Cloud-native gateways support the management of multiple domain names, including wildcard domain names. You can manage protocols, certificates, and routing configurations for each domain name. For example, if you associate the wildcard domain name *.hello.com, you can use domain names such as 1.hello.com and 2.hello.com to access the gateway.
Prerequisites
Complete the ICP filing for your domain names.
For independent domain names in the Chinese mainland, you must complete ICP filing with Alibaba Cloud or update your ICP filing information to include Alibaba Cloud. ICP filing is not required for domain names in regions outside China.
Procedure
Log on to the MSE console. In the top navigation bar, select a region.
In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the ID of the gateway.
In the left-side navigation pane, click Routes. Then, click the Domain tab.
Click Create Domain Name. In the Create Domain Name panel, configure the parameters and click OK.
Parameter
Description
Domain Name
Enter a complete domain name such as
hello.comor a wildcard domain name such as*.hello.com. For this domain name, you can independently manage its protocols and certificates. Route configurations can be isolated from each other by domain name.Important*.hello.comcan match domain names such asa.hello.com,b.hello.com, anda.b.hello.com. However, if the domain name of the requested certificate is*.hello.com, the certificate can be used only fora.hello.comandb.hello.com, but not fora.b.hello.com.Protocol
Select the HTTP or HTTPS protocol.
If you select the HTTPS protocol, you must also configure the following parameters.
Certificate
Select the certificate that is associated with the HTTPS protocol in Alibaba Cloud SSL Certificate Service.
NoteIf you have not purchased or uploaded an SSL Certificate, you can click Purchase/Upload Certificate to go to the Digital Certificate Management Service console to perform the operation. For more information, see Purchase SSL certificates.
Force HTTPS
If you enable Force HTTPS, only the HTTPS port takes effect. Access to the normal HTTP port is denied, and requests are redirected to HTTPS.
HTTP/2
Determines whether to use HTTP/2 during the TLS handshake phase based on the ALPN protocol.
Use global configuration: Determines whether the current domain name uses HTTP/2 based on the value of
EnableHttp2in the parameter configuration, and this setting changes dynamically with the value ofEnableHttp2.Enable: The current domain name uses the HTTP/2 protocol for communication after the TLS handshake is successful.
Disable: The current domain name does not use the HTTP/2 protocol for communication after the TLS handshake is successful.
NoteWhen the protocol is configured as HTTP, the gateway uses the HTTP Upgrade protocol to automatically upgrade to HTTP/2 based on the client's request. Therefore, you only need to configure the HTTP/2 switch as needed when you use the HTTPS protocol.
TLS Version
Configure the TLS versions that are allowed for communication with the current domain name.
Minimum Version: The minimum TLS version allowed for communication with the current domain name. The default version is TLS 1.0.
Maximum Version: The maximum TLS version allowed for communication with the current domain name. The default version is TLS 1.2.
Verify the result
Ensure that an accessible route is configured for a path on the domain name. For more information, see Create a routing rule.
If public DNS parsing for your domain name has propagated, you can access the domain name from a browser to verify the configuration.
If you have not configured DNS parsing for your domain name, you can use one of the following methods for verification. For example, if your domain name is
hello.com, replace {Public IP Address} with the public IP address of your gateway in the following commands.Verify HTTP
curl http://hello.com --resolve "hello.com:80:{Public IP Address}"Verify HTTPS
curl -v -k https://hello.com --resolve "hello.com:443:{Public IP Address}" --cacert my-cert.pem