All Products
Search

This Product

    CDN:FAQ about origin fetch

    Document Center

    CDN:FAQ about origin fetch

    Last Updated:Feb 07, 2024

    If a client requests resources that are not cached on points of presence, the request is redirected to the origin server to retrieve the resources. If you submit a prefetch task, the POPs retrieve resources from the origin server. This process is called origin fetch. This topic provides answers to some commonly asked questions about origin fetch.

    What do I do if I fail to access a website and the HTTP 502 status code is returned after I configure origin fetch over HTTPS?

    1. Check whether the domain name can be resolved.

    2. Check whether the origin server can be accessed.

    3. Check whether the origin server supports HTTPS.

    4. If the IP address of the origin server is associated with multiple domain names, configure Server Name Indication (SNI) to specify the domain name that is requested. The server returns the SSL certificate that corresponds to the domain name based on the configured SNI. This ensures that resources can be retrieved from the origin server.

    What does the Common Name whitelist verify?

    When a POP retrieves resources from an origin server, the POP compares the SNI value that is included in the request with the certificate Common Name that is returned by the origin server. The origin fetch request succeeds only if the SNI value matches the Common Name.

    If you do not modify the SNI, the value of the HOST header in the origin fetch request from the POP is the accelerated domain name by default. Therefore, the certificate Common Name of the accelerated domain name is verified.

    How do I configure a custom port for origin fetch over HTTPS?

    1. Log on to the Alibaba Cloud CDN console.

    2. In the left-side navigation pane, click Domain Names.

    3. On the Domain Names page, find the domain name that you want to manage and click Manage in the Actions column.

    4. In the left-side navigation tree of the domain name, click Origin Fetch.

    5. In the Origin Protocol Policy section, turn on Origin Protocol Policy.

    6. Click Modify.

    7. Configure custom ports based on your business requirements.

    Is HTTP or HTTPS used for origin fetch after I enable HTTPS secure acceleration in the Alibaba Cloud CDN console?

    The SSL certificate that you configured in the Alibaba Cloud CDN is independent of the origin fetch protocol. By default, the origin fetch protocol is based on the origin port that you specify when you configure the origin server. For more information, see Configure an origin server:

    • If port 443 is used, requests are redirected to the origin server over HTTPS.

    • If port 80 or another port is used, requests are redirected to the origin server over HTTP.

    If you want to configure the origin fetch protocol, follow the instructions described in configure the origin protocol policy.