If your website is added to Edge Security Acceleration (ESA) by CNAME setup, you need to add a DNS record to map the domain that you want to proxy to the ESA-assigned CNAME. This way, user requests destined for your domain can be forwarded to ESA points of presence (POPs). This enables content delivery acceleration, edge computing, and enhanced protection.
Select an appropriate DNS setup
ESA provides two DNS setups: CNAME and NS. Before you add your domain name to ESA, you can select a setup based on your needs.
CNAME setup: the setup used by traditional CDN products. You can choose CNAME if you are familiar with traditional Content Delivery Network (CDN) products or do not want to change your DNS service provider.
NS Setup: ESA manages DNS for your domain name. NS is suitable if you have not used traditional CDN products or need one-stop website management.
Procedure
Before you begin
You have an Alibaba Cloud account. For information about creating accounts, see Create an Alibaba Cloud account.
You have a domain name and its origin. You can register a domain name on Alibaba Cloud, and create an ECS instance as your origin.
Step 1: Add a website
Add the root domain of your website to ESA. This allows ESA to manage DNS resolution for your entire domain.
In the ESA console, select Websites. On the Websites page, click Add Website.
In the Enter Website step, enter the domain name you want to add to ESA, such as
example.com
, and click Next.In the Select Location and DNS Setup step, select the region where you want to have ESA service in the Location section. Select NS in the DNS Setup section, and then click Next.
On the Select Plan page, you can select New Plans or Purchased Plans to choose a plan for your website. Then, follow the instructions in the console to make the purchase.
NoteTo accelerate and protect your websiteb by ESA, you need to add a DNS record.
Verify the ownership of a domain name
After adding a domain name to ESA for the first time, you must verify its ownership. Once verified, ownership does not need to be re-verified for the domain or its subdomains.
In the left-side navigation pane, click Overview and copy
the TXT record provided by ESA. This record is used to verify the ownership of your domain name.
Follow the instructions in the console to go to your DNS service provider and add the copied information in TXT format to your domain name resolution records.
Wait until the TXT record takes effect. Then, return to the Overview page in the ESA console, and click Verify to complete the verification.
NoteIt may take minutes to hours for the TXT record to take effect after it is configured. If the verification fails, try again later.
(Optional) Configure the SSL certificate
If you want to allow HTTPS access to your proxied domains, configure edge certificates for the domains. This prevents service interruptions if users access your website over HTTPS.
Add a domain name
After you have verified the ownership of the domain name, perform the following steps to configure the ESA proxy acceleration service for the subdomain.
Obtain the CNAME in the ESA
You must add DNS records by configuring information such as the prefix of the domain name to be accelerated and the origin server address on ESA to obtain the CNAME value.
In the left-side navigation pane, choose
.You can import multiple records at a time or manually add records one by one.
Manually add a single record
Click Add Record and add a DNS record in the pop-up dialog box.
Click Next and select a business type.
Batch import multiple DNS records
Click Import. On the page that appears, click Download File Template.
Fill and save the DNS records from your current DNS service provider in the template file, and click Upload File.
On the Import page, check and adjust the configurations of the records, and click OK.
After the record is added, follow the instructions in the console, click CNAME Configuration Guide, and click
to retrieve the CNAME record pointed to ESA POPs.
Add a CNAME record at your DNS service provider
Since your domain name resolution is managed by a third-party DNS service provider, you must add the corresponding CNAME record there. When a user requests an accelerated domain name, the DNS service provider resolves the request to the appropriate ESA POP, providing acceleration through a proxy service.
Follow the instructions in the console to go to your DNS service provider and add the copied information to your domain resolution records in the CNAME record type. This step is the same as Step 2: Verify the ownership of the domain name.
Return to the ESA console, select , and make sure that the CNAME Status of the newly added record is Configured.
NoteIt may take minutes to hours for the TXT record to take effect after it is configured. If the verification fails, try again later.
(Optional) Verify whether a website is accelerated
When your website is active on ESA, client requests to your website are automatically directed to the nearest POPs. You can check the IP address to verify whether the acceleration takes effect.
Method 1: Use the browser developer tools
Method 2: Use the CLI
Method 3: Check the instant logs
Enable security protection
After your website is connected to the ESA, you can customize security settings for data encryption and request filtering.
Data transmission encryption
ESA being between the client and your server helps you manage data transmission security from end to end.
By default, the ESA enables the SSL/TLS feature. You can apply for a free edge certificate to use HTTPS to access ESA POPs. To enhance security between clients and ESA POPs, you can enable TLS mutual authentication. This way, clients are verified before requests are accepted.
Abnormal requests mitigation
ESA with native Web Application Firewall (WAF) protection rules can filter requests from clients to ensure that only clean traffic reaches the servers.
While your business is running, ESA collects data from multiple dimensions for security analytics and event analytics. This helps you quickly identify abnormal requests and use WAF custom rules to block or challenge requests. By default, the ESA enables Basic DDoS Protection to protect your website against DDoS and HTTP flood attacks.
Optimize website performance
Maximize your website's overall performance by enhancing access and network speed through ESA features.
Access speed
You can enhance your website's access speed by setting up ESA features such as image transformations, content compression, and protocol optimization.
Network speed
ESA helps you improve network speed with IPv6 support, WebSocket and gRPC connections, as well as settings for a maximum upload size.
Learn more about ESA
ESA also supports features related to cache, Edge computing, rules, analytics and logs, and traffic.
Cache
You can store resource files at ESA POP by configuring cache policies or cache rules for your website. When you request a file, the POP will respond directly, reducing time-consuming origin fetches and speeding up access to the latest files.
Edge computing
ESA offers an efficient, flexible, and low-latency edge computing solution through three products: Edge Routine, Edge Containers, and Edge KV.
Edge Routine: This serverless service allows you to deploy JavaScript code directly on POPs. Your requests are processed at the nearest POP, significantly reducing computing latency.
Edge Containers: These are container-based computing resources deployed on POPs. They offer high elasticity and easy maintenance. With global deployment and localized scheduling, they simplify protocol handling and greatly reduce response time.
Edge KV: This key-value edge storage service works with Edge Routine to help you quickly access data from the same POP, enabling lightweight BaaS services and API gateways.
Rules
Leverage a unified tool to create and deploy conditional rules across various features such as caching, redirection, compression, origin fetch, and WAF. This allows you to flexibly and precisely implement various strategies, leading to more efficient management and optimization.
Analytics and logs
ESA generates real-time and detailed analytics and logs when processing requests. You can use this information to optimize resource allocation, identify and fix service issues, create monitoring solutions, and assess network connection quality for performance testing. These features help you ensure stable and efficient website operations.
Traffic
ESA POPs monitor data flow in real time and adjust it intelligently. Use these features to optimize traffic distribution strategies and balance the load across multiple origins. You can significantly reduce latency while enhance the availability and stability of your services.