Configuration examples of mirroring-based back-to-origin - Object Storage Service

This topic describes how to configure mirroring-based back-to-origin rules in several example scenarios.

Example 1

Customer A has a bucket named examplebucketA in the China (Hangzhou) region and has the following requirements:

When a requester requests an object that does not exist in the examplefolder directory of examplebucketA, the request is redirected to https://example.com to access the required object in the destfolder directory.
The origin site contains objects whose names start with forward slashes (/). These objects must be obtained and then stored in examplebucketA.
The MD5 hashes of the objects in the origin must be checked. If the MD5 hashes of the objects in the origin do not match the MD5 hashes calculated by Object Storage Service (OSS), these objects are not stored in examplebucketA.

To meet the preceding requirements, use the following steps to configure a mirroring-based back-to-origin rule:

Log on to the OSS console.
In the left-side navigation pane, click Buckets. On the Buckets page, click the name of the desired bucket.
In the navigation tree, choose Data Management > Back-to-Origin.
On the Back-to-Origin page, click Create Rule.

In the Create Rule panel, configure the parameters described in the following table and retain the default settings for other parameters.


Parameter	Description
Mode	Select Mirroring.
Prerequisite	Select File Name Prefix and set File Name Prefix to examplefolder/.
Replace or Delete File Prefix	Select Replace or Delete File Prefix and set Replace or Delete File Prefix to destfolder/. Note This parameter is displayed only when you configure the File Name Prefix parameter.
Origin URL	Select https in the first text box, enter example.com in the second text box, and leave the third text box empty.
Keep Forward Slash in Origin URL	Select Keep Forward Slash / in Origin URL. If the names of objects at the origin start with a forward slash (/), OSS deletes the forward slashes (/) and stores the objects in the bucket. Note This parameter is not supported in the following regions: China (Nanjing - Local Region), China (Ulanqab), China (Guangzhou), South Korea (Seoul), Philippines (Manila), and Thailand (Bangkok).
MD5 Verification	Select Perform MD5 verification. When the response to the redirect request contains the Content-MD5 header, OSS checks whether the MD5 hash of the object obtained from the origin matches the value of the Content-MD5 header. If the calculated MD5 hash of the object matches the value of the Content-MD5 header obtained from the origin, the client obtains the object from the origin, and OSS saves the object. If the calculated MD5 hash of the object does not match the value of the Content-MD5 header obtained from the origin, OSS does not save the object, although the object is still returned to the client.

Click OK.
The following content shows the access process after the preceding back-to-origin rule is configured:
1. A requester accesses https://examplebucketA.oss-cn-hangzhou.aliyuncs.com///examplefolder/example.txt for the first time.
2. If examplebucketA does not contain the //examplefolder/example.txt object, OSS redirects the request to https://example.com///destfolder/example.txt to obtain the object.
3. After OSS obtains the object from the origin, OSS performs the following operations:
  - If the response to the redirect request contains the Content-MD5 header, OSS calculates the MD5 hash of the object from the origin, and matches the calculated MD5 hash with the value of the Content-MD5 header obtained from the origin. If the calculated MD5 hash matches the value of the Content-MD5 header obtained from the origin, OSS stores the object with a name of examplefolder/example.txt in examplebucketA and returns the object to the requester. If the calculated MD5 hash does not match the value of the Content-MD5 header obtained from the origin, the object is returned to the requester but is not stored in examplebucketA.
  - If the response to the redirect request does not contain the Content-MD5 header, OSS stores the object with a name of examplefolder/example.txt in examplebucketA and returns the object to the requester.

Example 2

Customer B has a bucket named examplebucketB in the China (Beijing) region, and two origins, which are Origin A (https://example.com) and Origin B (https://example.org). The two origins have the same directories. Customer B wants OSS to meet the following requirements:

When a requester requests an object that does not exist in the A/example directory, OSS searches the example directory of https://example.com for the object.
When a requester requests an object that does not exist in the B/example directory, OSS searches the example directory of https://example.org for the object.
Determine whether to request objects from the specified address based on whether the redirection policy is configured for Origin A and Origin B.

To meet the preceding requirements, refer to the steps presented in Example 1 to configure two mirroring-based back-to-origin rules that have the parameter settings described in the following tables.

Parameter settings for Rule 1


Parameter	Description
Mode	Select Mirroring.
Prerequisite	Select File Name Prefix and set File Name Prefix to A/example/.
Replace or Delete File Prefix	Select Replace or Delete File Prefix and set Replace or Delete File Prefix to example/. Note This parameter is displayed only when you configure the File Name Prefix parameter.
Origin URL	Select https in the first text box, enter example.com in the second text box, and leave the third text box empty.
3xx Response	Select Follow Origin to Redirect Request. Note If Follow Origin to Redirect Request is not selected, OSS directly returns the URL specified in the redirection rule to the requester.

Parameter settings for Rule 2


Parameter	Description
Mode	Select Mirroring.
Prerequisite	Select File Name Prefix and set File Name Prefix to B/example/.
Replace or Delete File Prefix	Select Replace or Delete File Prefix and set Replace or Delete File Prefix to example/. Note This parameter is displayed only when you configure the File Name Prefix parameter.
Origin URL	Select https in the first text box, enter example.org in the second text box, and leave the third text box empty.
3xx Response	Select Follow Origin to Redirect Request.

The following content shows the access process after the preceding back-to-origin rules are configured:

A requester requests https://examplebucketB.oss-cn-beijing.aliyuncs.com/A/example/example.txt for the first time.
If the A/example/example.txt object does not exist in examplebucketB, OSS redirects the request to https://example.com/example/example.txt to obtain the object.
The response to the request varies based on whether a redirection rule is set for the origin.
- If a redirection rule is specified for the example/example.txt directory of Origin A, OSS sends a new request to the URL specified in the redirection rule for Origin A, stores the object named A/example/example.txt in examplebucketB, and returns the object to the requester.
- If no redirection rule is specified for the example/example.txt directory of Origin A, OSS stores the object named A/example/example.txt in examplebucketB and returns the object to the requester.

If a requester requests https://examplebucketB.oss-cn-beijing.aliyuncs.com/B/example/example.txt that does not exist in the B/example directory, the object obtained by using the back-to-origin rule is stored in the B/example directory of examplebucketB.

Example 3

Customer C has two buckets named examplebucketC and examplebucketD in the China (Shanghai) region. The access control list (ACL) of examplebucketC is public-read. The ACL of examplebucketD is private. The customer wants to meet the following requirements:

When a requester requests an object that does not exist in the examplefolder directory of the root directory of examplebucketC, OSS searches the examplefolder directory of examplebucketD for the object.
Allow the query string included in the request URL for an object to be transferred to the origin.
Allow the header1, header2, and header3 HTTP headers included in the request URL for an object to be transferred to the origin.

To meet the preceding requirements, refer to the steps presented in Example 1 and configure a mirroring-based back-to-origin rule that has the following parameter settings.


Parameter	Description
Mode	Select Mirroring.
Prerequisite	Select File Name Prefix and set File Name Prefix to examplefolder/.
Type of Source	Select OSS Private Bucket and select examplebucketD from the Source Bucket drop-down list. Note When you configure Type of Source, OSS generates the `AliyunOSSMirrorDefaultRole` role and grants the role the read-only permission (AliyunOSSReadOnlyAccess) on all your buckets.
Origin URL	Select https in the first text box and leave the other text boxes empty.
Other Parameter	Select Transfer queryString. OSS transfers the query string included in the URL of the required object to the origin.
Set Transmission Rule of HTTP Header	For Allow, select Transmit Specified HTTP Header Parameters and add the header1, header2, and header3 headers. Back-to-origin rules do not support some HTTP headers such as `authorization`, `authorization2`, `range`, `content-length`, and `date` and HTTP headers that start with `x-oss-`, `oss-`, and `x-drs-`.

The following content shows the access process after the preceding back-to-origin rule is configured:

A requester requests https://examplebucketC.oss-cn-shanghai.aliyuncs.com/examplefolder/example.png?caller=lucas&production=oss for the first time.
If the examplefolder/example.png object does not exist in examplebucketC, OSS sends a request to https://examplebucketD.oss-cn-shanghai.aliyuncs.com/examplefolder/example.png?caller=lucas&production=oss to obtain the object.
examplebucketD collects access statistics based on the ?caller=lucas&production=oss parameter passed to the origin and returns example.png to OSS.
OSS stores the object with a name of examplefolder/example.png in examplebucketC.

If the request includes the header1, header2, and header3 HTTP headers, these headers are also transferred to examplebucketD.