Use one GA instance to accelerate multiple domain names over HTTPS - Best Practices| Alibaba Cloud Documentation Center

Scenarios

The following scenario is used as an example. An enterprise deployed two servers in the China (Beijing) region for its headquarters, and a web application is deployed on both servers. The web application provides Internet-facing services through two different domain names. Most employees of the enterprise need to access the web application from the China (Hangzhou) region. They face the following challenges:

The network connections that are established over the Internet are unstable. Network issues, such as network latency, network jitter, and packet loss, may frequently occur.
If you use multiple servers to provide Internet-facing services through different domain names, you may want to accelerate each domain name by using services such as Dynamic Route for Content Delivery Network (DCDN) or Content Delivery Network (CDN). This increases the total cost.

To resolve these issues, you can deploy the GA service and configure HTTPS listeners. HTTPS listeners support domain name-based forwarding rules. HTTPS listeners can forward requests that are destined for different domain names to the corresponding backend servers. To ensure the security of data transmission, HTTPS listeners also encrypt the data that is carried in the received requests. This allows you to use only one GA instance to accelerate multiple domain names over HTTPS.

The following table describes information about the web servers of the enterprise and the forwarding rules that the HTTPS listeners use after the enterprise uses the GA service to accelerate its web application.


Domain name	Listener protocol	Listener port	Forwarding rule	Endpoint group	Server	Service protocol	Service port	Server public IP
example.com	HTTPS	443	Default forwarding rule	Default endpoint group	Server 1	HTTP	80	192.0.XX.XX
example.net	HTTPS	443	Custom forwarding rule	Virtual endpoint group	Server 2	HTTPS	443	198.0.XX.XX

Procedure

Step 1: Purchase a GA service bundle

You can enter the information about the web service in the GA console. After you enter the information, the system generates a list of recommended services. The list includes a GA instance and a basic bandwidth plan.

Log on to the Global Accelerator console.
In the upper-right corner of the Instances page, click Purchase Guide.

Note If this is the first time that you use the GA service, skip this step.

In the Enter the required information to generate a list of recommended services section, enter the required information and click Generate Service List.


Parameter	Description
Acceleration Area	Select the region that requires acceleration. In this example, China (Hangzhou) is selected.
Service Region	Select the region where the backend servers are deployed. In the example, China (Beijing) is selected.
ICP Filing	Specify whether you have applied for an ICP number for the domain name of the web service. In this example, Yes is selected.
Server Area	Specify whether the backend service is deployed on Alibaba Cloud. In this example, On Alibaba Cloud is selected.
Peak Bandwidth Range	Enter the bandwidth required during peak hours. Unit: Mbit/s. In this example, `2` is entered.
Maximum Concurrent Connections	The maximum number of concurrent connections that a GA instance supports. When the number of existing concurrent connections reaches the upper limit, new connection requests are dropped. In this example, 5 Thousand is selected.

In the Recommended Service List section, click Generate Service List after you confirm the information.

Note The instance configurations in Recommended Service List provide the most cost-effective plan to run your services. You can also change the instance configurations on the buy page.

On the buy page, set the following parameters and click Buy Now to complete the payment.


Parameter	Description
Term	Select the subscription duration.
Specification	Select a specification for the GA instance. In this example, Small I (Specification Unit) is selected.
Bandwidth Type	Select a bandwidth type for the basic bandwidth plan. In this example, Basic is selected.
Peak Bandwidth	Select the bandwidth limit of the basic bandwidth plan. In this example, 2 Mbit/s is selected.

Step 2: Add an acceleration area

After you purchase a GA instance, you can add an acceleration area, specify the region where users are located, and then allocate bandwidth resources to the region.

On the Instances page, find the GA instance that you purchased and click the instance ID.
On the instance details page, click the Acceleration Areas tab. On the China East tab, click Add Region.

In the Add Acceleration Area dialog box, set the following parameters and click OK:


Parameter	Description
Region	Select the region where the users that require the acceleration service are located. In this example, China (Hangzhou) is selected.
Bandwidth	Allocate bandwidth to the region. In this example, `2` Mbit/s of bandwidth is allocated.
Internet Protocol	Select the Internet protocol that is used by the users to connect to GA. In this example, IPv4 is selected.

After you add the region, the system assigns an accelerated IP address to the region that is added to the GA instance. This accelerated IP address is used to accelerate data transfer from users in the specified region to the specified backend servers through GA.

Step 3: Add a listener and an endpoint group

A listener checks for connection requests and then distributes the requests to backend servers based on the specified protocol and ports. Each listener is associated with an endpoint group. You can associate an endpoint group with a listener by specifying the region to which you want to distribute network traffic. After you associate an endpoint group with a listener, traffic is distributed to the optimal endpoint in the associated endpoint group.

For more information about how to configure default endpoint groups and virtual endpoint groups, see Endpoint groups.

On the instance details page, click the Listeners tab and then click Add Listener.

On the Configure Listener & Protocol wizard page, specify the following listener information and click Next.


Parameter	Description
Listener Name	Enter a name for the listener. The name must be 2 to 128 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter.
Protocol	Select the protocol of the listener. HTTPS is selected in this example.
Port Number	Specify a port for the listener. The port is used to receive and forward requests to endpoints. Valid values: 1 to 65499. The value is set to `443` in this example.
Client Affinity	Specify whether to enable client affinity. If client affinity is enabled, requests from the same client are forwarded to the same endpoint when the client connects to a stateful application. In this example, Source IP Address is selected.

In the Server Certificate section of the Configure SSL Certificate wizard page, select the SSL certificate for which you applied from the drop-down list and click Next.
After you configure an SSL certificate, GA uses HTTPS to encrypt client requests and service data. This ensures the security of data transmission.

Note The SSL certificate is used to encrypt data that is transmitted from clients to GA. You can use the certificate that is installed on the backend servers to encrypt data that is transmitted from GA to the backend servers. The certificate that is used by the listener can be the same as the one that is installed on the backend servers.

On the Configure Endpoint Group wizard page, set the following parameters for the default endpoint group and click Next.


Parameter	Description
Endpoint Group Name	Enter a name for the endpoint group. The name must be 2 to 128 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter.
Region	Select the region where you want to create the endpoint group. The backend servers that the clients want to access must be deployed in the specified region. In the example, China (Beijing) is selected.
Backend Service	Specify whether the backend service is deployed on Alibaba Cloud. In this example, Alibaba Cloud is selected.
Preserve Client IP	By default, client IP address preservation is enabled for HTTPS listeners. HTTPS listeners can retrieve client IP addresses from the `x-forwarded-for` HTTP header field. For more information, see Preserve client IP addresses.
Endpoint	Endpoints are backend servers that receive and handle client requests. To add an endpoint, specify the following parameters: Backend Service Type: Select Alibaba Cloud Public IP Address. Backend Service: Enter the IP address of the backend service that you want to accelerate. In this example, `192.0.XX.XX` is entered, which is the public IP address of Server 1. Weight: Enter a weight for the endpoint. Valid values: 0 to 255. GA distributes network traffic to endpoints based on their weights. Notice If the weight of an endpoint is set to 0, GA stops distributing network traffic to the endpoint. Proceed with caution.
Backend Service Protocol	Select the protocol that the backend server uses. Valid values: HTTP: This is the default value. HTTPS In this example, HTTP is selected.
Port Mapping	If the listener port and the port that the endpoint uses to provide services are not the same, you must add a mapping between the ports. Listener Port: Enter the listener port. In this example, the value is set to `443`. Endpoint Port: Enter the port that the endpoint uses to provide services. In this example, `80` is used.

On the Confirm wizard page, confirm the configurations of the listener and endpoint, and then click Submit.
Configure a virtual endpoint group.
1. On the Listeners tab, find the listener that you want to manage and click the endpoint group ID in the Default Endpoint Group column.
2. On the Endpoint Group tab, click Add Virtual Endpoint Group.
3. In the Add Virtual Endpoint Group dialog box, set the following parameters and click Create.
  The configurations of the virtual endpoint group are the same as those of the default endpoint group that you created in Step4 except for the following parameters:
  - Backend Service: Enter 198.0.XX.XX, which is the public IP address of Server 2.
  - Backend Service Protocol: Select HTTPS.
  - Port Mapping: You do not need to add a port mapping.
    If the listener port and the port that the endpoint uses to provide services are the same, you do not need to add the port mapping. GA automatically distributes client requests to the listener port of the endpoint.

Step 4: Create a forwarding rule

When an HTTPS listener receives requests, the HTTPS listener forwards the requests that meet the conditions in forwarding rules to the optimal endpoints in the associated endpoint groups. If the requests do not match a custom forwarding rule, the HTTPS listener forwards the requests to the default endpoint group in the default forwarding rule.

To create a custom forwarding rule for the virtual endpoint group that is associated with Server 2, perform the following steps:

On the listener details page, click Forwarding Rule.

Click Add Forwarding Rule, configure the following parameters, and then click OK.


Parameter	Description
Name	Enter a name for the forwarding rule. The name must be 2 to 128 characters in length, and can contain letters, digits, periods (.), underscores (_), and hyphens (-). The name must start with a letter.
If (Matching All Conditions)	Configure the forwarding condition. Domain Name Path In this example, select Domain Name and enter `example.net`, which is the domain name to which you want to forward requests. The domain name must be 3 to 128 characters in length and can contain letters, digits, hyphens (-), and periods (.). Supported wildcard characters are asterisks (*) and question marks (?).
Forward to Virtual Endpoint Group	Select the virtual endpoint group to which a matched request is forwarded. In this example, the virtual endpoint group created in Step 3: Add a listener and an endpoint group is selected.

Step 5: Add a CNAME record

To forward requests from clients to GA, you must modify the DNS record to map the domain names that you want to accelerate to the canonical name (CNAME) of the GA instance. The following example shows how to modify the DNS record in the Alibaba Cloud DNS console.

Note If you use the DNS resolution service that is provided by a third-party service provider, log on to the platform of the service provider and modify the DNS record for your web application.

Log on to the Alibaba Cloud DNS console.
On the Manage DNS page, find the domain name and click Configure in the Actions column to go to the DNS Settings page.
On the DNS Settings page, find the DNS record that you want to modify and click Edit in the Actions column.

In the Edit Record panel, configure the following parameters and click Confirm.


Parameter	Description
Type	The CNAME record is used to map the domain name to the CNAME allocated by GA. In this example, CNAME is selected.
Host	Enter the prefix of the domain name that you want to accelerate. If the domain name is `www.aliyun.com`, set the prefix to `www`. If the domain name is `aliyun.com`, set the prefix to `@`. If the domain name is `.aliyun.com`, set the prefix to ``. If the domain name is `mail.aliyun.com`, set the prefix to `mail`.
ISP Line	Select Default from the drop-down list.
Value	Enter the CNAME that is allocated by GA. You can find the CNAME on the Instances page.
TTL	The time-to-live (TTL) period of the DNS record on the DNS server. In this example, 10 minute(s) is selected.

Step 6: Verify the acceleration performance

Use both domain names to verify the connectivity to the web application that is deployed in the China (Beijing) region. In addition, check whether content delivery is accelerated.

Note

The Linux operating system is used in this example. The command that is used to verify the connectivity varies based on the operating system that you use. For more information, see the user guide of your operating system.
The result varies based on the actual workloads.

Open the CLI on an on-premises machine. In this example, the machine is located in the China (Hangzhou) region.
Use example.com to access the web application and check whether content delivery is accelerated.
1. To verify the connectivity to the web application, run the following command:
```
curl https://<The domain name of the web application>
```
  If the following message is returned, you are connected to the web application. Example:
```
[root@<hostname~># curl https://example.com
Hello World! This is server1.
```
2. To verify data transmission, run the following command:
```
curl -o /dev/null -s -w "time_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n" "https://<The domain name of the web application>"
```
  In the command:
  - time_connect: the period of time that it takes to establish a TCP connection. Unit: seconds.
  - time_starttransfer: the start time of data transfer. The start time refers to the amount of time from when the client sends a request to the backend server to when the first byte is sent to the client. Unit: seconds.
  - time_total: the total connection time. The total connection time refers to the amount of time from when the client sends a request to when the client receives the last byte from the backend server. Unit: seconds.
  You can check the acceleration performance of GA based on the preceding metrics. Example:
  - Data transmission before GA is used
    [root@<hostname~># curl -o /dev/null -s -w "time_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n" "https://example.com" time_connect:0.033 time_starttransfer:0.260 time_total:0.260
  - Data transmission after GA is used
    [root@<hostname~># curl -o /dev/null -s -w "time_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n" "https://example.com" time_connect:0.030 time_starttransfer:0.059 time_total:0.059
Use example.net to access the web application and check whether content delivery is accelerated.
1. To verify the connectivity to the web application, run the following command:
```
curl https://<The domain name of the web application>
```
  If the following message is returned, you are connected to the web application. Example:
```
[root@<hostname~># curl https://example.net
Hello World! This is server2.
```
2. To verify data transmission, run the following command:
```
curl -o /dev/null -s -w "time_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n" "https://<The domain name of the web application>"
```
  In the command:
  - time_connect: the period of time that it takes to establish a TCP connection. Unit: seconds.
  - time_starttransfer: the start time of data transfer. The start time refers to the amount of time from when the client sends a request to the backend server to when the first byte is sent to the client. Unit: seconds.
  - time_total: the total connection time. The total connection time refers to the amount of time from when the client sends a request to when the client receives the last byte from the backend server. Unit: seconds.
  You can check the acceleration performance of GA based on the preceding metrics. Example:
  - Data transmission before GA is used
```
[root@<hostname~># curl -o /dev/null -s -w "time_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n" "https://example.net"
time_connect:0.006
time_starttransfer:0.162
time_total:0.162
```
  - Data transmission after GA is used
```
[root@<hostname~># curl -o /dev/null -s -w "time_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n" "https://example.net"
time_connect:0.030
time_starttransfer:0.060
time_total:0.060
```