You can use Global Accelerator (GA) to accelerate access to HTTP websites over HTTPS. This improves the speed and security of client access to HTTP websites.
Sample scenario
The following scenario is used as an example. The headquarters of a company is located in the US (Silicon Valley) region and the headquarters deploys an HTTP website on a self-managed server in the US (Silicon Valley) region. The clients that want to access the website are located in the China (Hong Kong) region. The website may encounter the following challenges:
Data is transmitted in plaintext over HTTP and the requests that are destined for the website are not authenticated. Therefore, security risks may arise.
The cross-border network is unstable. Network issues, such as network latency, network jitter, and packet loss, may frequently occur.
In this case, the company can use GA and configure an HTTPS listener to accelerate access to the HTTP website deployed in the US (Silicon Valley) region for clients in the China (Hong Kong) region. In addition, data transmission is encrypted and secured over HTTPS when the clients send requests to the HTTP website.
Prerequisites
An SSL certificate is purchased and an application is submitted to apply for the SSL certificate. For more information, see Purchase an SSL certificate and Submit a certificate application.
An HTTP service that uses port 80 is deployed on a backend server.
An A record that maps the backend domain name to the public IP address of the backend server is created.
This topic provides an example of how to use Nginx to configure a backend HTTP service on port 80 and use Alibaba Cloud DNS to configure a DNS record. If you use a third-party DNS service, refer to the user guide provided by your service provider.
Procedure
This topic uses a pay-as-you-go standard Global Accelerator instance as an example to describe how to configure Global Accelerator to accelerate access to HTTP websites over HTTPS. Before you create a pay-as-you-go standard Global Accelerator instance, take note of the following information:
Pay-as-you-go GA instances use the Pay-by-data-transfer bandwidth billing method and do not need to be associated with a bandwidth plan. The fees for data transfer over the GA network are settled and billed by Cloud Data Transfer (CDT). For more information, see Data transfer fee.
The first time you use a pay-as-you-go GA instance, you must go to the Activate Service page to activate the pay-as-you-go Global Accelerator service.
Step 1: Configure basic information about an instance
Log on to the GA console.
On the Instances page, click Create Standard Pay-as-you-go Instance.
In the Basic Instance Configuration step, configure the parameters based on the following table and click Next.
Parameter
Description
GA Instance Name
Enter a name for the GA instance.
Instance Billing Method
Pay-As-You-Go is selected by default.
You are charged instance fees, Capacity Unit (CU) fees, and data transfer fees for pay-as-you-go standard Global Accelerator instances.
For more information about instance fees and CU fees, see Billing of pay-as-you-go GA instances.
For more information about data transfer fees, see Pay-by-data-transfer.
Resource Group
Select the resource group to which the standard Global Accelerator instance belongs.
The resource group must be created by the current Alibaba Cloud account in Resource Management. For more information, see Create a resource group.
Step 2: Configure an acceleration area
Specify acceleration regions and allocate bandwidth to each acceleration region.
In the Configure Acceleration Area step, configure the parameters based on the following table and click Next.
Parameter | Description |
Acceleration Area | Select one or more regions from the drop-down list and click Add. In this example, the China (Hong Kong) region in the Asia Pacific section is selected. |
Assign Bandwidth | |
Maximum Bandwidth | Specify the maximum bandwidth for the acceleration region. Each acceleration region supports a bandwidth range of 2 to 10,000 Mbit/s. The maximum bandwidth is used for bandwidth throttling. The data transfer fees are managed by CDT. In this example, the default value 200 Mbit/s is used. Important If you specify a small value for the maximum bandwidth, throttling may occur and packets may be dropped. Specify a maximum bandwidth based on your business requirements. |
IP Protocol | Select the IP version that is used to connect to Global Accelerator. In this example, the default value IPv4 is selected. |
ISP Line Type | Select an ISP line type for the Global Accelerator instance. BGP (Multi-ISP) is selected in this example. |
Step 3: Configure a listener
A listener listens for connection requests and distributes the requests to endpoints based on the port and the protocol that you specify. Each listener is associated with an endpoint group. You can associate an endpoint group with a listener by specifying the region to which you want to distribute network traffic. After you associate an endpoint group with a listener, network traffic is distributed to the optimal endpoint in the endpoint group.
In the Configure listeners step, configure the parameters and click Next.
The following table describes only the parameters that are relevant to this topic. Use the default values for other parameters. For more information, see Add and manage intelligent routing listeners.
Parameter | Description |
Routing Type | Select a routing type. In this example, Intelligent Routing is selected. |
Protocol | Select a protocol for the listener. In this example, HTTPS is selected. |
Port | Specify a port for the listener to receive and forward requests to endpoints. Valid values: 1 to 65499. In this example, 443 is entered. |
Server Certificate | Select the server certificate that you obtained. |
Step 4: Configure an endpoint group and endpoints
In the Configure an endpoint group step, configure the parameters and click Next.
This topic describes only the key parameters. For more information, see Add and manage endpoint groups of intelligent routing listeners.
Parameter
Description
Region
Select the region where the endpoint group is deployed.
In this example, US (Silicon Valley) is selected.
Endpoint Configuration
Endpoints are destinations of client requests. To add an endpoint, specify the following parameters:
Backend Service Type: In this example, Custom IP is selected.
Backend Service: Enter the IP address of the backend service that you want to accelerate.
Weight: Enter a weight for the endpoint. Valid values: 0 to 255. Global Accelerator routes network traffic to endpoints based on the weights of the endpoints. In this example, the default value 255 is used.
WarningIf you set the weight of an endpoint to 0, Global Accelerator stops distributing network traffic to the endpoint. Proceed with caution.
Backend Service Protocol
Select the protocol that is used by backend servers.
In this example, HTTP is selected.
Port Mapping
If the listener port and the port that is used by the endpoint to provide services are different, you must configure this parameter.
Listener Port: Enter the port of the current listener. The value is set to 443 in this example.
Endpoint Port: Enter the port that the endpoint uses to provide services. In this example, 80 is used.
On the Configuration Review wizard page, confirm the information and click Submit.
NoteIt takes 3 to 5 minutes to create a GA instance.
(Optional) After you create a GA instance, you can click Go To Instance Details at the bottom of the task details list. On the instance details page, you can click tabs, such as Instance Information, Listeners, and Acceleration Areas, to view more details.
Step 5: Configure a CNAME record
You must create a DNS record to map the domain name that you want to access to the CNAME of the Global Accelerator instance. This way, requests can be forwarded to Global Accelerator.
On the Domain Name Resolution page, find the target custom domain name and click DNS Settings in the Actions column.
NoteFor domain names that are not registered with Alibaba Cloud, you need to add the domain name to the Cloud DNS console before you can configure domain name resolution.
On the DNS Settings page, find the existing A record and click Modify in the Actions column.
In the Modify DNS Record panel, set Record Type to CNAME, set Record Value to the CNAME assigned to the Global Accelerator instance, and then click OK.
You can view the CNAME assigned to the Global Accelerator instance on the Instances page.
If you want to return resolution results based on the region to which a client belongs, make sure that Alibaba Cloud DNS is upgraded to Enterprise Standard Edition or Enterprise Ultimate Edition. For more information, see Renewal and upgrade.
After the upgrade is complete, you can change the default ISP line of the existing A record to the ISP line of a specific region and add a CNAME record that maps the website domain name to the CNAME assigned to the Global Accelerator instance.
Step 6: Test network connectivity
Perform the following steps to verify the connectivity to the HTTP website that is deployed in the US (Silicon Valley) region over HTTPS. In addition, check whether content delivery is accelerated.
The Alibaba Cloud Linux 3.2104 LTS 64-bit operating system is used in this example. The command that is used to test the connectivity varies based on the operating system that you use. For more information, see the user guide of your operating system.
Check whether the CNAME record takes effect.
Open the CLI on an on-premises machine in the China (Hong Kong) region.
Run the following command to ping the domain name:
ping <Website domain name>If the CNAME in the output is the same as the CNAME allocated by Global Accelerator, the CNAME record takes effect.
Run the following command to check whether the client can access the HTTP website deployed in US (Silicon Valley) over HTTPS:
curl https://<Website domain name>Figure 1. Results
For information about how to test acceleration performance, see Use network detection tools to verify acceleration performance.