All Products
Search
Document Center

Global Accelerator:Accelerate multiple HTTPS domains with a GA instance

Last Updated:Apr 02, 2026

Use a single Global Accelerator (GA) instance to accelerate multiple HTTPS domains by binding multiple certificates to one listener and routing requests per domain with forwarding rules.

Use cases

A company headquartered in US (Silicon Valley) runs two web services on Alibaba Cloud, each accessible through a different domain name. Clients are primarily in the China (Hong Kong) region. The company faces two problems:

  • Unstable internet connections cause high latency, jitter, and packet loss.

  • Accelerating each domain separately drives up costs.

image

To solve both problems, the company uses GA with an HTTPS listener that supports:

  • Multiple certificates — bind multiple certificates to one listener, each associated with a different domain name.

  • Domain-based forwarding rules — route requests for each domain to the corresponding backend server.

  • Data encryption — all client requests are encrypted end-to-end.

The following table shows the configuration for this example.

Parameter Domain name 1 (_xxx_test.cloud) Domain name 2 (_xxx_test.fun)
Listener protocol HTTPS
Listener port 443
Certificate Default certificate A Additional certificate B
Forwarding rule Default forwarding rule Custom forwarding rule
Endpoint group Default endpoint group Virtual endpoint group
Server Server 1 Server 2
Server service agreement HTTP HTTPS
Server service port 80 443
Server public IP address 47.XX.XX.62 47.XX.XX.34
Certificates configured in GA encrypt data on the client-to-GA path. Certificates on backend servers encrypt data on the GA-to-backend-server path. The two sets of certificates can be identical.

Prerequisites

Before you begin, ensure that you have:

This example uses Nginx to configure the backend HTTP and HTTPS services, and Alibaba Cloud DNS to configure DNS records. If you use a third-party DNS service, refer to that provider's documentation.

Procedure

image
This topic uses a standard pay-as-you-go GA instance. Pay-as-you-go instances use the Pay-by-data-transfer billing method and do not require a bandwidth plan. Data transfer fees are settled by Cloud Data Transfer (CDT). For details, see Data transfer fee. If this is your first time using a pay-as-you-go GA instance, activate the service first.

Step 1: Configure basic instance information

  1. Log on to the GA console.

  2. On the Instances page, click Create Standard Pay-as-you-go Instance.

  3. In the Basic Instance Configuration step, set the following parameters and click Next.

    Parameter Description
    GA Instance Name Enter a name for the GA instance.
    Instance Billing Method Pay-As-You-Go is selected by default. You are charged instance fees, Capacity Unit (CU) fees, and data transfer fees. For details, see Billing of pay-as-you-go GA instances and Pay-by-data-transfer.
    Resource Group Select the resource group for this instance. The resource group must belong to the current Alibaba Cloud account. For details, see Create a resource group.

Step 2: Configure an acceleration area

Specify acceleration regions and allocate bandwidth to each region.

In the Configure Acceleration Area step, set the following parameters and click Next.

Parameter Description
Acceleration Area Select one or more regions and click Add. In this example, select China (Hong Kong) in the Asia Pacific section.
Maximum Bandwidth Specify the maximum bandwidth for the acceleration region. Valid values: 2–10,000 Mbit/s. This value is used for bandwidth throttling; data transfer fees are managed by CDT. In this example, the default value 200 Mbit/s is used.
Important

Setting too low a value may cause throttling and packet drops. Set this based on your actual traffic volume.

IP Protocol Select the IP version for connecting to GA. In this example, the default value IPv4 is selected.
ISP Line Type Select an ISP line type. BGP (Multi-ISP) is selected in this example.

Step 3: Configure a listener

A listener receives connection requests and distributes them to endpoints based on the port and protocol. Each listener is associated with an endpoint group that determines where traffic is sent.

In the Configure listeners step, set the following parameters and click Next.

Parameter Description
Listener Name Enter a name for the listener.
Routing Type Select a routing type. In this example, Intelligent Routing is selected.
Protocol Select HTTPS.
Port Enter 443. Valid values: 1–65499.
Server Certificate Select the server certificate that you obtained. In this example, Certificate A is selected.
TLS Security Policies Select the TLS security policy required by your service. A TLS security policy specifies the supported TLS protocol versions and cipher suites. For details, see TLS security policies. In this example, the default policy tls_cipher_policy_1_0 is used.
Client Affinity Specify whether to enable client affinity. When enabled, all requests from the same client are directed to the same endpoint. In this example, Source IP Address is selected.
Custom HTTP Headers Select the HTTP header fields to add. In this example, the default configurations are used. The available header fields are: GA-ID (GA instance ID), GA-AP (acceleration region), GA-X-Forwarded-Proto (listener protocol), GA-X-Forwarded-Port (listener port), and X-Real-IP (client IP address).

Step 4: Configure endpoint groups and endpoints

  1. In the Configure an endpoint group step, set the following parameters and click Next. For a full parameter reference, see Add and manage endpoint groups of smart routing listeners.

    Parameter Description
    Region Select the region where the endpoint group is deployed. In this example, US (Silicon Valley) is selected.
    Endpoint Configuration Configure endpoints as the destinations for client requests: Backend Service Type: Select Alibaba Cloud Public IP Address. Backend Service: Enter the public IP address of Server 1: 47.XX.XX.62. Weight: Enter a weight for the endpoint. Valid values: 0–255. GA distributes traffic proportionally to the weights. In this example, keep the default value 255.
    Warning

    Setting an endpoint weight to 0 stops all traffic to that endpoint.

    Preserve Client IP Client IP address preservation is enabled by default for HTTPS listeners. Backend servers can retrieve client IP addresses directly. For HTTP listeners, use the X-Forwarded-For header. For details, see Preserve client IP addresses.
    Backend Service Protocol Select the protocol used by the backend server. The default is HTTP.
    Port Mapping Configure port mapping when the listener port differs from the endpoint's service port. Listener Port: 443. Endpoint Port: 80.
    Traffic Distribution Ratio Specify the traffic ratio for this endpoint group. Valid values: 0–100. In this example, the default value 100% is used.
    Health Check Specify whether to enable health checks. In this example, health checks remain disabled.
  2. On the Configuration Review page, confirm the configuration and click Submit.

    It takes 3 to 5 minutes to create a GA instance.
  3. (Optional) After the instance is created, click Enter Instance Details. On the instance details page, select the Instance Information, Listeners, and Acceleration Areas tabs to review the configuration.

  4. Add a virtual endpoint group for Server 2.

    1. On the instance details page, click the Listeners tab.

    2. Find the listener and click the endpoint group ID in the Default Endpoint Group column.

    3. On the Endpoint Group tab, click Add Virtual Endpoint Group in the Virtual Endpoint Group section.

    4. On the Add Endpoint Group page, configure the following parameters and click Create. The virtual endpoint group uses the same settings as the default endpoint group, except for:

      • Backend Service Type: Alibaba Cloud Public IP Address

      • Backend Service: 47.XX.XX.34 (Server 2)

      • Backend Service Protocol: HTTPS

      • Port Mapping: No port mapping needed. When the listener port and the endpoint port are the same (both 443), GA forwards requests on the same port automatically.

Step 5: Associate an additional certificate

Bind Certificate B to the HTTPS listener to associate domain name 2 (_xxx_test.fun) with it. Combined with a forwarding rule, this lets GA route requests for different domains to different endpoint groups.

  1. On the Listeners tab, find the HTTPS listener and click its listener ID.

  2. On the listener details page, click the Certificates tab.

  3. In the Additional Certificate section, click Associate Certificate.

  4. In the Associate Certificate dialog box, set the following parameters and click OK.

    • Certificate: Select Certificate B.

    • Associated Domain Name: Select _xxx_test.fun.

Step 6: Add a forwarding rule

When the listener receives a request, it checks custom forwarding rules first. If a rule matches, GA sends the request to the corresponding endpoint group. If no rule matches, GA sends it to the default endpoint group.

Create a forwarding rule that routes all requests for _xxx_test.fun to the virtual endpoint group (Server 2).

  1. On the Listeners tab, find the HTTPS listener and click its listener ID.

  2. On the listener details page, click the Forwarding Rule tab.

  3. Click Add Forwarding Rule.

  4. In the Add Forwarding Rule area, set the following parameters and click OK.

    Parameter Description
    Name Enter a name for the forwarding rule.
    If (Matching All Conditions) Select Domain Names and enter _xxx_test.fun.
    Then Select Forward and select the virtual endpoint group created in Step 4.

Step 7: Configure CNAME records

Map both domain names to the GA instance's CNAME so that access requests are forwarded through GA for acceleration.

  1. Go to the Public Zone page and find _xxx_test.cloud. Click Settings in the Actions column.

    For domain names not registered with Alibaba Cloud, add the domain name to the Cloud DNS console before configuring DNS records.
  2. Find the existing A record and click Edit in the Actions column.

  3. In the Edit Record panel, set Record Type to CNAME, set Record Value to the CNAME assigned to the GA instance, and click OK. The CNAME appears on the Instances page.

  4. Repeat the preceding steps to update the A record for _xxx_test.fun.

To return resolution results based on the client's region, upgrade Alibaba Cloud DNS to Enterprise Ultimate Edition. For details, see Renewal and upgrade. After upgrading, change the default DNS line of each A record to a specific regional line and add a CNAME record pointing to the GA instance's CNAME address.

Step 8: Test the connectivity

Use both domain names to verify the configuration and acceleration.

The following commands use Alibaba Cloud Linux 3. Commands may vary by operating system. The acceleration results depend on your actual network conditions.

Test the network connectivity

  1. Open a terminal on a machine in the China (Hong Kong) region.

  2. Run the following command for each domain name to verify that the CNAME record has taken effect.

    ping <Website domain name>

    If the CNAME in the output matches the CNAME assigned by GA, the record is active.

    CNAME生效验证.png

  3. Run the following command for each domain name to confirm that the website is accessible and the certificate is returned correctly.

    curl -v https://<The domain name> --resolve <The domain name>:<The listener port>:<The accelerated IP address>

    This example shows the result for _xxx_test.cloud. If the response includes server certificate information and an HTTPS response, the domain is accessible.

    测试ECS01连通及证书是否正常.png

Test acceleration

To measure the acceleration performance, see Test the acceleration performance of GA.