Overview
You can access resources stored in Object Storage Service (OSS) buckets over HTTP or HTTPS. However, security vulnerabilities exist in HTTP requests. To prevent your buckets from being attacked, access OSS resources over HTTPS. This topic describes how to access OSS resources over HTTPS.
Methods
You can use one of the following methods to access OSS resources over HTTPS based on your business requirements.
Before you perform high-risk operations, such as modifying the configurations or data of Alibaba Cloud instances, we recommend that you check the disaster recovery and fault tolerance capabilities of the instances to ensure data security.
Before you modify the configurations or data of an instance, such as an Elastic Compute Service (ECS) instance or an ApsaraDB RDS instance, we recommend that you create snapshots or enable backup for the instance. For example, you can enable log backup for an ApsaraDB RDS instance.
If you have granted permissions on sensitive information or submitted sensitive information in the Alibaba Cloud Management Console, we recommend that you modify the sensitive information at the earliest opportunity. Sensitive information includes usernames and passwords.
Use the domain name of the bucket to access OSS resources
Perform the following steps to view the bucket domain names that can be used to access OSS resources over HTTPS: Log on to the OSS console. In the left-side navigation pane, click Buckets. Find the bucket that you want to access and click the bucket name. On the page that appears, click Overview. In the Port section, view the bucket domain names and check whether HTTPS is enabled.
You cannot use a custom domain name to preview images or static HTML resources online. If you use a custom domain name to access the resources, the resources are automatically downloaded. We recommend that you map a custom domain name to the bucket.
Map a custom domain name to the bucket
Map a custom domain name to the bucket, and use the domain name to access OSS resources. For more information, see Map custom domain names. You can also configure SSL certificate hosting for the domain name to access OSS resources over HTTPS. For more information about how to configure certificate hosting, see Host SSL certificates.
If you want all requests to forcibly access resources in the bucket by using one protocol, such as HTTPS, you must specify the syntax of the bucket policy. For more information, see How do I configure an HTTPS request and an SSL certificate?
Use Alibaba Cloud CDN to accelerate access to OSS resources
Alibaba Cloud CDN supports HTTPS requests. You can use Alibaba Cloud CDN to accelerate access to OSS resources and configure an SSL certificate to enable HTTPS access.
For more information about how to map an accelerated domain name to an OSS bucket, see Map accelerated domain names.
For more information about how to configure an SSL certificate for an accelerated domain name, see Configure an SSL certificate.
Configure a reverse proxy for access to OSS
Install the NGINX service on the ECS instance and configure a reverse proxy to access OSS resources over HTTPS. For more information, see Use an ECS instance that runs CentOS to configure a reverse proxy for access to OSS.
Troubleshoot HTTPS access failures
Perform the following steps to troubleshoot HTTPS access failures:
Check whether the SSL certificate is invalid and whether the certificate parsed on the browser matches the domain name that you use. The certificate information may not match the domain name when you use a custom domain name or an accelerated domain name to access OSS resources.
Check whether an error message indicating that the access is stopped is returned on your browser. If the error message appears, check whether an SSL certificate is configured for the domain name and run the
telnetcommand to check whether port 443 is enabled and can be connected.
References
For more information about how to authorize users to access specific OSS resources over HTTPS, see Configure bucket policies to authorize other users to access OSS resources.