All Products
Search

This Product

    Object Storage Service:Overview of endpoints and network connectivity

    Document Center

    Object Storage Service:Overview of endpoints and network connectivity

    Last Updated:Nov 11, 2025

    OSS provides various network access solutions with features for domain name configuration, performance optimization, security protection, and proxy access. You can use these features to build an efficient, stable, and secure storage access architecture.

    Domain name selection

    OSS provides two ways to access your data: bucket domain names and custom domain names. Each method is suitable for different business scenarios.

    Important

    In accordance with a policy adjustment to enhance the compliance and security of OSS, starting from March 20, 2025, new OSS users can no longer use default public domain names to call data operation APIs, such as those for uploading and downloading files, for buckets in the Chinese mainland. You must access OSS using a custom domain name (CNAME).

    Domain name type

    Description

    Pros

    Cons

    Bucket domain name

    The default domain name provided by OSS. It is ready to use with no extra configuration required.

    • Ready to use: Available immediately after bucket creation. No need to wait for domain name resolution configuration.

    • Full-featured: Supports multiple access modes, including Internet, internal network, and transfer acceleration.

    • Maintenance-free: OSS manages and updates the domain name and its SSL Certificate.

    • Browser behavior: When you access objects such as HTML files or images, the browser forces a download instead of displaying them online.

    • Lacks brand identity: The URL contains the .aliyuncs.com suffix and does not reflect your corporate brand.

    • Long URL: Difficult to remember, share, and promote.

    Custom domain name

    Your own domain name. Map it to a bucket using a CNAME record for a branded access experience.

    • Brand consistency: Use your own domain name, such as example.com, to maintain a consistent brand identity.

    • Flexible architecture: The URL remains unchanged even if you switch the backend storage service. This reduces migration costs.

    • SEO-friendly: Beneficial for search engine optimization and improving your website's authority.

    • Management overhead: You are responsible for managing domain name resolution and SSL Certificate renewals.

    • ICP filing requirement: When you map a domain name to a bucket in the Chinese mainland, your domain name must have an ICP filing.

    Performance acceleration

    CDN acceleration

    You can configure CDN acceleration to distribute static assets such as images, videos, and documents from your OSS buckets. This service uses a global network of edge nodes to serve user requests from the nearest point of presence (POP). This configuration significantly improves access speed, reduces network latency, and helps control costs by minimizing direct traffic to OSS.

    Transfer acceleration

    For long-distance, cross-region data transfers, such as accessing a bucket outside China from the Chinese mainland or vice versa, you can enable transfer acceleration to significantly boost performance. Transfer acceleration uses Alibaba Cloud's globally distributed data centers and smart routing to route user requests to the nearest access point. This feature accelerates both uploads and downloads from end to end.

    Security enhancement

    HTTPS security protocol

    The HTTP protocol transmits data in plaintext. This transmission method creates risks of data breaches and tampering, and often fails to meet corporate data protection or compliance requirements. To solve this issue, you can configure an SSL Certificate to enable HTTPS access to OSS. HTTPS provides end-to-end data encryption for data in transit. This prevents security threats such as man-in-the-middle attacks and data eavesdropping, and helps you meet the security and compliance standards of industries such as finance and healthcare.

    PrivateLink private connection

    PrivateLink establishes a dedicated private connection between your virtual private cloud (VPC) and the OSS service to provide network-layer traffic isolation. This solution eliminates the security risks of transmitting data over the Internet, prevents potential network address conflicts, and simplifies network management. This lets you build a secure and controllable cloud storage access architecture that meets stringent requirements.

    Proxy access

    ECS reverse proxy

    OSS relies on DNS to resolve its service endpoints to a dynamic set of IP addresses. Consequently, you may encounter access restrictions or failures when you configure firewall whitelists or integrate with systems that require a fixed IP address. To address this issue, you can configure a reverse proxy on an ECS instance with a dedicated static public IP address. Forwarding requests through this instance ensures that all access to your resources originates from a single, stable IP address.

    FAQ

    Which ports does OSS support?

    • Port 80: HTTP protocol

    • Port 443: HTTPS protocol

    • Port 1935: RTMP stream ingest (used only in RTMP stream ingest scenarios)