This topic describes the typical scenarios of custom domain names, how to bind a custom domain name to a web application, and how to enable the Alibaba Cloud CDN (CDN) acceleration feature for the bound custom domain name in the Function Compute console.
Typical scenarios
- You have created a web application and migrated the web application to Function Compute, and want users to access the web application by using a fixed domain name. In this scenario, you can bind a custom domain name to the web application in the Function Compute console to allow users to use the domain name to access the web application.
- You have created a web application in the Function Compute console. The web application can be accessed by using the default URL
<account_id>.<region_id>.fc.aliyuncs.com/<version>/proxy/<serviceName>/<functionName>/[action?queries]
provided by Function Compute. You may need to change the URL of the web application. To make sure that access to the web application is not affected, you can bind a custom domain name to the web application. This way, users can use the domain name to access the web application.
Prerequisites
An HTTP function is created. For more information, see Create an HTTP function. Requests that are sent from a custom domain name can trigger only HTTP functions.
Procedure

Step 1: Apply for an ICP filing for a custom domain name
Apply for an Internet Content Provider (ICP) filing for your custom domain name in the Alibaba Cloud ICP filing system. For more information, see ICP filing application overview.
Step 2: Configure domain name resolution
Configure domain name resolution to resolve the custom domain name to the endpoint of the region where Function Compute resides. For more information, see Quick Start. You can resolve the domain name to a public or internal endpoint. If you resolve the domain name to a public endpoint, the domain name is accessed over the Internet. If you resolve the domain name to an internal endpoint, the domain name is accessed over the internal network.
- Internal endpoint:
<account_id>.<region_id>-internal.fc.aliyuncs.com
, in whichaccount_id
specifies the ID of your Alibaba Cloud account. For example, if your custom domain name is example.com, the ID of your Alibaba Cloud account is 164901546557****, and the region is China (Shanghai), the internal endpoint is164901546557****.cn-shanghai-internal.fc.aliyuncs.com
. - Public endpoint:
<account_id>.<region_id>.fc.aliyuncs.com
, in whichaccount_id
specifies the ID of your Alibaba Cloud account. For example, if your custom domain name is example.com, the ID of your Alibaba Cloud account is 164901546557****, and the region is China (Shanghai), the public endpoint is164901546557****.cn-shanghai.fc.aliyuncs.com
.
Step 3: Add the custom domain name
(Optional) Step 4: Enable CDN acceleration
After you bind a custom domain name to a web application, you can use the custom domain name as the origin domain name, add an accelerated domain name, and then configure a CNAME for the accelerated domain name. This way, CDN acceleration is enabled for the custom domain name. An application that is deployed in Function Compute is used as the origin, and origin content is published to edge nodes so that users can read the required content with high efficiency. CDN acceleration effectively reduces access latency and improves service quality. For more information about CDN, see CDN documentation.
Method 1: Add an accelerated domain name in the Function Compute console
Method 2: Add an accelerated domain name in the CDN console
For more information about how to enable CDN acceleration in the CDN console, see Add a domain name.
When you add an accelerated domain name, select Function Compute Domain as Origin Info. Then, select the region where your Function Compute service resides and the custom domain name that you added in the Function Compute console.
After you add the accelerated domain name, you can verify whether CDN acceleration is enabled for your custom domain name in the Function Compute console and the specified accelerated domain name added in the CDN console is bound to your custom domain name. To verify the results, perform the following operations:
Accelerated domain name.w.alikunlun.com
. Example: example.aliyundoc.com.w.alikunlun.com
.
Test the configurations
After you add the custom domain name or the CDN-accelerated domain name, you can use one of the following methods to check whether the custom domain name or the CDN-accelerated domain name can be accessed.
- Method 1: Run the
curl URL
command, such ascurl example.com/login
. - Method 2: Use a browser.
Enter the request URL in the address bar of a browser and press the Enter key to check whether the specified function is invoked.
Mapping between TLS versions and cipher suites
The following table describes the mapping between the TLS versions and its supported cipher suites. The Default configurations column in the table lists the cipher suites that are supported by Function Compute.
Cipher suite | TLS 1.0 | TLS 1.1 | TLS 1.2 | TLS 1.3 | Default configurations |
---|---|---|---|---|---|
TLS_RSA_WITH_3DES_EDE_CBC_SHA | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_RSA_WITH_AES_128_CBC_SHA | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_RSA_WITH_AES_256_CBC_SHA | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_RSA_WITH_AES_128_GCM_SHA256 | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_RSA_WITH_AES_256_GCM_SHA384 | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_RSA_WITH_RC4_128_SHA | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_RSA_WITH_AES_128_CBC_SHA256 | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_ECDHE_RSA_WITH_RC4_128_SHA | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_AES_128_GCM_SHA256 | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_AES_256_GCM_SHA384 | ![]() |
![]() |
![]() |
![]() |
![]() |
TLS_CHACHA20_POLY1305_SHA256 | ![]() |
![]() |
![]() |
![]() |
![]() |


Mapping between RFC and OpenSSL cipher suites
RFC | OpenSSL |
---|---|
TLS_RSA_WITH_3DES_EDE_CBC_SHA | DES-CBC3-SHA |
TLS_RSA_WITH_AES_128_CBC_SHA | AES128-SHA |
TLS_RSA_WITH_AES_256_CBC_SHA | AES256-SHA |
TLS_RSA_WITH_AES_128_GCM_SHA256 | AES128-GCM-SHA256 |
TLS_RSA_WITH_AES_256_GCM_SHA384 | AES256-GCM-SHA384 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | ECDHE-ECDSA-AES128-SHA |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | ECDHE-ECDSA-AES256-SHA |
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | ECDHE-RSA-DES-CBC3-SHA |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | ECDHE-RSA-AES128-SHA |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ECDHE-RSA-AES256-SHA |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ECDHE-RSA-AES128-GCM-SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | ECDHE-ECDSA-AES128-GCM-SHA256 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ECDHE-RSA-AES256-GCM-SHA384 |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | ECDHE-ECDSA-AES256-GCM-SHA384 |
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 | N/A |
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 | N/A |
TLS_RSA_WITH_RC4_128_SHA | RC4-SHA |
TLS_RSA_WITH_AES_128_CBC_SHA256 | AES128-SHA256 |
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | ECDHE-ECDSA-RC4-SHA |
TLS_ECDHE_RSA_WITH_RC4_128_SHA | ECDHE-RSA-RC4-SHA |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | ECDHE-ECDSA-AES128-SHA256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | ECDHE-RSA-AES128-SHA256 |
TLS_AES_128_GCM_SHA256 | TLS_AES_128_GCM_SHA256 |
TLS_AES_256_GCM_SHA384 | TLS_AES_256_GCM_SHA384 |
TLS_CHACHA20_POLY1305_SHA256 | TLS_CHACHA20_POLY1305_SHA256 |
Routing rules
- Exact match: A function is triggered only if the path of the request is exactly the
same as the specified path.
For example, you have created a route whose path is /a, the corresponding service is s1, the corresponding function is f1, and the corresponding version is 1. Only requests from the /a path can trigger the f1 function of version 1. Requests from the /a/ path cannot trigger the f1 function of version 1.
- Fuzzy match: You can append an asterisk (*) as a wildcard to a path.
For example, you have created a route whose path is /login/*, the corresponding service is s2, the corresponding function is f2, and the corresponding version is 1. Requests from paths that begin with /login/, such as /login/a and /login/b/c/d, can trigger the f2 function of version 1.
- If multiple routes are configured for one custom domain name, exact match takes precedence over fuzzy match.
- The longest prefix match (LPM) rule applies when fuzzy matches are performed.
For example, the /login/a/* path and the /login/* path are configured for the custom domain name
example.com
, and the request URL is example.com/login/a/b. The request URL matches the configured paths. However, the /login/a/* path is used based on the LPM rule.
Examples
example.com
. The following table describes five routing rules that are configured based on the
steps described in this topic.
Routing rule | Path | Service name | Function name | Version |
---|---|---|---|---|
Routing rule 1 | / | s1 | f1 | 1 |
Routing rule 2 | /* | s2 | f2 | 2 |
Routing rule 3 | /login | s3 | f3 | 3 |
Routing rule 4 | /login/a | s4 | f4 | 4 |
Routing rule 5 | /login/* | s5 | f5 | 5 |
Request URL | Matched service name | Matched function name | Matched version | Matched path |
---|---|---|---|---|
example.com | s1 | f1 | 1 | / |
example.com/user | s2 | f2 | 2 | /* |
example.com/login | s3 | f3 | 3 | /login |
example.com/login/a | s4 | f4 | 4 | /login/a |
example.com/login/a/b | s5 | f5 | 5 | /login/* |
example.com/login/b | s5 | f5 | 5 | /login/* |
Troubleshooting
If an error occurs when you bind a custom domain name, the server returns an error message. The following table describes common error codes to help you quickly identify and resolve issues with high efficiency.
Error code | HTTP status code | Error message | Cause |
---|---|---|---|
DomainNameAlreadyExists | 409 | domain name '%s' already exists | The error message returned because the domain name that you want to bind already exists. |
DomainNameNotFound | 404 | domain name '%s' does not exist | The error message returned because the domain name that you want to query does not exist. |
InvalidICPLicense | 400 | domain name '%s' has not got ICP license, or the ICP license does not belong to Aliyun | The error message returned because the domain name has not obtained an ICP filing or its ICP filing information does not include Alibaba Cloud as a service provider. |
DomainNameNotResolved | 400 | domain name '%s' has not been resolved to your FC endpoint, the expected endpoint is '%s' | The error message returned because no CNAME has been configured for the domain name to point to the specified endpoint. You can check the CNAME settings by running the dig command or logging on to the Domain Name System (DNS) server. |
DomainRouteNotFound | 404 | no route found in domain '%s' for path '%s' | The error message returned because no to-be-triggered function is configured for the specified path. |
TriggerNotFound | 404 | trigger 'http' does not exist in service '%s' and function '%s' | The error message returned because no HTTP trigger is configured for the function bound to the custom domain name. |
If your problem persists, contact Function Compute technical support.