All Products
Search

This Product

    Microservices Engine:Associate domain names with a cloud-native gateway

    Document Center

    Microservices Engine:Associate domain names with a cloud-native gateway

    Last Updated:Feb 05, 2024

    Cloud-native gateways provide a multi-domain name management capability. This capability allows you to manage protocols, certificates, and route configurations of different domain names. For example, if you associate the *.hello.com wildcard domain name with a cloud-native gateway, you can use the subdomains of the wildcard domain name, such as 1.hello.com and 2.hello.com, to access the cloud-native gateway. This topic describes how to associate domain names with a cloud-native gateway.

    Prerequisites

    • Internet Content Provider (ICP) filings for domain names are obtained.

      Note

      If you want to associate independent domain names with cloud-native gateways in a region in the Chinese mainland, you must apply for ICP filings in the Alibaba Cloud ICP Filing system or add Alibaba Cloud as a service provider to the ICP filing information of the domain names. If you want to associate independent domain names with cloud-native gateways in a region outside the Chinese mainland, ICP filings are not required.

    • If you want to enable HTTPS, you must make sure that Secure Sockets Layer (SSL) certificates are purchased or obtained free of charge from Alibaba Cloud Certificate Management Service. For more information, see Purchase SSL certificates.

    Procedure

    1. Log on to the MSE console. In the top navigation bar, select a region.

    2. In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the name of the gateway.

    3. In the left-side navigation pane, click Domain Names.

    4. On the Domain Names page, click Associate with Domain Name.

    5. In the Associate with Domain Name panel, configure the parameters and click OK.

      Parameter

      Description

      Domain Name

      Enter a complete domain name, such as hello.com, or a wildcard domain name, such as *.hello.com. You can independently manage the protocols and certificates of the domain name. Route configurations are isolated based on the domain name.

      Important

      The asterisk (*) in a wildcard domain name matches only a domain name field of the same level. For example, *.hello.com can match subdomains such as a.hello.com and b.hello.com. Subdomains such as a.b.hello.com cannot be matched. To associate a domain name that does not match the wildcard domain name you specified, you must perform the association operation again.

      Protocol

      Select HTTP or HTTPS from the drop-down list. If you select HTTPS, you must associate the HTTPS protocol with an SSL certificate. The supported port number varies based on the protocol:

      • HTTP: Port 80 is supported.

      • HTTPS: Port 443 is supported.

      Certificate

      Select the certificate that is associated with the HTTPS protocol in Alibaba Cloud Certificate Management Service. For more information, see Purchase SSL certificates.

      Force to Use HTTPS

      If you select Force to Use HTTPS, only HTTPS port 443 can be accessed. HTTP port 80 cannot be accessed, and requests are redirected to HTTPS port 443.

      HTTP2

      Select an option to specify whether to use HTTP/2 during the TLS handshake based on Application-Layer Protocol Negotiation (ALPN). Valid values:

      • Enable: The current domain name uses the HTTP/2 protocol for communications after the TLS handshake succeeds.

      • Disable: The current domain name does not use the HTTP/2 protocol for communications after the TLS handshake succeeds.

      • Use Global Configuration: The system determines whether the current domain name uses the HTTP/2 protocol based on the value of EnableHttp2. The setting of the HTTP2 parameter varies with the value of EnableHttp2.

      Note

      If the HTTP protocol is used, the gateway uses HTTP Upgrade to automatically upgrade HTTP to HTTP/2 based on client requirements. Therefore, you can configure this parameter based on your business requirements only if you select HTTPS from the Protocol drop-down list.

      TLS Version

      Select the earliest and latest TLS versions when the current domain name uses TLS for communications.

      • Minimum TLS Version: the earliest TLS version that you select for the current domain name. Default value: TLS 1.0.

      • Maximum TLS Version: the latest TLS version that you select for the current domain name. Default value: TLS 1.3.

    Verify the result

    The system automatically configures a routing rule for the path of the domain name that you associated. For more information, see Create a routing rule.

    • If the resolution of your domain name takes effect, you can verify the result by directly accessing a website that meets the configured routing rule from a browser.

    • If you do not configure the Domain Name System (DNS) resolution for your domain name, you can run one of the following cURL commands to verify the result based on the supported protocol. In the following examples, the domain name that you associated is hello.com. You must replace "{Public IP address}" in the following URLs with your public IP address:

      • HTTP: 

        curl http://hello.com --resolve "hello.com:80:{Public IP address}"

      • HTTPS: 

        curl -v -k https://hello.com --resolve "hello.com:443:{Public IP address}" --cacert my-cert.pem