This topic describes how to use one Global Accelerator (GA) instance to accelerate multiple domain names over HTTPS.

Prerequisites

  • An Internet Content Provider (ICP) number is obtained. All websites must obtain an ICP number before they are permitted to provide services to users in the Chinese mainland. For more information, see What is an ICP filing?.
  • An SSL certificate is purchased and an application is submitted to apply for the SSL certificate. For more information, see Purchase a certificate and Apply for a certificate.

Scenarios

The following scenario is used as an example. An enterprise deployed two servers in the China (Beijing) region for its headquarters, and a web application is deployed on both servers. The web application provides Internet-facing services through two different domain names. Most employees of the enterprise need to access the web application from the China (Hangzhou) region. They face the following challenges:
  • The network connections that are established over the Internet are unstable. Network issues, such as network latency, network jitter, and packet loss, may frequently occur.
  • If you use multiple servers to provide Internet-facing services through different domain names, you may want to accelerate each domain name by using services such as Dynamic Route for Content Delivery Network (DCDN) or Content Delivery Network (CDN). This increases the total cost.
Architecture

To resolve these issues, you can deploy the GA service and configure HTTPS listeners. HTTPS listeners support domain name-based forwarding rules. HTTPS listeners can forward requests that are destined for different domain names to the corresponding backend servers. To ensure the security of data transmission, HTTPS listeners also encrypt the data that is carried in the received requests. This allows you to use only one GA instance to accelerate multiple domain names over HTTPS.

The following table describes information about the web servers of the enterprise and the forwarding rules that the HTTPS listeners use after the enterprise uses the GA service to accelerate its web application.

Domain name Listener protocol Listener port Forwarding rule Endpoint group Server Service protocol Service port Server public IP
example.com HTTPS 443 Default forwarding rule Default endpoint group Server 1 HTTP 80 192.0.XX.XX
example.net Custom forwarding rule Virtual endpoint group Server 2 HTTPS 443 198.0.XX.XX

Procedure

Procedure

Step 1: Purchase a GA service bundle

You can enter the information about the web service in the GA console. After you enter the information, the system generates a list of recommended services. The list includes a GA instance and a basic bandwidth plan.

  1. Log on to the Global Accelerator console.
  2. In the upper-right corner of the Instances page, click Purchase Guide.
    Note If this is the first time that you use the GA service, skip this step.
    Purchase Guide
  3. In the Enter the required information to generate a list of recommended services section, enter the required information and click Generate Service List.
    Parameter Description
    Acceleration Area Select the region that requires acceleration.

    In this example, China (Hangzhou) is selected.

    Service Region Select the region where the backend servers are deployed.

    In the example, China (Beijing) is selected.

    ICP Filing Specify whether you have applied for an ICP number for the domain name of the web service.

    In this example, Yes is selected.

    Server Area Specify whether the backend service is deployed on Alibaba Cloud.

    In this example, On Alibaba Cloud is selected.

    Peak Bandwidth Range Enter the bandwidth required during peak hours. Unit: Mbit/s.

    In this example, 2 is entered.

    Maximum Concurrent Connections The maximum number of concurrent connections that a GA instance supports. When the number of existing concurrent connections reaches the upper limit, new connection requests are dropped.

    In this example, 5 Thousand is selected.

  4. In the Recommended Service List section, click Generate Service List after you confirm the information.
    Recommended service list
    Note The instance configurations in Recommended Service List provide the most cost-effective plan to run your services. You can also change the instance configurations on the buy page.
  5. On the buy page, set the following parameters and click Buy Now to complete the payment.
    Parameter Description
    Term Select the subscription duration.
    Specification Select a specification for the GA instance.

    In this example, Small I (Specification Unit) is selected.

    Bandwidth Type Select a bandwidth type for the basic bandwidth plan.

    In this example, Basic is selected.

    Peak Bandwidth Select the bandwidth limit of the basic bandwidth plan.

    In this example, 2 Mbit/s is selected.

Step 2: Add an acceleration area

After you purchase a GA instance, you can add an acceleration area, specify the region where users are located, and then allocate bandwidth resources to the region.

  1. On the Instances page, find the GA instance that you purchased and click the instance ID.
  2. On the instance details page, click the Acceleration Areas tab. On the China East tab, click Add Region.
  3. In the Add Acceleration Area dialog box, set the following parameters and click OK:
    Parameter Description
    Region Select the region where the users that require the acceleration service are located.

    In this example, China (Hangzhou) is selected.

    Bandwidth Allocate bandwidth to the region.

    In this example, 2 Mbit/s of bandwidth is allocated.

    Internet Protocol Select the Internet protocol that is used by the users to connect to GA.

    In this example, IPv4 is selected.

    After you add the region, the system assigns an accelerated IP address to the region that is added to the GA instance. This accelerated IP address is used to accelerate data transfer from users in the specified region to the specified backend servers through GA. Accelerated IP address

Step 3: Add a listener and an endpoint group

A listener checks for connection requests and then distributes the requests to backend servers based on the specified protocol and ports. Each listener is associated with an endpoint group. You can associate an endpoint group with a listener by specifying the region to which you want to distribute network traffic. After you associate an endpoint group with a listener, traffic is distributed to the optimal endpoint in the associated endpoint group.

For more information about how to configure default endpoint groups and virtual endpoint groups, see Endpoint groups.

  1. On the instance details page, click the Listeners tab and then click Add Listener.
  2. On the Configure Listener & Protocol wizard page, specify the following listener information and click Next.
    Listener
    Parameter Description
    Listener Name Enter a name for the listener.

    The name must be 2 to 128 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter.

    Protocol Select the protocol of the listener.

    HTTPS is selected in this example.

    Port Number Specify a port for the listener. The port is used to receive and forward requests to endpoints. Valid values: 1 to 65499.

    The value is set to 443 in this example.

    Client Affinity Specify whether to enable client affinity. If client affinity is enabled, requests from the same client are forwarded to the same endpoint when the client connects to a stateful application.

    In this example, Source IP Address is selected.

  3. In the Server Certificate section of the Configure SSL Certificate wizard page, select the SSL certificate for which you applied from the drop-down list and click Next.
    After you configure an SSL certificate, GA uses HTTPS to encrypt client requests and service data. This ensures the security of data transmission.
    Note The SSL certificate is used to encrypt data that is transmitted from clients to GA. You can use the certificate that is installed on the backend servers to encrypt data that is transmitted from GA to the backend servers. The certificate that is used by the listener can be the same as the one that is installed on the backend servers.
  4. On the Configure Endpoint Group wizard page, set the following parameters for the default endpoint group and click Next.
    Default endpoint group
    Parameter Description
    Endpoint Group Name Enter a name for the endpoint group.

    The name must be 2 to 128 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter.

    Region Select the region where you want to create the endpoint group. The backend servers that the clients want to access must be deployed in the specified region.

    In the example, China (Beijing) is selected.

    Backend Service Specify whether the backend service is deployed on Alibaba Cloud.

    In this example, Alibaba Cloud is selected.

    Preserve Client IP By default, client IP address preservation is enabled for HTTPS listeners. HTTPS listeners can retrieve client IP addresses from the x-forwarded-for HTTP header field. For more information, see Preserve client IP addresses.
    Endpoint Endpoints are backend servers that receive and handle client requests. To add an endpoint, specify the following parameters:
    • Backend Service Type: Select Alibaba Cloud Public IP Address.
    • Backend Service: Enter the IP address of the backend service that you want to accelerate. In this example, 192.0.XX.XX is entered, which is the public IP address of Server 1.
    • Weight: Enter a weight for the endpoint. Valid values: 0 to 255. GA distributes network traffic to endpoints based on their weights.
      Notice If the weight of an endpoint is set to 0, GA stops distributing network traffic to the endpoint. Proceed with caution.
    Backend Service Protocol Select the protocol that the backend server uses. Valid values:
    • HTTP: This is the default value.
    • HTTPS

    In this example, HTTP is selected.

    Port Mapping If the listener port and the port that the endpoint uses to provide services are not the same, you must add a mapping between the ports.
    • Listener Port: Enter the listener port. In this example, the value is set to 443.
    • Endpoint Port: Enter the port that the endpoint uses to provide services. In this example, 80 is used.
  5. On the Confirm wizard page, confirm the configurations of the listener and endpoint, and then click Submit.
  6. Configure a virtual endpoint group.
    1. On the Listeners tab, find the listener that you want to manage and click the endpoint group ID in the Default Endpoint Group column.
    2. On the Endpoint Group tab, click Add Virtual Endpoint Group.
    3. In the Add Virtual Endpoint Group dialog box, set the following parameters and click Create.
      The configurations of the virtual endpoint group are the same as those of the default endpoint group that you created in Step4 except for the following parameters:
      • Backend Service: Enter 198.0.XX.XX, which is the public IP address of Server 2.
      • Backend Service Protocol: Select HTTPS.
      • Port Mapping: You do not need to add a port mapping.

        If the listener port and the port that the endpoint uses to provide services are the same, you do not need to add the port mapping. GA automatically distributes client requests to the listener port of the endpoint.

Step 4: Create a forwarding rule

When an HTTPS listener receives requests, the HTTPS listener forwards the requests that meet the conditions in forwarding rules to the optimal endpoints in the associated endpoint groups. If the requests do not match a custom forwarding rule, the HTTPS listener forwards the requests to the default endpoint group in the default forwarding rule.

To create a custom forwarding rule for the virtual endpoint group that is associated with Server 2, perform the following steps:

  1. On the listener details page, click Forwarding Rule.
  2. Click Add Forwarding Rule, configure the following parameters, and then click OK.
    Parameter Description
    Name Enter a name for the forwarding rule.

    The name must be 2 to 128 characters in length, and can contain letters, digits, periods (.), underscores (_), and hyphens (-). The name must start with a letter.

    If (Matching All Conditions) Configure the forwarding condition.
    • Domain Name
    • Path

    In this example, select Domain Name and enter example.net, which is the domain name to which you want to forward requests.

    The domain name must be 3 to 128 characters in length and can contain letters, digits, hyphens (-), and periods (.). Supported wildcard characters are asterisks (*) and question marks (?).

    Forward to Virtual Endpoint Group Select the virtual endpoint group to which a matched request is forwarded.

    In this example, the virtual endpoint group created in Step 3: Add a listener and an endpoint group is selected.

Step 5: Add a CNAME record

To forward requests from clients to GA, you must modify the DNS record to map the domain names that you want to accelerate to the canonical name (CNAME) of the GA instance. The following example shows how to modify the DNS record in the Alibaba Cloud DNS console.
Note If you use the DNS resolution service that is provided by a third-party service provider, log on to the platform of the service provider and modify the DNS record for your web application.
  1. Log on to the Alibaba Cloud DNS console.
  2. On the Manage DNS page, find the domain name and click Configure in the Actions column to go to the DNS Settings page.
  3. On the DNS Settings page, find the DNS record that you want to modify and click Edit in the Actions column.
  4. In the Edit Record panel, configure the following parameters and click Confirm.
    Parameter Description
    Type The CNAME record is used to map the domain name to the CNAME allocated by GA.

    In this example, CNAME is selected.

    Host Enter the prefix of the domain name that you want to accelerate.
    • If the domain name is www.aliyun.com, set the prefix to www.
    • If the domain name is aliyun.com, set the prefix to @.
    • If the domain name is *.aliyun.com, set the prefix to *.
    • If the domain name is mail.aliyun.com, set the prefix to mail.
    ISP Line Select Default from the drop-down list.
    Value Enter the CNAME that is allocated by GA.

    You can find the CNAME on the Instances page.

    TTL The time-to-live (TTL) period of the DNS record on the DNS server.

    In this example, 10 minute(s) is selected.

Step 6: Verify the acceleration performance

Use both domain names to verify the connectivity to the web application that is deployed in the China (Beijing) region. In addition, check whether content delivery is accelerated.
Note
  • The Linux operating system is used in this example. The command that is used to verify the connectivity varies based on the operating system that you use. For more information, see the user guide of your operating system.
  • The result varies based on the actual workloads.
  1. Open the CLI on an on-premises machine. In this example, the machine is located in the China (Hangzhou) region.
  2. Use example.com to access the web application and check whether content delivery is accelerated.
    1. To verify the connectivity to the web application, run the following command:
      curl https://<The domain name of the web application>
      If the following message is returned, you are connected to the web application. Example:
      [root@<hostname~># curl https://example.com
      Hello World! This is server1.
    2. To verify data transmission, run the following command:
      curl -o /dev/null -s -w "time_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n" "https://<The domain name of the web application>"
      In the command:
      • time_connect: the period of time that it takes to establish a TCP connection. Unit: seconds.
      • time_starttransfer: the start time of data transfer. The start time refers to the amount of time from when the client sends a request to the backend server to when the first byte is sent to the client. Unit: seconds.
      • time_total: the total connection time. The total connection time refers to the amount of time from when the client sends a request to when the client receives the last byte from the backend server. Unit: seconds.
      You can check the acceleration performance of GA based on the preceding metrics. Example:
      • Data transmission before GA is used
        [root@<hostname~># curl -o /dev/null -s -w "time_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n" "https://example.com"
        time_connect:0.033
        time_starttransfer:0.260
        time_total:0.260
      • Data transmission after GA is used
        [root@<hostname~># curl -o /dev/null -s -w "time_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n" "https://example.com"
        time_connect:0.030
        time_starttransfer:0.059
        time_total:0.059
  3. Use example.net to access the web application and check whether content delivery is accelerated.
    1. To verify the connectivity to the web application, run the following command:
      curl https://<The domain name of the web application>
      If the following message is returned, you are connected to the web application. Example:
      [root@<hostname~># curl https://example.net
      Hello World! This is server2.
    2. To verify data transmission, run the following command:
      curl -o /dev/null -s -w "time_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n" "https://<The domain name of the web application>"
      In the command:
      • time_connect: the period of time that it takes to establish a TCP connection. Unit: seconds.
      • time_starttransfer: the start time of data transfer. The start time refers to the amount of time from when the client sends a request to the backend server to when the first byte is sent to the client. Unit: seconds.
      • time_total: the total connection time. The total connection time refers to the amount of time from when the client sends a request to when the client receives the last byte from the backend server. Unit: seconds.

      You can check the acceleration performance of GA based on the preceding metrics. Example:

      • Data transmission before GA is used
        [root@<hostname~># curl -o /dev/null -s -w "time_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n" "https://example.net"
        time_connect:0.006
        time_starttransfer:0.162
        time_total:0.162
      • Data transmission after GA is used
        [root@<hostname~># curl -o /dev/null -s -w "time_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n" "https://example.net"
        time_connect:0.030
        time_starttransfer:0.060
        time_total:0.060