All Products
Document Center

How to reverse proxy an OSS domain name in an ECS instance and implement HTTPS access

Last Updated: Sep 14, 2021

Disclaimer: This topic may contain information about third-party products. The information is for reference only. Alibaba Cloud does not make guarantees or warranties, express or implied, with respect to the performance and reliability of third-party products, and potential impacts of operations on the products.


The access addresses of Alibaba Cloud-Object Storage Service (OSS) buckets are randomly changed. You can configure a reverse proxy for OSS on the ECS instance to enable fixed domain names to access OSS buckets over HTTPS. This topic describes how to use Nginx to implement OSS reverse proxy and HTTPS access in ECS instances.

Background information

This topic uses the CentOS system as an example to access objects in a bucket by using the domain name as follows:

  1. Log on to the ECS instance and run the following command to install the Nginx service:
    yum install -y nginx
  2. Run the following command to edit the /etc/nginx/nginx.conf configuration file:
    vim /etc/nginx/nginx.conf
    Note: The path of the configuration file is based on the actual situation. The configuration file in this topic uses /etc/nginx/nginx.conf as an example.
  3. Add the following configuration to the http module in the configuration file to reverse proxy the domain name the internal or public domain name of OSS.
    server {
    listen 443 ;
    location / {
    root /alidata/www/www-a-com/;
    proxy_pass; # If the host and the bucket are not in the same region, use the public network
    proxy_set_header Referer;
  4. Run the following command to confirm that the added configuration is normal:
    nginx -t
  5. Run the following command to start the NGINX service:
    systemctl start nginx
  6. To resolve the domain name to the IP address of the server, perform the following operations:
    1. Log on to the Alibaba Cloud DNS console.

    2. Click Add Domain Name to add a domain name.

    3. On the Manage DNS page, find the domain name that you want to manage and click Configure in the Actions column.

  7. After you confirm that the object can be accessed, you can add a SSL Certificates Service for the domain name on the server. For more information about how to configure SSL Certificates Service, see How to Install SSL Certificates Service in Various Services.

Applicable scope

  • Object Storage Service (OSS)