Adding your website to Edge Security Acceleration (ESA) by NS setup allows ESA to manage your DNS resolution. ESA offers comprehensive and user-friendly security protection and performance optimization.
Select an appropriate DNS setup
ESA provides two DNS setups: CNAME and NS. Before you add your domain name to ESA, you can select a setup based on your needs.
NS Setup: ESA manages DNS for your domain name. NS is suitable if you have not used traditional Content Delivery Network (CDN) products or need one-stop website management.
CNAME setup: the setup used by traditional CDN products. You can choose CNAME if you are familiar with traditional CDN products or do not want to change your DNS service provider.
Learn NS setup in six minutes
Before you begin
You have an Alibaba Cloud account. For information about creating accounts, see Create an Alibaba Cloud account.
You have a domain name and its origin. You can register a domain name on Alibaba Cloud, and create an ECS instance as your origin.
Step 1: Add a website
Add the root domain of your website to ESA. This allows ESA to manage DNS resolution for your entire domain.
In the ESA console, click Websites. On the Websites page, click Add Website.
In the Enter Website step, enter the domain name you want to add to ESA, such as
example.com
, and click Next.In the Select Location and DNS Setup step, select the region where you want to have ESA service in the Location section. Select NS the DNS Setup section, and then click Next. For more information on service location, see What are the differences between service locations?.
On the Select Plan page, you can select New Plans or Purchased Plans to choose a plan for your website. Then, follow the instructions in the console to make the purchase.
Step 2: Add DNS records
To prevent service interruptions caused by invalid DNS records, you must migrate the DNS records from your current DNS service provider to ESA before you modify the DNS server. For the supported record types, see Parameters for adding records.
In the left-side navigation pane, choose .
You can import multiple records at a time or manually add records one by one.
(Recommended) Import DNS records at a time
Click Import. On the page that appears, click Download File Template.
Fill and save the DNS records from your current DNS service provider in the template file, and click Upload File.
On the Import page, check and adjust the record configurations. By default, ESA provides DNS resolution. You can turn on ESA Proxy Status for the records to enable acceleration and protection.
After you adjust the DNS records, click Import.
Manually add a single record
Click Add Record. In the dialog box that appears, add a DNS record.
Click Next and select a business type.
(Optional) Configure the SSL certificate
If you want to allow HTTPS access to your proxied domains, configure edge certificates for the domains. This prevents service interruptions if users access your website over HTTPS.
Step 3: Modify NS server and enable website
When you have migrated the DNS records, you need to update your DNS server to the one assigned by ESA.
In the left-side navigation pane, click Overview and copy
the nameserver provided by ESA.
Follow the instructions in the console to go to your DNS service provider and modify the DNS servers.
Optional. After you update the nameserver, go back to the ESA console and click Verify Nameserver on the Overview page.
It may take several minutes to 48 hours to process nameserver updates. If the verification fails, try again later. You will receive an email and internal message when your website is onboarded to ESA and turns into the Active state.
(Optional) Verify whether a website is accelerated
When your website is active on ESA, client requests to your website are automatically directed to the nearest POPs. You can check the IP address to verify whether the acceleration takes effect.
Method 1: Use the browser developer tools
Method 2: Use the CLI
Method 3: Check the instant logs
Enable security protection
After your website is connected to the ESA, you can customize security settings for data encryption and request filtering.
Data transmission encryption
ESA being between the client and your server helps you manage data transmission security from end to end.
By default, the ESA enables the SSL/TLS feature. You can apply for a free edge certificate to use HTTPS to access ESA POPs. To enhance security between clients and ESA POPs, you can enable TLS mutual authentication. This way, clients are verified before requests are accepted.
Abnormal requests mitigation
ESA with native Web Application Firewall (WAF) protection rules can filter requests from clients to ensure that only clean traffic reaches the servers.
While your business is running, ESA collects data from multiple dimensions for security analytics and event analytics. This helps you quickly identify abnormal requests and use WAF custom rules to block or challenge requests. By default, the ESA enables Basic DDoS Protection to protect your website against DDoS and HTTP flood attacks.
Optimize website performance
Maximize your website's overall performance by enhancing access and network speed through ESA features.
Access speed
You can enhance your website's access speed by setting up ESA features such as image transformations, content compression, and protocol optimization.
Network speed
ESA helps you improve network speed with IPv6 support, WebSocket and gRPC connections, as well as settings for a maximum upload size.
Learn more about ESA
ESA also supports features related to cache, Edge computing, rules, analytics and logs, and traffic.
Cache
You can store resource files at ESA POP by configuring cache policies or cache rules for your website. When you request a file, the POP will respond directly, reducing time-consuming origin fetches and speeding up access to the latest files.
Edge computing
ESA offers an efficient, flexible, and low-latency edge computing solution through three products: Edge Routine, Edge Containers, and Edge KV.
Edge Routine: This serverless service allows you to deploy JavaScript code directly on POPs. Your requests are processed at the nearest POP, significantly reducing computing latency.
Edge Containers: These are container-based computing resources deployed on POPs. They offer high elasticity and easy maintenance. With global deployment and localized scheduling, they simplify protocol handling and greatly reduce response time.
Edge KV: This key-value edge storage service works with Edge Routine to help you quickly access data from the same POP, enabling lightweight BaaS services and API gateways.
Rules
Leverage a unified tool to create and deploy conditional rules across various features such as caching, redirection, compression, origin fetch, and WAF. This allows you to flexibly and precisely implement various strategies, leading to more efficient management and optimization.
Analytics and logs
ESA generates real-time and detailed analytics and logs when processing requests. You can use this information to optimize resource allocation, identify and fix service issues, create monitoring solutions, and assess network connection quality for performance testing. These features help you ensure stable and efficient website operations.
Traffic
ESA POPs monitor data flow in real time and adjust it intelligently. Use these features to optimize traffic distribution strategies and balance the load across multiple origins. You can significantly reduce latency while enhance the availability and stability of your services.