Alibaba Cloud CDN caches Object Storage Service (OSS) objects on points of presence (POPs) that are closer to requesters to accelerate access to OSS. Alibaba Cloud CDN provides higher bandwidth than OSS and allows requesters to access OSS faster without being affected by the outbound bandwidth limits of OSS and geographical distances. Alibaba Cloud CDN further improves access speed.
Scenarios
You can use Alibaba Cloud CDN to accelerate access to OSS for better user experience in various scenarios:
Online audio and video playback
In online audio and video playback scenarios, you can use Alibaba Cloud CDN to deliver audio and video content from OSS to POPs that are distributed globally. This way, you can reduce audio and video buffering time, which improves user experience.
Highly concurrent access
In case of highly concurrent requests to access your website or application, Alibaba Cloud CDN distributes the access requests to multiple POPs for load balancing. This helps reduce loads on your origin server and maintain a fast response.
Transfers of large objects
If you need to access large objects in OSS or download large objects from OSS, you can use Alibaba Cloud CDN to improve bandwidth and data transfer speed, which helps reduce the time required to download the objects.
Global access
If your website or application is intended for users around the world, you can use Alibaba Cloud CDN to cache content on POPs that are closer to users for lower latency and faster access.
Background information
To better handle increased data access and avoid performance bottlenecks, we recommend that you store static data in OSS and use Alibaba Cloud CDN to accelerate access to OSS. This transforms your website from the traditional website architecture where dynamic and static resources are stored together to the cloud-based website architecture where dynamic and static resources are separately stored. The cloud-based website architecture greatly improves the stability and reliability of your website and significantly improves website access speed.
Traditional website architecture
Cloud-based website architecture
Billing rules
If the origin server is an OSS bucket, you may be charged for outbound data transfer from Alibaba Cloud CDN (charged by Alibaba Cloud CDN) and data transfer from OSS to Alibaba Cloud CDN (charged by OSS). For more information, see Billing of OSS content acceleration.
Prerequisites
An OSS bucket is created and resources are uploaded to the bucket. For more information, see Upload objects.
Alibaba Cloud CDN is activated. For more information, see Activate Alibaba Cloud CDN.
A root domain name is registered. You can map a domain name that is not registered with Alibaba Cloud to a bucket. If you do not have a domain name, you can register one by using Alibaba Cloud Domains service platform. For more information, see Register a domain name on Alibaba Cloud.
An Internet Content Provider (ICP) filing is obtained for your domain name if the bucket to which you want to map the domain name resides in the Chinese mainland and real-name verification is complete for your Alibaba Cloud account. For more information about how to apply for an ICP filing for your domain name and complete real-name verification for your Alibaba Cloud account, see Overview and FAQ about real-name registration on the Alibaba Cloud international site (alibabacloud.com).
Procedure
In the following steps, oss.example.com
is used as a CDN-accelerated domain name. You can specify a root domain name, second-level domain name, or wildcard domain name as the accelerated domain name.
Step 1: Add and resolve a domain name
Quick deployment
You can use Resource Orchestration Service (ROS) to add a domain name that you want to accelerate and resolve the domain name to the CNAME assigned by Alibaba Cloud CDN.
Use Create Stack wizard in the ROS console.
In the Configure Parameters step of the Create Stack wizard in the ROS console, configure the following parameters:
Region: Select the region that requires accelerated access, such as
domestic
.Accelerated domain name: Specify the domain name that you want to accelerate (
oss.example.com
in this example).Source station information: Specify the public domain name of the bucket for which you want to accelerate access, such as
examplebucket.oss-cn-hangzhou.aliyuncs.com
. Then click Next. In the Check and Confirm step, check your settings and click Create.
On the Stack Information tab of the page that appears, the status of the stack is Creating.
After the status of the stack becomes Created, click the Outputs tab to view the CNAME.
Manual deployment
Add the domain name that you want to accelerate.
Log on to the Alibaba Cloud CDN console. In the left-side navigation pane, click Domain Names.
On the Domain Names page, click Add Domain Name. On the page that appears, configure the following parameters:
Region: Select Chinese Mainland Only.
Domain Name to Accelerate: Enter the domain name that you want to specify as the accelerated domain name. In this example, enter oss.example.com.
Business Type: Select Image and Small File.
Origin Servers: Click Add Origin Server. In the dialog box that appears, select OSS Domain for Origin Info, and then select the domain name of the bucket for which you want to accelerate access from the Domain Name drop-down list. Retain the default settings for other parameters in the dialog box. Click OK.
Read the Compliance Warranty Regarding Cross-border Data Transfers notice, select I have read and agree to the preceding compliance commitment., click Next, and then click Back to Domain Management.
Wait until the status of the domain name becomes Enabled. Copy the value of the CNAME record. In this example, the value of the CNAME record is oss.example.com.w.kunlunaq.com.
Resolve the domain name.
Log on to the DNS console. In the left-side navigation pane, click Domain Name Resolution.
On the Domain Name Resolution page, find the accelerated domain name (
oss.example.com
in this example) and click DNS Settings.On the DNS Settings page, click Add DNS Record.
In the Add DNS Record panel, configure the following parameters:
Record Type: Select CNAME from the drop-down list.
Hostname: In this example, enter oss.
Record Value: Paste the CNAME record value that you copied earlier. In this example, the record value is oss.example.com.w.kunlunaq.com.
Other parameters: Retain the default settings.
Click OK. Wait for a few minutes and then run the ping command to check whether the accelerated domain name takes effect. If the command output is similar to the command output that is shown in the following figure, the accelerated domain name is in effect.
Step 2: Enable auto CDN cache update and specify the TTL of the cache
Enable auto CDN cache update.
Log on to the OSS console. In the left-side navigation pane, click Buckets. On the Buckets page, click the name of the bucket for which you want to accelerate access.
In the left-side navigation tree, choose
. Click Unmapped to the right of the desired domain name and complete the mapping as prompted.On the Domain Names page, find the accelerated domain name and click Supported Operations in the Auto CDN Cache Update column.
In the drop-down list, select the API operations that trigger automatic updates of CDN cache and click OK.
Configure a time-to-live (TTL) for static resources by directory or file name extension.
When the TTL ends, the resources cached on the POPs become invalid and unavailable. Requests that attempt to access expired objects are redirected to the origin server. If the resources are retrieved from the origin server, the resources are cached on the POPs. For more information, see Create a cache rule for resources.
Step 3: Access an OSS object by using the accelerated domain name
View the URL of an object.
In the left-side navigation pane of the OSS console, click Buckets. On the Buckets page, click the name of the bucket.
In the left-side navigation tree, choose Object Management > Objects. On the Objects page, find the object whose URL you want to view and click View Details in the Actions column.
In the View Details panel, select the accelerated domain name (oss.example.com in this example) from the Custom Domain Name drop-down list. The URL of the object starts with the accelerated domain name.
Configure an HTTPS certificate.
To encrypt information that is transmitted between clients and POPs for better security, you can configure access over HTTPS. An SSL certificate is required for access over HTTPS. For more information, see Configure an SSL certificate.
Access an object by using its URL in a browser.
Access a public-read object
Click Copy Object URL.
Paste the object URL in the address bar of the browser to access the object.
NoteYou can check whether data is served from a CDN POP by opening the browser developer tools and checking the X-Cache field. If the value of the X-Cache field starts with MISS, the requested object is a cache miss on the POP and the CDN POP requests the origin server for the missing object. If the missing object is retrieved from the origin server, the object is cached on the POP. The value of the X-Cache field in subsequent requests for the object starts with HIT, which indicates that the requested object is cached on and served from the POP.
Access a private object
Enable access to a private bucket. For more information, see Enable access to private OSS buckets.
ImportantIf you enable access to a private bucket, Alibaba Cloud CDN adds the Authorization header to origin requests that are sent to the bucket and sets the header value to the authentication signature information of the bucket.
Click Copy Object URL.
Delete the signature information from the object URL.
For example, if the original URL of the private object is
https://oss.example.com/outside.jpg?Expires=1700628094&OSSAccessKeyId=TMP.3********&Signature=B********
, the new URL after you delete the signature information ishttps://oss.example.com/outside.jpg
.ImportantAn origin request cannot contain signature information in both the Authorization header and URL request parameters. If origin requests to a bucket have the Authorization header, object URLs cannot contain signature information, such as
Expires
,Signature
, andOSSAccessKeyId
. Otherwise, OSS authentication fails. For more information, see 0002-00000039.Use the object URL that does not contain signature information to access the object.
NoteYou can check whether data is served from a CDN POP by opening the browser developer tools and checking the X-Cache field. If the value of the X-Cache field starts with MISS, the requested object is a cache miss on the POP and the CDN POP requests the origin server for the missing object. If the missing object is retrieved from the origin server, the object is cached on the POP. The value of the X-Cache field in subsequent requests for the object starts with HIT, which indicates that the requested object is cached on and served from the POP.
Optional. Configure hotlink protection or URL signing to prevent unauthorized access.
Hotlink protection
Hotlink protection identifies and filters requesters based on the Referer header in requests to implement access control and prevent unauthorized access. For more information, see Configure a Referer whitelist or blacklist to enable hotlink protection.
URL signing
Content that is delivered by Alibaba Cloud CDN is publicly available. Requesters who have the URL of an object can access the object. To prevent unauthorized access to resources on your website, you can configure URL signing to add signature strings and timestamps to URLs for access control. For more information, see Configure URL signing.
References
After you enable access to a private bucket, requests that trigger the homepage of the static website result in an error. For more information, see Why am I unable to access the default homepage of a bucket when I retrieve an object from a private bucket by using Alibaba Cloud CDN?
After you add your website to Alibaba Cloud CDN for content delivery, you can configure custom HTTP headers in the response to clients to allow cross-origin resource sharing (CORS). If an OSS bucket is used as the origin server and CORS is configured on OSS and Alibaba Cloud CDN, the CORS configuration of Alibaba Cloud CDN overrides the CORS configuration of OSS. For more information, see Configure CORS.
You can configure range origin fetch to improve content distribution efficiency. This fetches only the required parts of requested resources from the origin server to POPs if they are not cached or have expired. For more information, see Range origin fetch.