adding. If you have completed the verification or do not see a verification tab, skip this step.

      Steps

      Important

      Do not close the verification tab until the process is complete.

      DNS resolution verification (recommended)

      1. On the verification tab, click Method 1: DNS Settings to get the host and record value.

        归属权-cn.jpg

      2. Add the TXT record to your DNS provider. The following steps show how to add a TXT record in Alibaba Cloud DNS. The process is similar for other providers, such as Tencent Cloud or GoDaddy.

        Steps

        1. Log on to the Alibaba Cloud DNS console.

        2. On the Public Zone page, find the root domain example.com of your domain and click Settings in the column on the right.

        3. Click Add DNS Record. Set Record Type to TXT. Enter the Hostname and Record Value provided by Alibaba Cloud CDN in Step a. Keep the default values for the other parameters.

          txt-cn.jpg

        1. Click OK.

        Note

        • A root domain is the base of your website, such as example.com. Subdomains use a prefix to organize your website into different sections. For example, shop.example.com can be used for a store, and blog.example.com can be used for a blog.

      3. Wait a few minutes for the TXT record to take effect. Then, return to the verification tab in the CDN console and click Verify.

        If the system displays "Verification failed", check that you have entered the valid TXT record and try again after the DNS record has propagated.

        Check if the TXT record is active

        For the domain www.example.com, you can check if the TXT record is active and correct as follows:

        Windows

        Open the Command Prompt (cmd) and enter nslookup -type=TXT verification.example.com. The result shows if the record is active and correct.

        image

        macOS/Linux

        Open the terminal and enter nslookup -type=TXT verification.example.com. The result shows if the record is active and correct.

        image

        Note

        • In the command, add verification as the prefix of your root domain . For example, verification.aliyun.com.

        • A new TXT record takes effect immediately, while changes to an existing one typically take 10 minutes, depending on the TTL setting of your DNS record (the default is 10 minutes).

        • If the nslookup command is not installed on your Linux system, run yum install bind-utils for CentOS or apt-get install dnsutils for Ubuntu to install it.

      File verification

      1. On the verification page, click Method 2: Verification File.

        txt2-cn.jpg

      2. Click verification.html to download the verification file.

      3. Manually upload the verification file to the root directory of your root domain's server (e.g., your ECS, OSS, CVM, COS, or EC2 instance). For example, if your domain is www.example.com, upload the file to the root directory of example.com.

      4. Ensure that the file is accessible at http://example.com/verification.html, then click Verify.

        The Alibaba Cloud CDN backend will visit the http://example.com/verification.html link on your server to verify.

        • If the record value in the file matches the expected value, the verification passes.

        • If the verification fails, ensure that the file link is accessible and that you have uploaded the correct file.

    3. Configure the origin server

      The origin server is the web server that hosts your website content. Configure the origin sever information so CDN can fetch resources from your origin when they are not cached.

      Steps

      1. Click Add Origin Server in the Origin Servers section.

      2. In the Add Origin Server dialog box, select the origin type and enter the origin address.

      3. Enter the Port based on your origin server's configuration or keep the default value.

        源站-cn.jpg

      Note

      • This example uses 10.10.10.1 as the IP address of the origin sever. Set up your origin as needed:

        • Accelerate access to OSS resources: select OSS Domain for the Origin Info.

        • If your resources are deployed on an ECS instance, select IP for the Origin Information and enter the public IP address of the ECS instance.

        • If your resources are on a server that cannot be accessed by an IP address, select Site Name for the Origin Info and enter the server's domain name. Note that the origin domain cannot be the same as your domain name to be accelerated, as this would cause a resolution loop.

        • If you want to accelerate resources from Alibaba Cloud Function Compute, select Function Compute Domain for the Origin Info. Select the region and domain name based on the Function Compute resources in your account.

      • If you host multiple websites on your origin server, you must also configure a specific origin host after setting up the origin.

      • For more information about origin server settings, see Configure an origin server.

    4. Test the domain

      We recommend testing your domain locally before pointing your DNS records to the CNAME. This ensures a smooth transition without affecting your online services.

      Note

      Simulated access will incur charges for basic CDN services and any value-added services you test. The billing is the same as for regular CDN usage. For more information, see Billing overview.

      Steps

      1. Get the CNAME address for your domain to be accelerated.

        1. Log on to the CDN console.

        2. In the left navigation pane, click Domain Names.

        3. On the Domain Names page, copy the CNAME address corresponding to your domain.

          Note

          Copy the CNAME address for a domain in the Running state.

          image

      2. Get the IP address corresponding to the CNAME. In a command-line interface (such as CMD, PowerShell, or Terminal), use the nslookup command to query the CNAME address and get its IP address. For example:

        nslookup example.aliyundoc.com.w.kunlunle.com

        image

      3. Modify the hosts file on your computer.

        Add a mapping between the IP address obtained in step b and your domain name to your local hosts file. Place the IP address before the domain name. The following example shows how to do this with the IP address 192.168.0.1:

        Windows

        1. Go to C:\Windows\System32\drivers\etc and open the hosts file with a text editor as the administrator.

        2. Edit the hosts file. The content may look like this:

          # DNS handles localhost name resolution itself.
# 127.0.0.1       localhost
# ::1             localhost

          Add the IP address and accelerated domain name to the end of the file. For example:

          192.168.0.1   example.aliyundoc.com

        3. Save the changes. After editing, select File > Save or press Ctrl + S.

        4. (Optional) To make the changes take effect immediately, flush the DNS cache.

          Open Command Prompt as an administrator, enter the following command, and press Enter:

          ipconfig /flushdns

        macOS

        1. Open the Terminal and use the following command to open the hosts file with administrator privileges.

          sudo vim /etc/hosts

        2. Edit the hosts file. The content may look like this:

          ##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1   localhost
255.255.255.255 broadcasthost
::1         localhost

          Add the IP address and accelerated domain name to the end of the file. For example:

          192.168.0.1   example.aliyundoc.com

        3. Save the changes and exit.

          Press the Esc key to exit insert mode, then type :wq and press Enter to save the file and exit vim.

        4. (Optional) To ensure the changes take effect immediately, flush the DNS cache.

          In the Terminal, enter the following command and press Enter:

          sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder

      4. Test if the domain is accessible.

        After modifying the hosts file, open a browser and access the domain locally to test connectivity. You can check the results using your browser's developer tools.

        • If the IP address next to Remote Address matches the IP you set in your hosts file, the configuration is correct. Proceed to configure the CNAME record with your DNS provider.测试网页连通性

        • The configuration is incorrect if the IP address next to Remote Address does not match the IP you set in your hosts file. Check that the IP address in your hosts file is correct and is the IP address of the CNAME.

        After successfully accessing the domain, you can perform any other necessary verifications locally.

    Step 2: Configure the CNAME record

    Before connecting to CDN, user requests for your domain go directly to your origin server. After integrating with CDN, requests are first sent to the nearest CDN point of presence (POP). The POP then determines whether to forward an origin request to your server. Configure a CNAME record to switch the request path from a direct connection to one that goes through CDN.

    A CNAME record is a type of DNS record that maps one domain name to another. For more information about CNAME records, see What is a CNAME record?.

    Steps

    1. Go to the Domain Names, find the domain you added, and copy its CNAME value. (If this value is empty, wait five seconds and refresh the page.)

      CANME-cn.jpg

    2. Configure the CNAME record in your DNS server. The method for configuring CNAME records varies among DNS providers. The following are examples for Alibaba Cloud and Tencent Cloud:

      Configure a CNAME record with Alibaba Cloud DNS

      If your DNS provider is Alibaba Cloud, follow these steps to configure the CNAME record.

      1. Log on to the Alibaba Cloud DNS console with the Alibaba Cloud account that owns the accelerated domain.

      2. On the Public Zone page, find the root domain example.com of your accelerated domain and click Settings on the right.

      3. Click Add DNS Record to add a CNAME record.

      4. Set Record Type to CNAME.

        addCname-cn.jpg

      Important

      • The Hostname is the prefix of the domain name. For www.example.com, it is www. If your accelerated domain is the root domain example.com, enter @ for the hostname.

      • An A record and a CNAME record for the same host record are mutually exclusive. If an A record already exists for the domain you want to accelerate, you must pause or delete it before you can add the CNAME record.

      • Pausing an A record to configure a CNAME record may briefly make your domain inaccessible. To minimize the impact, schedule this change during a low-traffic period.

      1. Click OK.

      Configure a CNAME record with Tencent Cloud (DNSPod)

      If your DNS provider is Tencent Cloud, you can follow these steps to configure the CNAME record.

      1. Log on to the DNSPod console.

      2. On the domain resolution page for the relevant domain, click Add Record to add a CNAME record:

        Parameter

        Description

        Example

        Hostname

        • If the accelerated domain is a subdomain, the hostname is the subdomain's prefix.

        • If the accelerated domain is a wildcard domain, the hostname is *.

        • If the accelerated domain is the root domain itself, the hostname is @.

        Subdomain example:

        • For example.aliyundoc.com, the hostname is example.

        • For www.example.aliyundoc.com, the hostname is www.example.

        Wildcard domain example:

        • For .aliyundoc.com, the hostname is *.

        • For *.example.aliyundoc.com, the hostname is *.example.

        Root domain example:

        If the root domain is aliyundoc.com and the accelerated domain is aliyundoc.com, the host record is @.

        Note

        You only need to enter the part of the domain you want to resolve. For example, to resolve example.aliyundoc.com, enter example.

        Record Type

        Select CNAME.

        CNAME

        Line Type

        Select "Default".

        Recommended: Keep the default value.

        Record Value

        Enter the CNAME record value for your accelerated domain.

        Note

        The CNAME values for a first-level domain (e.g., example.aliyundoc.com) and a second-level domain (e.g., www.example.aliyundoc.com) are different. To accelerate a second-level domain, you must also add it to CDN and resolve it to the corresponding CNAME record value, or add a wildcard domain to CDN, whose CNAME can be used by the second-level domain. To add a wildcard or second-level domain, see Add a domain name.

        www.example.com.w.kunlunsl.com

        Weight

        Not required.

        Not applicable.

        MX

        Not required.

        Not applicable.

        TTL

        The TTL is the cache time. A lower value means changes to the record will take effect faster across different regions.

        Recommended: Keep the default value.

      3. Click Save to complete the process.

    3. Verify that the CNAME record is active.

      In the console

      1. Go to the Domain Names page in the Alibaba Cloud CDN console.

      2. Select the target domain name. Hover over the CNAME Status of the accelerated domain name. If the status is Configured, the configuration is in effect.

        CnameCheck-cn.jpg

        Note

        Refresh the page or wait for about 5 minutes to verify the status if it is To Be Configured.

      With the nslookup command

      1. Open Command Prompt (Windows) or Terminal (macOS/Linux).

      2. Enter nslookup -type=CNAME <Domain_Name>. For example, nslookup -type=CNAME www.example.com. If the returned parsing result matches the CNAME value for the your domain to be accelerated, the CNAME configuration is in effect.

        nsCheckCname.jpg

    Step 3: Configure an HTTPS certificate

    If your domain supports HTTPS, configure an HTTPS certificate in CDN to maintain HTTPS access.

    Skip this section If your domain has not supported HTTPS and you do not plan to enable it.

    Important

    Enabling HTTPS will generate HTTPS requests. Charges for HTTPS requests cannot be offset by CDN data transfer plans. Ensure your account has a sufficient balance or purchase an HTTPS request plan to avoid service suspension due to overdue payments. For details, see Billing of HTTPS requests for static content.

    Steps

    1. Log on to the Alibaba Cloud CDN console.

    2. In the left navigation pane, click Domain Names.

    3. On the Domain Names page, find the domain name that you want to manage and click Manage in the Actions column.

    4. In the left navigation tree of the domain name, click HTTPS.

    5. In the HTTPS Certificate section, click Modify.

    6. In the Modify HTTPS Settings page, turn on HTTPS Secure Acceleration and configure the parameters.

      HTTPS-cn.jpg

      Note

      • If you have purchased a certificate from Alibaba Cloud Certificate Management Service, select SSL Certificates Service. In the Certificate Name dropdown, select your purchased certificate. If you cannot find your certificate, check if the domain bound to the certificate matches the accelerated domain.

      • If you are using a certificate issued by a third-party provider, select Custom Certificate (Certificate+Private Key). You need to set a Certificate Name and then upload the Certificate (Public Key) and Private Key. This certificate will be saved in Alibaba Cloud Certificate Management Service. Check it in My Certificates.

    7. Verify the HTTPS configuration.

      The updated HTTPS certificate will take effect within one minute. You can then access resources via HTTPS. If you see a lock icon next to the URL in your browser (e.g., Chrome), it means that HTTPS secure acceleration is active. After configuring the certificate, be sure to monitor its expiration date and manually configure a new one before it expires.

      image

      Note

      For more information on configuring HTTPS certificates, see Configure an HTTPS certificate.

    Step 4: Verify that CDN caching is working

    Steps

    1. On Windows: Press Win + R, type cmd in the Run dialog, and click OK to open the command prompt.

      On macOS: Open "Terminal".

    2. In the window, enter curl -I followed by the URL of a resource on your accelerated domain. For example, curl -I www.example.com/10.JPG.

      image

    3. If you see headers including AgeX-CacheX-Swift-SaveTime, and X-Swift-CacheTime in the response, it indicates that CDN is working.

      Note

      • X-Cache: If this field shows MISS, the cache was not hit, and an origin request was made. If it shows HIT, the request was served from the CDN cache.

      • Age: Indicates how long (in seconds) the file has been cached on the CDN POP. This field is absent for the first access or after a refresh. An Age of 0 means the cache has expired and needs to be revalidated with the origin.

      • X-Swift-SaveTime: The time (in GMT) when the resource was first cached on the CDN POP.

      • X-Swift-CacheTime: The allowed cache duration on the CDN POP, indicating how long the file can be cached. A value of 0 means the request cannot be cached.

    Note

    If you have completed the above steps but are still experiencing access issues, see Service unavailability and exceptions.

    At this point, the main configuration for Alibaba Cloud CDN is complete, and your website can now be accelerated through the CDN. However, to ensure the security and stability of your website, we strongly recommend you also configure security and cache policies.

    Optional configurations 

    Security

    Your domain may be subject to malicious attacks or traffic theft, which can cause sudden high bandwidth usage or large data transfers, resulting in excessive fees. Therefore, we strongly recommend configuring appropriate security measures to prevent such risks.

    Steps

    1. Enable logs

      CDN supports offline and real-time logs. By analyzing logs, you can quickly identify business and security issues and make timely adjustments. For more information about logs, see Logs and reports.

      Log Type

      Log Delay

      Cost

      Best Practice

      Offline Logs

      Within 24 hours

      Free

      Analyze offline logs

      Real-time Logs

      Within 3 minutes

      Billing

      Deliver Alibaba Cloud CDN real-time logs to SLS for analysis

    2. Enable Referer-based hotlink protection

      Referer-based hotlink protection controls access based on the Referer field in HTTP request headers. By setting a whitelist or blacklist, you can prevent unauthorized use of your resources.

      A common configuration is to set a Referer whitelist, allowing only requests from specified domains such as your trusted websites. This helps identify and filter unauthorized requests to prevent resource theft. For details, see Configure a Referer blacklist or whitelist.

    3. Set up real-time bandwidth monitoring

      You can use the Cloud Service Monitoring feature of CloudMonitor to set up alerts for the peak bandwidth of a specific domain under Alibaba Cloud CDN. When the bandwidth reaches the set threshold, an alert is sent to the administrator, enabling you to detect potential risks more quickly. For details, see Configure alert rules.

    For more options on security configuration, see the information below:

    More security policies

    Access control

    Measure

    Description

    Configure URL signing

    URL signing works with your origin server to protect your resources from abuse. For details, see Configure URL signing.

    Configure remote authentication

    Remote authentication forwards user requests to your specified authentication server for validation, allowing for fine control over unauthorized access to resources. For details, see Configure remote authentication.

    Configure an IP blacklist/whitelist

    If you experience a malicious attack or traffic surge, use real-time logs analysis to identify high-frequency IP addresses. Then, use IP blacklist to block them.

    Configure a UA blacklist/whitelist

    If you experience a malicious attack or traffic surge, use real-time logs analysis to check if the malicious activity originates from specific User-Agents. Then use User-Agent blacklist to block the malicious behavior.

    Traffic management

    Option

    Description

    Set a bandwidth cap

    If you want to limit the maximum bandwidth usage for a domain, use bandwidth caps. When the set bandwidth threshold is reached, CDN will stop accelerating the domain and resolve it to an invalid address, preventing excessive charges.

    Set request-level speed limit

    This feature lets you limit the downstream speed for all user requests to CDN POP. It is often used for operational activities, such as new game version releases, to control the peak bandwidth of the accelerated domain. For details, see Configure traffic throttling for individual requests.

    Set a bandwidth limit

    If you need to limit the bandwidth used by your domain and your daily peak bandwidth is greater than 10 Gbps, submit a ticket.

    Important

    • The bandwidth limit sets a maximum for the total network bandwidth of the accelerated domain. For accuracy, the limit must be 10 Gbps or higher.

    • When the bandwidth cap is reached (e.g., 10 Gbps), Alibaba Cloud CDN will throttle the accelerated domain. This will slow down user access speeds for every request and may cause packet loss.

    • Throttling is based on real-time monitoring data, which has a delay of about 10 minutes. Therefore, speed limiting begins approximately 10 minutes after the actual bandwidth reaches the threshold, by which time the actual bandwidth might have exceeded the limit.

    Note

    If your domain is under a malicious attack or you receive a large bill, follow the documentation to quickly investigate and mitigate the issue. For details, see Best practices for preventing traffic abuse.

    Performance

    We recommend configuring features like cache expiration and page optimization to improve cache hit rates and access performance.

    Steps

    1. Improve cache hit rate and speed

      Slow access speed is often strongly correlated with a low cache hit rate. We recommend configuring cache expiration times and the ignore parameters feature to improve the cache hit rate.

      Scenario

      Description

      Configuration

      Low cache hit rate, slow access speed

      A short cache time or no cache rules can lead to frequent origin requests. Properly configuring the cache expiration time can significantly improve the resource cache hit rate and access performance. Recommended cache times:

      • For static files that are rarely updated, such as images or application downloads, set the cache time to one month or more.

      • For frequently updated static files, such as JS and CSS, set the cache time based on your business needs.

      Configure cache TTL

      Low cache hit rate caused by URL parameters

      By default, when a client makes an origin request, the URL must exactly match, including any parameters after the ?. Enabling the ignore parameters feature removes these parameters from the URL when fetching resources, which increases the file cache hit rate and reduces the number of origin requests.

      Ignore parameters

    2. Improve CDN access performance

      To prevent sudden high bandwidth caused by attacks or other reasons, you can set up monitoring alerts to track bandwidth changes in real time or use the bandwidth cap feature to set a maximum bandwidth limit and prevent excessive costs.

      Scenario

      Description

      Configuration

      Limit excessive bandwidth

      Use the bandwidth cap feature to set an upper limit. When the bandwidth for a statistical period exceeds your set limit, CDN will stop providing acceleration for that domain, and it will be resolved to an invalid address (offline.***.com), making it inaccessible.

      Configure bandwidth caps

      Monitor bandwidth changes

      Create alert rules in CloudMonitor to monitor network bandwidth. This notifies you bandwidth anomalies and address them.

      Configure alert rules

    3. Resource prefetch

      After you add your website or resources to CDN, on a user's first visit, CDN pulls the resource from your origin server to cache at the POP. This initial request may be slow. You can use the prefetch feature to cache resources on POP in advance, improving the user's access speed. For specific operations, see Purge and prefetch resources.

    References