You can use Alibaba Cloud CDN to accelerate the retrieval of static resources from an Object Storage Service (OSS) bucket. This topic describes how to accelerate the retrieval of resources from an OSS bucket in the Alibaba Cloud CDN console and the use scenarios of Alibaba Cloud CDN.

Benefits

OSS is a cost-effective storage service. Alibaba Cloud CDN can accelerate the delivery of static resources. OSS buckets as origin servers provide the following benefits:

All requests destined for the origin server are redirected to CDN edge nodes to reduce loads on the origin server.
You are charged for outbound data transfer from Alibaba Cloud CDN instead of outbound data transfer over the Internet from OSS. Outbound data transfer from Alibaba Cloud CDN is billed at a lower price.
Clients retrieve static resources from the nearest CDN edge nodes to minimize the network transmission distance and ensure the quality of data transmission.

Architecture

If the origin server is an OSS bucket, Alibaba Cloud CDN caches the static resources, including scripts, images, audio files, and video files, from the bucket to CDN edge nodes. When users request the resources, the edge nodes return the requested resources to the users. This accelerates content delivery.

The following figure shows the architecture.

Use scenarios

The website image.example.com requires acceleration for image retrieval from an OSS bucket. The following table describes the business information and requirements.


Item	Description	Scenario
Domain name	The domain name that is accelerated by Alibaba Cloud CDN.	image.example.com
Business type	Determine the business type based on the website content. If the website distributes images, set the business type to Image and Small File.	Image and Small File
Accelerated region	The region where the website visitors are located.	Chinese Mainland Only
Origin server domain name	You can select an OSS bucket that belongs to the current Alibaba Cloud account, or enter the public endpoint of an OSS bucket.	***.oss-cn-hangzhou.aliyuncs.com
Other features	Enable other features based on your business requirements.	Increase cache hit ratios by adding cache rules. Specify domain names for back-to-origin routing by configuring origin hosts. Protect OSS buckets from unauthorized access by enabling access control on private OSS buckets. Accelerate delivery for specific resources by enabling object chunking. Increase the cache hit ratio and accelerate file distribution by enabling parameter filtering. Protect CDN edge nodes from hotlinking by configuring Referer whitelists or blacklists. Protect websites from hotlinking issues and IP theft by enabling URL signing.

Procedure

The following procedure shows how to use Alibaba Cloud CDN to accelerate content delivery for a website. The preceding scenario is used as an example.

Step 1: Make preparations

An Alibaba Cloud account is created and the account has passed real-name verification.
Alibaba Cloud CDN and OSS are activated. For more information, see Activate Alibaba Cloud CDN and Activate OSS.
An OSS bucket is created and set to private. For more information, see Create buckets and Bucket ACL.
Note Private OSS buckets do not allow unauthorized access and prevent hotlinking issues.
A domain name to be accelerated is prepared.

Step 2: Add the domain name to be accelerated

Log on to the Alibaba Cloud CDN console.
In the left-side navigation pane, click Domain Names, click Add Domain Name, and then set the following parameters. The scenario described in Use scenarios is used as an example.
Note
- The first time a domain name is added to Alibaba Cloud CDN, Alibaba Cloud CDN must verify the ownership of the domain name. Alibaba Cloud CDN verifies the ownership only of the root domain name. For more information, see Verify the ownership of a domain name. If the root domain name has already passed ownership verification, ignore this message.
- For more information about the parameters and usage notes, see Step 1: Complete basic settings and specify business information.
- Domain Name to Accelerate: Enter image.example.com.
- Business Type: Select Image and Small File.
- Region: Select Chinese Mainland Only.
Click Add Origin Server to add an origin server.
Set Origin Info to OSS Domain and select an OSS bucket that belongs to the current account from the Domain Name drop-down list. Keep the default values for other parameters. ***.oss-cn-hangzhou.aliyuncs.com is used in this example.
Note
- Internal endpoints of OSS buckets are not supported.
- You can check the public endpoint of an OSS bucket in the OSS console.
- For more information about the parameters and usage notes, see Set up origin servers.
After you set up origin servers, click Next.
Wait for manual verification.
Note If the domain name does not need to be manually verified, proceed to the next step. In the next step, you can set the parameters based on your business requirements.
After the domain name passes the verification, the status of the domain name changes to Enabled. In this case, the domain name is added to Alibaba Cloud CDN.
When the value in the Status column changes to Enabled, the CNAME assigned to the domain name is displayed. The CNAME for the domain name used in this example is image.example.com.w.kunlunsl.com.

Step 3: Configure the domain name

To improve acceleration performance, secure data transmission, and accelerate content delivery, you can enable relevant features based on your business requirements.

In the Alibaba Cloud CDN console, navigate to the Domain Names page, find the domain name that you want to manage, and then click Manage.

Enable the following features based on your business requirements.


Scenario	Description	Parameter
Increase the cache hit ratio	Set a proper time-to-live (TTL) value for cached resources based on the following rules to increase the cache hit ratio: Specify a TTL of one month or longer for static files that are infrequently updated, such as images and application packages. Specify a TTL based on your business requirements for static files that are frequently updated, such as JavaScript and CSS files. Specify a TTL of 0 seconds to disable caching for dynamic files, such as PHP, JSP, and ASP files.	Add a cache rule
Specify a site to which edge nodes redirect requests	By default, the address of the host is the endpoint of the OSS bucket. The endpoint of the OSS bucket in this example is `***.oss-cn-hangzhou.aliyuncs.com`. If the OSS bucket is associated with a custom domain name, such as `origin.developer.aliyundoc.com`, you must set the Domain Type to Custom Domain, and set the origin host to `origin.developer.aliyundoc.com`. For more information, see Configure an origin host.	Configure an origin host
Protect OSS buckets from unauthorized access	By default, OSS buckets are accessible over the Internet. If you want to protect OSS buckets from unauthorized access, you can set the OSS buckets to private and enable access control. This way, Alibaba Cloud CDN has permissions to redirect requests only to OSS buckets that belong to the same account as Alibaba Cloud CDN.	Grant Alibaba Cloud CDN access permissions on private OSS buckets Note Before you perform this operation, set the OSS buckets to private, which allows only authorized access. For more information, see Modify the ACL of a bucket.
Accelerate file distribution on CDN edge nodes	After object chunking is enabled, the OSS bucket that functions as the origin server returns the chunk of file that is specified by the Range header to edge nodes. This reduces data transfer on the origin server and accelerates content delivery. Note Object chunking is suitable for large file distribution scenarios such as audio and video streaming. It is not suitable for small file distribution. You do not need to enable object chunking when you use Alibaba Cloud CDN to accelerate the delivery of images.	Object chunking
Increase the cache hit ratio Increase file distribution efficiency	After parameter filtering is enabled, CDN edge nodes remove parameters that follow the question (`?`) from request URLs. This way, requests that carry different query strings but for the same resource can hit cache. This increases the cache hit ratio and reduces back-to-origin traffic.	Ignore parameters
Protect websites from hotlinking issues	After you configure a Referer whitelist or blacklist, Alibaba Cloud CDN allows or blocks requests based on user identities. If a request is authorized, Alibaba Cloud CDN returns the URL of the requested resource. If a request is not authorized, Alibaba Cloud CDN returns the HTTP 403 status code.	Configure a referer whitelist or blacklist to enable hotlink protection
Protect a website from hotlinking and IP theft	URL signing cannot be performed without the origin server. The origin server generates signed URLs based on the URL signing settings on the CDN edge nodes. After URL signing is enabled, only requests that pass authentication can access resources on CDN edge nodes.	Configure URL signing

Step 4: Add a CNAME record

You must add a CNAME record in the system of your DNS service provider to map the domain name to the CNAME before requests can be redirected to edge nodes. Otherwise, CDN acceleration cannot take effect.

In the following example, Alibaba Cloud DNS is used to show how to add a CNAME record.

Note For more information, see Add a CNAME record for a domain name.

Log on to the Alibaba Cloud DNS console with the Alibaba Cloud account to which the accelerated domain name belongs.
Navigate to the Manage DNS page, find the root domain name of the accelerated domain name that you want to manage, and then click Configure in the Actions column.
Click Add Record and add a CNAME record.
- Type: Select CNAME.
- Host: Enter image
- Value: Enter the CNAME that is assigned to the accelerated domain name. image.example.com.w.kunlunsl.com is used in this example.
- Keep the default values for other parameters.
Optional:Check whether the CNAME record has taken effect.
Method 1: Quick verification in the Alibaba Cloud CDN console
1. Log on to the Alibaba Cloud CDN console and navigate to the Domain Names page.
2. Select the domain name and move the pointer over the CNAME Status column. The CNAME Configuration Guide tooltip appears.
3. Click Open Configuration Guide and then click Search.
Method 2: Run the ping command to ping the domain name
1. Open Command Prompt in Windows.
2. Run the ping command to ping the domain name. If the CNAME in the output is the same as the CNAME that is assigned to the domain name, it indicates that CDN acceleration is enabled for the domain name.

What to do next

After you set the OSS bucket to private, requests that are sent to the endpoint of the OSS bucket trigger the AccessDenied error. After the CNAME record takes effect, you can access resources in the OSS bucket by using the following methods:

Concatenate the accelerated domain name and file path, and then enter the concatenated URL into a web browser. For example, if the accelerated domain name is aliyundoc.com and you want to access the file image_01.jpg under the root directory, you can send a request to http://aliyundoc.com/image_01.jpg.
Set the domain name of the OSS bucket to the accelerated domain name in your client. Then, you can access resources in the OSS bucket through the accelerated domain name from your client.