You can use Alibaba Cloud CDN to accelerate the retrieval of static resources from an Object Storage Service (OSS) bucket. This topic describes how to accelerate the retrieval of resources from an OSS bucket in the Alibaba Cloud CDN console and the use scenarios of Alibaba Cloud CDN.
OSS is a cost-effective storage service. Alibaba Cloud CDN can accelerate the delivery of static resources. OSS buckets as origin servers provide the following benefits:
All requests destined for the origin server are redirected to Alibaba Cloud CDN points of presence (POPs). This reduces loads on the origin server.
You are charged for outbound data transfer from Alibaba Cloud CDN instead of outbound data transfer over the Internet from OSS. Outbound data transfer from Alibaba Cloud CDN is billed at a lower price.
Clients retrieve static resources from the nearest POPs. This minimizes the network transmission distance and ensures the quality of data transmission.
If an origin server is an OSS bucket, Alibaba Cloud CDN caches the static resources, including scripts, images, audio files, and video files, from the bucket to POPs. When users request the resources, the POPs return the requested resources to the users. This accelerates content delivery.
The following figure shows the architecture.
The website image.example.com requires acceleration for image retrieval from an OSS bucket. The following table describes the business information and requirements.
The domain name that is accelerated by Alibaba Cloud CDN.
Determine the business type based on the website content.
If the website distributes images, set the business type to Image and Small File.
Image and Small File
The region where the website visitors are located.
Chinese Mainland Only
Origin server domain name
Select an OSS bucket that belongs to the current Alibaba Cloud account, or enter the public domain name of an OSS bucket.
Enable other features based on your business requirements.
The following procedure shows how to use Alibaba Cloud CDN to accelerate content delivery for a website. The preceding scenario is used as an example.
Step 1: Make preparations
Private OSS buckets do not allow unauthorized access. This prevents hotlinking.
A domain name to be accelerated is prepared.
Step 2: Add the domain name to be accelerated
Log on to the Alibaba Cloud CDN console.
In the left-side navigation pane, click Domain Names, click Add Domain Name, and then configure the following parameters. The scenario that is described in Scenarios is used an as example.Note
The first time a domain name is added to Alibaba Cloud CDN, Alibaba Cloud CDN must verify the ownership of the domain name. Alibaba Cloud CDN verifies the ownership only of the root domain name. For more information, see Verify the ownership of a domain name. If the root domain name has already passed ownership verification, ignore this message.
For information about the parameters and usage notes, see Add a domain name.
Domain Name to Accelerate: Enter
Business Type: Select Image and Small File.
Region: Select Chinese Mainland Only.
Click Add Origin Server to add an origin server.
Set Origin Info to OSS Domain and select an OSS bucket that belongs to the current account from the Domain Name drop-down list or enter the public domain name of an OSS bucket. Keep the default values for other parameters.
***.oss-cn-hangzhou.aliyuncs.comis used in this example.
After you add an origin server, click Next.
Wait for manual verification.Note
If the domain name does not need to be manually verified, proceed to the next step. In the next step, you can set the parameters based on your business requirements.
After the domain name passes the verification, the status of the domain name changes to Enabled. In this case, the domain name is added to Alibaba Cloud CDN.
View the CNAME that is assigned to the domain name when the value in the Status column changes to Enabled. The CNAME for the domain name that is used in this example is
Step 3: Configure the domain name
To improve acceleration performance, secure data transmission, and accelerate content delivery, you can enable relevant features based on your business requirements.
In the Alibaba Cloud CDN console, navigate to the Domain Names page, find the domain name that you want to manage, and then click Manage.
Configure the following features based on your business requirements.
Increase the cache hit ratio
Specify a time to live (TTL) value for cached resources based on the following rules to increase the cache hit ratio:
Specify a TTL of one month or longer for static files that are infrequently updated, such as images and application packages.
Specify a TTL of 0 seconds to disable caching for dynamic files, such as PHP, JSP, and ASP files.
Specify a site to which POPs redirect requests
By default, the address of the host is the domain name of the OSS bucket. In this example, the domain name of the OSS bucket is
If a custom domain name such as
origin.developer.aliyundoc.comis mapped to the OSS bucket, you need to set Domain Type to Custom Domain, and set the origin host to
origin.developer.aliyundoc.com. For more information, see Configure the default origin host.
Protect OSS buckets from unauthorized access
By default, OSS buckets are accessible over the Internet. If you want to protect OSS buckets from unauthorized access, you can set the ACL of OSS buckets to private and enable the private bucket access feature. This way, Alibaba Cloud CDN has permissions to redirect requests only to OSS buckets that belong to the same account as Alibaba Cloud CDN.Note
Before you perform this operation, set the ACL of OSS buckets to private to allow only authorized access. For more information, see Modify the ACL of a bucket.
Accelerate file distribution on POPs
After you enable object chunking, the OSS bucket that serves as the origin server returns the chunk of file that is specified by the Range header to POPs. This reduces origin traffic and accelerates content delivery.Note
Object chunking is suitable for large file distribution scenarios such as audio and video streaming. Object chunking is not suitable for small file distribution scenarios. You do not need to enable object chunking when you use Alibaba Cloud CDN to accelerate the delivery of images.
Increase the cache hit ratio
Increase file distribution efficiency
After you enable parameter filtering, POPs remove parameters that follow the question mark (
?) from request URLs. This way, requests that carry different query strings but are destined for the same resource can hit the cache. This increases the cache hit ratio and reduces origin traffic.
Protect websites from hotlinking
After you configure a Referer whitelist or blacklist, Alibaba Cloud CDN allows or blocks requests based on user identities. If a request is allowed, Alibaba Cloud CDN returns the URL of the requested resource. If a request is blocked, Alibaba Cloud CDN returns the HTTP 403 status code.
Protect websites from hotlinking and IP theft
URL signing cannot be performed without the origin server. The origin server generates signed URLs based on the URL signing settings on the POPs. After you enable URL signing, only requests that pass authentication can access resources on POPs.
Step 4: Add a CNAME record
You need to add a CNAME record in the system of your DNS service provider to map the domain name to the CNAME before requests can be redirected to POPs. Otherwise, CDN acceleration cannot take effect.
In the following example, Alibaba Cloud DNS is used to show how to add a CNAME record.
For more information, see Add a CNAME record for a domain name.
Log on to the Alibaba Cloud DNS console with the Alibaba Cloud account to which the accelerated domain name belongs.
Navigate to the Manage DNS page, find the root domain name of the accelerated domain name example.com, and then click Configure in the Actions column.
Click Add DNS Record and add a CNAME record.
Record Type: Select CNAME.
Record Value: Enter the CNAME that is assigned to the accelerated domain name. In this example,
Keep the default values for other parameters.
Optional: Check whether the CNAME record is in effect.
- Method 1: Quick verification in the Alibaba Cloud CDN console
- Log on to the Alibaba Cloud CDN console and navigate to the Domain Names page.
- Select the domain name and move the pointer over the CNAME Status column. The CNAME Configuration Guide tooltip appears.
- Click Open Configuration Guide and then click Search.
- Method 2: Run the ping command
- Open Command Prompt in Windows.
- Run the ping Accelerated domain name command in the CLI. If the CNAME in the output is the same as the CNAME that is assigned to the domain name in the CDN console, CDN acceleration is enabled for the domain name.
- Method 1: Quick verification in the Alibaba Cloud CDN console
What to do next
After you set the OSS bucket to private, requests that are sent to the endpoint of the OSS bucket trigger the AccessDenied error. After the CNAME record takes effect and you set the ACLs of the resources to be accessed to public-read, you can access resources in the OSS bucket by using one of the following methods:
Concatenate the accelerated domain name and file path, and then enter the concatenated URL into a web browser. For example, if the accelerated domain name is
aliyundoc.comand you want to access the file image_01.jpg in the root directory, you can send a request to
Set the domain name of the OSS bucket to the accelerated domain name in your client. This way, you can access resources in the OSS bucket by using the accelerated domain name from your client.
For information about how to map an accelerated domain name in the OSS console and use Alibaba Cloud CDN to accelerate access to OSS, see Map accelerated domain names and Use CDN to accelerate access to OSS.