All Products
Search

This Product

    CDN:Add your site to CDN

    Document Center

    CDN:Add your site to CDN

    Last Updated:Mar 17, 2026

    This topic explains how CDN works and describes the key configuration settings. By following the examples, you can quickly and efficiently enable CDN.

    Note

    In this topic, www.example.com is used as the example domain name that users access, and 10.10.10.1 is used as the IP address of the origin server.

    How CDN accelerates content delivery

    If you are unfamiliar with how CDN works, you can read this section to learn more. If you already understand how a CDN works, you can skip this section and proceed to configure CDN.

    How CDN accelerates content delivery

    When you enter a URL in your browser, a webpage, video, song, or image appears on your screen. Behind the scenes, various software and hardware components perform complex parsing and forwarding operations. This topic uses a simple request example to explain how CDN accelerates requests.

    1. Basic request process

    image

    Suppose you want to retrieve an image by accessing the domain name www.example.com. Your browser cannot directly locate the server that hosts the image using only the domain name. Therefore, your browser first contacts a DNS server to obtain the IP address 10.10.10.1 that is associated with the domain name. Then, your browser uses this IP address to locate the server and retrieve the image.

    Note

    • A domain name is like a person's name and an IP address is like their physical address. To find a person, you can use their name to obtain their address and then go to that address. Network requests work in a similar way.

    • A DNS server is like a large database that stores mappings between domain names and IP addresses. For more information about DNS servers and domain names, see DNS basics.

    2. Request process with CDN

    image

    As more users access the image through the domain name www.example.com, the volume of requests increases. Due to factors such as server configuration and network conditions, the image loading speed slows down. In this scenario, CDN provides an effective solution to significantly accelerate requests.

    CDN acts as a large caching service that is positioned between your server and users in the network topology. The purple section in the diagram represents CDN. When a user sends a request that reaches CDN, the system first checks whether the requested image is cached. If the image is in the cache, it is returned directly to the browser without contacting your server. If the image is not cached, CDN requests it from your server, returns it to the user, and stores it in the CDN cache for faster delivery to subsequent users.

    Note

    • Accelerating requests is a basic feature of CDN. For more information about advanced features, see What is CDN.

    • CDN accelerates content delivery without changing your origin server architecture. You do not need to make any changes to your business code or server configuration.

    • The actual request process is more complex than what is described here. This explanation simplifies most of the details to help you understand how CDN works.

    Quickly integrate CDN

    A core advantage of CDN is its non-intrusive nature. You do not need to modify any business code. You can simply complete a few configuration steps to quickly accelerate your content. This topic uses two typical scenarios to explain the configuration process and describes each setting to help you get started.

    Note

    Before you integrate CDN, complete the following two steps:

    1. You must have an Alibaba Cloud account. If you do not have one, you can register on the account registration page. If your acceleration service covers the Chinese mainland, you must also complete account verification.

    2. You must activate CDN in your Alibaba Cloud account.

    1. Add a domain name and origin server

    1. Configure the domain name

      To accelerate your domain name, you must add it as an Domain Name to Accelerate in the CDN console. Only after this step is complete can CDN recognize and accelerate your domain name.

      Add a domain name

      1. Log on to the CDN console.

      2. In the navigation pane on the left, click Domain Names.

      3. Click Add Domain Name. Configure the Region, Domain Name to Accelerate, and Business Type parameters. You can keep the default values for all other parameters.

        加速域名-cn.jpg

      Note

      • The Domain Name to Accelerate is the website or resource domain name that you want to accelerate using CDN. It is also the domain name that end users access. In this example, enter www.example.com.

      • For Region, select a region that fits your business based on the description in Acceleration regions. In this demo, Global is selected. If your acceleration region includes the Chinese mainland, you must complete ICP filing for the domain name. Otherwise, the domain name cannot be accessed.

      • For Business Type, choose a scenario that fits your business based on the description in Scenarios. In this demo, select Image and Small File.

      • If you set Region to Global (Excluding the Chinese Mainland), you can enable the global resource plan. After you enable this feature, your domain name can use more node resources, but some features are limited. For more information, see Features supported after enabling the global resource plan. We recommend that you carefully evaluate this feature before you use it.

    2. Verify domain ownership

      To ensure that you own the domain name that you want to add, CDN requires you to verify the ownership of the domain name. You can skip this step if you have already completed the verification or if you do not receive a verification prompt when you add the accelerated domain name.

      Verify the ownership of the domain name

      Important

      Do not close the verification tab until the verification is complete, regardless of the method you choose.

      DNS record verification (recommended)

      1. On the verification tab of the Add Domain Name page, click Method 1: DNS Record Verification to obtain the host value and record value.

        归属权-cn.jpg

      2. Add a TXT record at your domain name registrar. The following example shows how to add a TXT record in Alibaba Cloud DNS. The process is similar for other registrars, such as Tencent Cloud or Xinnet.

        Configure a TXT record

        1. Log on to the Cloud DNS console.

        2. On the Public Authoritative DNS page, find the root domain name example.com of your accelerated domain name and click DNS Records in the Actions column.

        3. Click Add Record. Set Record Type to TXT. Enter the Host and Value that are provided by CDN in Step 1. You can keep the default values for all other parameters.

          txt-cn.jpg

        1. Click OK to add the record.

        Note

        For a quick overview of root domain names and subdomain names, see Domain name basics.

      3. Wait for the TXT record to take effect. Then, return to the verification tab in the CDN console and click Verify to complete the verification.

        If "Verification failed" is displayed, check whether the TXT record is correct and try again after the DNS record takes effect.

        Check whether the TXT record has taken effect

        For the accelerated domain name www.example.com, you can use the following method to check whether the TXT record has taken effect or is correct:

        Windows system

        Open Command Prompt and run the nslookup -type=TXT verification.example.com command. Check the TXT result to verify whether the DNS record has taken effect or is correct.

        image

        macOS/Linux

        In the terminal, run the nslookup -type=TXT verification.example.com command. Check the TXT result to verify whether the DNS record has taken effect or is correct.

        image

        Note

        • In the nslookup command, the type is TXT, and the domain name for verification replaces the hostname of the original domain name with "verification." For example, if your accelerated domain name is www.example.com, the domain name to verify is verification.example.com.

        • After you configure a TXT record for the first time, it takes effect immediately. If you modify an existing TXT record, it usually takes effect within 10 minutes. The actual time depends on the TTL value of your DNS record, which is 10 minutes by default.

        • If the nslookup command is not installed on your Linux system, you can run the yum install bind-utils command on CentOS or the apt-get install dnsutils command on Ubuntu to automatically install it.

      File verification

      1. On the verification page, click Method 2: File Verification.

        txt2-cn.jpg

      2. Click verification.html to download the verification file.

      3. Upload the verification file to the root directory of your root domain name server, such as an ECS instance, an OSS bucket, a CVM instance, a COS bucket, or an EC2 instance. For example, if your accelerated domain name is www.example.com, upload the file to the root directory of example.com.

      4. After you can access the file at http://example.com/verification.html, click Verify to start the verification.

        The CDN backend accesses http://example.com/verification.html to verify the file.

        • If the value in the file matches the expected value, the verification succeeds.

        • If the verification fails, make sure that the file link is accessible and the uploaded file is correct.

    3. Configure origin server information

      The origin server is the server where your business runs. You must configure origin server information in the CDN console. This way, CDN nodes can retrieve resources from your server when the requested resources are not cached on the CDN nodes.

      Configure the origin server

      1. After you configure the business information of the domain name, click Add Origin Server in the Origin Server Information section.

      2. In the dialog box that appears, select the origin server type and enter the origin server address.

      3. Enter the Port based on your origin server settings. By default, port 80 is used for HTTP.

        源站-cn.jpg

      Note

      • This example uses 10.10.10.1 as the IP address of the origin server to configure the origin server.

        • To accelerate OSS resources, set Origin Info to OSS Domain.

        • To accelerate resources that are deployed on ECS, set Origin Info to IP and enter the public IP address of your ECS instance.

        • If your resources are hosted on a server that cannot be accessed by IP address, set Origin Info to Site Domain and enter the domain name of your origin server. Note that the origin domain name cannot be the same as the accelerated domain name. Otherwise, a resolution loop occurs.

        • To accelerate Function Compute resources, set Origin Info to Function Compute Domain and select the region and domain name based on your Function Compute resources.

      • If your origin server hosts multiple websites, you must also configure a Custom Origin Host after you configure the origin server.

      • For more information about origin server configuration, see Configure an origin server.

      • For more information about best practices for using CDN with OSS, see Accelerate OSS resources with CDN.

    4. Verify the accelerated domain name

      After you add the accelerated domain name, you can test it locally before you update the DNS record to point to the CNAME record. This ensures a smooth DNS switchover without affecting your existing services.

      Note

      Simulated access is equivalent to normal CDN access and incurs charges for basic CDN services and value-added services, if they are tested. The billing follows the standard CDN billing method. For more information, see Billing components.

      Verify the accelerated domain name

      1. Obtain the CNAME address of the accelerated domain name.

        1. Log on to the CDN console.

        2. In the left navigation pane, click Domain Names.

        3. On the Domain Names page, copy the CNAME address that corresponds to the accelerated domain name.

          Note

          Copy the CNAME address whose status is Normal.

          image

      2. Obtain the IP address that corresponds to the CNAME record. In the command line, such as Command Prompt, PowerShell, or Terminal, use the nslookup command to query the CNAME address and obtain the IP address. Example:

        nslookup www.example.com.w.kunlunle.com

        image

      3. Modify the hosts file on your local computer.

        Add a mapping between the IP address that you obtained in Step 2 and the accelerated domain name to the local hosts file. The IP address must precede the domain name. The following example uses the IP address 192.168.0.1.

        Windows system

        1. Go to the C:\Windows\System32\drivers\etc directory and open the hosts file in Notepad as an administrator.

        2. Edit the hosts file. The file may look like the following one:

          # localhost name resolution is handled within DNS itself.
# 127.0.0.1       localhost
# ::1             localhost

          Add the IP address and accelerated domain name to the end of the file. Example:

          192.168.0.1   www.example.com

        3. Save the changes. Choose File > Save or press Ctrl + S.

        4. (Optional) Refresh the DNS cache to immediately apply the DNS changes.

          Open Command Prompt as an administrator and run the following command:

          ipconfig /flushdns

        macOS

        1. Open Terminal and run the following command to open the hosts file with administrator privileges.

          sudo vim /etc/hosts

        2. Edit the hosts file. The file may look like the following one:

          ##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1   localhost
255.255.255.255 broadcasthost
::1         localhost

          Add the IP address and accelerated domain name to the end of the file. Example:

          192.168.0.1   www.example.com

        3. Save the changes and exit.

          Press Esc to exit the insert mode. Then, type :wq and press Enter to save the changes and exit vim.

        4. (Optional) Refresh the DNS cache to immediately apply the DNS changes.

          In Terminal, run the following command:

          sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder

      4. Test whether the accelerated domain name is accessible.

        After you modify the hosts file, open your browser and access the accelerated domain name to test the connectivity. You can check the results in the developer tools of your browser.

        • If the Remote Address IP address matches the IP address that you added to the hosts file, the configuration is correct. You can now configure the CNAME record with your DNS provider.测试网页连通性

        • If the Remote Address IP address does not match the IP address in your hosts file, the configuration is incorrect. Check whether the IP address in the hosts file is correct and matches the IP address of the CNAME address.

        After you successfully access the accelerated domain name, you can verify other features locally.

    2. Recommended configurations

    After you configure the domain name and origin server, click Next to go to the Recommended Configurations page.

    The Recommended Configurations page provides four configuration options: Improve cache hit ratio, Improve access performance, Prevent excessive charges, and Enhance access security. These configurations can improve the cache hit ratio, access performance, and security of CDN.

    You can configure features based on your business needs, or skip this step and return to it later. To return to this step, find the domain name on the Domain Names page and click Quick Configuration in the Action column.

    Improve cache hit ratio

    Cache Expiration

    Proper cache rules can maximize the performance of CDN and reduce unnecessary origin requests. Cache rules are matched in order, and the first matching rule is applied. Based on the characteristics of your resources, you can configure appropriate cache expiration times. The following table describes the recommended configurations:

    File type

    File extensions

    Expiration time

    Description

    Images/audio/video

    jpg,png,gif,mp3,mp4

    30 days

    Content rarely changes

    Static scripts

    js,css

    1 hour

    May change frequently with version releases

    Homepage

    html

    No cache (0 seconds)

    Ensures users always get the latest page structure

    Ignore Parameters

    After you enable the Ignore URL parameters feature, CDN nodes remove the parameters that follow the question mark (?) in a URL when the nodes generate cache keys. This way, requests from clients that contain different parameters for the same resource can match the same cache entry. This improves the cache hit ratio and reduces origin traffic.

    image

    Improve access performance

    Range Origin Fetch

    Range origin fetch uses the Range header in HTTP requests to specify byte ranges for file downloads. If you enable range origin fetch, CDN nodes retrieve only the uncached parts of large files from the origin server. This prevents the retransmission of full files, improves the response speed, and reduces origin traffic.

    If your client supports Range requests, select Match Client. For images, use a 512 KB segment size. For videos or large files, use 1 MB, 2 MB, or 4 MB segment sizes. On the first origin request, the CDN node rounds up the client's Range size to request the origin. Subsequent requests use the specified segment size.

    For video or large files, select Enable Range Origin Fetch (Recommended for Large File Delivery) and choose a 1 MB, 2 MB, or 4 MB segment size. Regardless of whether the client uses Range requests, all CDN origin requests use the specified segment size.

    Gzip Compression

    You can use Gzip compression for files that are 1 KB to 10 MB in size to reduce the transfer size, improve transfer efficiency, and save bandwidth.

    CDN does not compress files that are smaller than 1 KB or larger than 10 MB. Common image and video files are already compressed. Therefore, Gzip compression has no effect. Before you enable this feature, read the notes in Gzip compression.

    智能压缩

    Prevent excessive charges

    To prevent high bills that are caused by attacks or hotlinking that lead to sudden high bandwidth usage, you can configure usage caps to limit the bandwidth, traffic, and number of HTTPS requests for your domain name. This reduces losses that are caused by traffic spikes. For more information, see Configure usage caps.

    Important

    • After a cap is triggered, the accelerated domain name is temporarily taken offline and becomes inaccessible. If you want to receive only alert notifications when the usage exceeds the threshold, you can set up traffic monitoring alerts.

    • Set thresholds based on the historical data of traffic, bandwidth, and HTTPS requests of your website. If you do not have this information, you can skip this configuration for now. After your system runs in a stable manner, you can use the Usage Query feature of CDN to check the usage of your domain name and then configure usage caps.

    Traffic cap

    If your billing method is pay-by-traffic, you can configure this feature. Set a threshold based on historical traffic. The system tracks the total traffic for your domain name over a specified period. If the cumulative traffic exceeds the threshold, the cap rule is triggered and the domain name is taken offline. The domain name is restored after the unblock time.

    Bandwidth cap

    If your billing method is pay-by-peak-bandwidth, you can configure this feature to control your billing bandwidth limit. If the real-time monitored bandwidth exceeds the threshold, the cap rule is triggered and the domain name is taken offline. The domain name is restored after the unblock time.

    HTTPS request cap

    If your accelerated domain name requires HTTPS access and you have a clear budget for HTTPS requests, you can configure this feature. If the number of cumulative HTTPS requests exceeds the threshold, the cap rule is triggered and the domain name is taken offline. The domain name is restored after the unblock time.

    Enhance access security

    HTTPS Certificate

    If your application already supports HTTPS, you must configure an HTTPS certificate for it in CDN. Otherwise, your domain name will no longer support HTTPS.

    If your domain name does not support HTTPS and you do not plan to enable it, you can skip this configuration.

    Important

    Enabling HTTPS generates HTTPS requests. HTTPS request fees cannot be offset by CDN data transfer plans. Ensure that your account has a sufficient balance or purchase an HTTPS request plan to avoid service suspension due to overdue payments. For more information, see Static HTTPS requests.

    • If you purchased a certificate from Alibaba Cloud Certificate Management Service, select SSL Certificates Service and then select the certificate from the Certificate Name list. If you cannot find the certificate, make sure that the domain name that is bound to the certificate matches the accelerated domain name.

    • If you use a certificate that is issued by a third-party provider, select Custom Certificate (Certificate+Private Key). After you specify a Certificate Name, upload the Certificate (Public Key) and Private Key. The certificate is saved to Alibaba Cloud Certificate Management Service. You can view the certificate in My Certificates.

    HTTPS-cn.jpg

    Referer Black/Whitelist

    The Referer blacklist/whitelist feature uses the Referer field in HTTP request headers to control access and prevent hotlinking. Blacklists and whitelists are mutually exclusive. You can enable only one at a time. For more information, see Configure Referer blacklist/whitelist.

    Note

    You can Customize and subscribe to operations reports beforehand. Operations reports provide statistics such as PV/UV, Region and ISP, Domain ranking, top Referers, Top URLs, Top origin-fetch URLs, and Top client IPs. You can use this data to configure your Referer Black/Whitelist.

    3. Configure CNAME

    Before you integrate CDN, requests are sent directly to your server. After the integration, requests are redirected to the nearest CDN node, which then retrieves resources from your origin server. To enable this redirection, you must configure a CNAME record.

    A CNAME record is a DNS record type that maps one domain name to another. For more information, see Introduction to CNAME records.

    Configure CNAME in your DNS service

    1. Go to the Domain Names page in the CDN console. Find the domain name that you added and copy its CNAME value. If the value is empty, wait for five seconds and then refresh the page.

      CANME-cn.jpg

    2. Configure a CNAME record with your DNS provider. The process varies based on the DNS provider. This topic provides instructions for Alibaba Cloud and Tencent Cloud.

      Configure CNAME with Alibaba Cloud

      If your DNS provider is Alibaba Cloud, follow these steps:

      1. Log on to the Cloud DNS console using the Alibaba Cloud account that owns the accelerated domain name.

      2. On the Public Authoritative DNS page, find the root domain name example.com for your accelerated domain name. In the Actions column, click DNS Records.

      3. Click Add Record to add a CNAME record.

      4. Set the Record Type to CNAME.

        addCname-cn.jpg

      Important

      • The host record is the domain name prefix. For example, for www.example.com, the host record is www. If your accelerated domain name is a root domain, such as example.com, set the host record to @.

      • A CNAME record and an A record cannot be configured for the same hostname. If an A record already exists for the accelerated domain name, you must pause or delete the A record before you add the CNAME record.

      • Pausing the A record and adding the CNAME record may cause a brief service interruption. To minimize the impact, we recommend that you perform this operation during off-peak hours.

      1. Click OK to finish.

      Configure CNAME with Tencent Cloud

      If your DNS provider is Tencent Cloud, follow these steps:

      1. Log on to the DNSPod console.

      2. On the DNS management page for your domain name, click Add Record to create a CNAME record.

        Parameter

        Description

        Example

        Host Record

        • For a subdomain, the host record is the subdomain prefix.

        • For a wildcard domain, the host record is *.

        • For a root domain, the host record is @.

        • Subdomain examples:

          • For accelerated domain name www.example.com, the host record is www.

          • For accelerated domain name www.example.aliyundoc.com, the host record is www.example.

        • Wildcard domain examples:

          • For accelerated domain name .example.com, the host record is *.

          • For accelerated domain name *.example.aliyundoc.com, the host record is *.example.

        • Root domain example: For root domain example.com with accelerated domain name example.com, the host record is @.

        Note

        DNS settings apply to your registered domain (such as example.com) or its left-side part. When configuring the host record, enter only the part to resolve (for www.example.com, enter www).

        Record Type

        Select CNAME.

        CNAME

        Line Type

        Select "Default".

        Keep default

        Value

        Enter the CNAME value for your accelerated domain name.

        Note

        CNAME values differ for primary domains (such as www.example.com) and second-level domains (such as www.example.aliyundoc.com). To accelerate a second-level domain, add it to CDN and point it to its CNAME, or add a wildcard domain—its CNAME works for second-level domains. For details, see Add an accelerated domain name.

        www.example.com.w.kunlunsl.com

        Weight

        Leave blank.

        Not applicable

        MX

        Leave blank.

        Not applicable

        TTL

        TTL is the cache time. A smaller value means faster propagation after changes.

        Keep default

      3. Click Save.

    3. Verify that the CNAME record has taken effect.

      CNAME status

      1. Go to the Domain Names page in the CDN console.

      2. Find your domain name and hover over the CNAME Status column. A status of Configured indicates that the CNAME record has taken effect.

        CnameCheck-cn.jpg

      Note

      • After you configure the CNAME, the console may still show To Be Configured in the CNAME Status column. If this occurs, you can refresh the page or wait for about five minutes and then check the status again.

      Verify with nslookup

      1. Open the Command Prompt on a Windows computer or the Terminal on a macOS or Linux computer.

      2. Run the nslookup -type CNAME command for the Accelerated Domain Name. For example, run the nslookup -type CNAME www.example.com command. If the returned result matches the CNAME value for the Accelerated Domain Name in the CDN console, the CNAME configuration has taken effect.

        nsCheckCname.jpg

    5. Resource prefetch

    After you integrate CDN for the first time, prefetch popular static resources to CDN edge nodes. This allows users to retrieve resources directly from edge nodes, preventing slow initial access and improving the user experience.

    1. Log on to the CDN console.

    2. In the navigation pane on the left, click Purge and Prefetch.

    3. On the Purge/Prefetch tab, set Operation Type to Prefetch.

    4. In the Prefetch Content field, enter the full URL of each file to prefetch. Enter one URL per line. Directory prefetch is not supported. For example: https://www.example.com/install/package.zip.

    5. Click Submit to start the prefetch task.

    6. On the Operation Records tab, you can view the details and progress of the task. The task is complete when its progress reaches 100%.

    Note

    • Prefetch tasks cannot be aborted after they are submitted.

    • The time required for a prefetch task to complete depends on the size and number of files, and the performance of the origin server. A prefetch task usually takes 5 to 30 minutes to complete.

    6. Verify that CDN caching is effective

    Verify that CDN caching is effective

    1. For Windows, press Windows+R, type cmd in the Run dialog box, and click OK to open Command Prompt.

      For macOS, open Terminal.

    2. In the window, run the "curl -I" command followed by the URL of a resource on your accelerated domain. For example: curl -I www.example.com/10.JPG.

      image

    3. If the response headers include the Age, X-Cache, X-Swift-SaveTime, and X-Swift-CacheTime fields, this indicates that CDN is working correctly.

      Note

      • X-Cache: A value of MISS indicates that the request missed the cache and an origin fetch was required. A value of HIT indicates that the request hit the CDN cache and the cached data was returned directly.

      • Age: Indicates how long, in seconds, the file has been cached on the CDN node. This field is not included for refreshed files or first-time requests. A value of 0 for Age indicates that the cache has expired and requires validation with the origin server.

      • X-Swift-SaveTime: Indicates the time (in GMT) when the resource was first cached on the CDN node. To convert the time to China Standard Time (UTC+8), add 8 hours.

      • X-Swift-CacheTime: Indicates how long, in seconds, the file can be cached on the CDN node. A value of 0 indicates that the resource cannot be cached.

    Note

    If you still cannot access your site or you encounter errors after you complete the preceding steps, see Troubleshoot access issues.

    You have now completed the main CDN configuration. CDN can now accelerate access to your website.

    References

    Troubleshooting common CDN issues

    What is CDN?

    Five competitive advantages of CDN

    Best practices for preventing CDN hotlinking

    Improve the CDN cache hit ratio

    Customer use cases