Cloud-native gateways provide multi-domain name management. By associating a custom domain name with the gateway, you gain independent control over the protocol, TLS certificate, and routing rules for each domain. Wildcard domains such as *.hello.com let you route traffic for all matching subdomains -- 1.hello.com, 2.hello.com, and so on -- through a single configuration.
Before you begin
Before you begin, make sure that you have:
An ICP filing (Chinese mainland regions only) -- If the gateway is in a Chinese mainland region, the domain must have an Internet Content Provider (ICP) filing through the Alibaba Cloud ICP Filing system, or Alibaba Cloud must be listed as a service provider in the domain's existing ICP filing. Gateways in regions outside the Chinese mainland do not require ICP filings.
A valid TLS certificate (HTTPS only) -- If you plan to use HTTPS, prepare an SSL certificate in Alibaba Cloud Certificate Management Service before you start. A certificate issued for
*.hello.comcovers single-level subdomains such asa.hello.comandb.hello.com, but does not cover multi-level subdomains such asa.b.hello.com. To secure multi-level subdomains, obtain a separate certificate for each level.
Wildcard domain matching vs. certificate scope
The wildcard domain *.hello.com has a broader matching scope than its certificate scope:
| Behavior | Example | Matched by *.hello.com? | Covered by *.hello.com certificate? |
|---|---|---|---|
| Single-level subdomain | a.hello.com | Yes | Yes |
| Single-level subdomain | b.hello.com | Yes | Yes |
| Multi-level subdomain | a.b.hello.com | Yes | No |
To serve HTTPS traffic for multi-level subdomains, obtain a certificate that matches each level explicitly.
Add a domain name
Log on to the MSE console and select a region in the top navigation bar.
In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the gateway ID.
In the left-side navigation pane, click Routes, then click the Domain tab.
Click Add Domain Name. In the Add Domain Name panel, configure the following parameters, and click OK.
Parameter Description Domain Name Enter a specific domain such as hello.com, or a wildcard domain such as*.hello.com. Each domain gets independent protocol, certificate, and routing configurations.Protocol Select HTTP or HTTPS. Selecting HTTPS requires the additional parameters below. Certificate Select an existing certificate from Alibaba Cloud Certificate Management Service. If no certificate is available, click Purchase/Upload Certificate to go to the Certificate Management Service console. For details, see Purchase SSL certificates. Always Use HTTPS Turn on Redirection to HTTPS to redirect all HTTP requests to the HTTPS port. When enabled, only the HTTPS port accepts traffic. HTTP/2 Set HTTP/2 negotiation during the TLS handshake via Application-Layer Protocol Negotiation (ALPN). Options: Use Global Configuration (determined by the EnableHttp2setting), Enable (use HTTP/2 after a successful TLS handshake), or Disable (do not use HTTP/2). This parameter applies only when Protocol is set to HTTPS. For HTTP, the gateway automatically upgrades to HTTP/2 through HTTP Upgrade based on client requests.TLS Version Set the Minimum Version and Maximum Version for TLS. Defaults: TLS 1.0 (minimum) and TLS 1.2 (maximum).
Verify the domain name
After you add a domain, the gateway automatically creates a routing rule for it. For details, see Create a routing rule.
DNS resolution is configured: Open a browser and access a URL that matches the routing rule.
DNS resolution is not configured: Use curl with the --resolve flag to bypass DNS. Replace <public-ip> with the gateway's public IP address.
HTTP:
curl http://hello.com --resolve "hello.com:80:<public-ip>"HTTPS:
curl -v -k https://hello.com --resolve "hello.com:443:<public-ip>" --cacert my-cert.pem