Accelerate the retrieval of resources from an OSS bucket - CDN

You can use Alibaba Cloud CDN to accelerate the retrieval of static resources, such as images and videos, from an Object Storage Service (OSS) bucket. This topic describes how to accelerate the retrieval of resources from an OSS bucket by using the Alibaba Cloud CDN console and the use scenarios of Alibaba Cloud CDN.

Benefits

OSS is a cost-effective storage service. Alibaba Cloud CDN can accelerate the delivery of static resources. OSS buckets as origin servers provide the following benefits:

All requests that are destined for the origin server are redirected to points of presence (POPs). This reduces loads on the origin server.
You are charged for outbound data transfer from Alibaba Cloud CDN instead of outbound data transfer over the Internet from OSS. Outbound data transfer from Alibaba Cloud CDN is billed at a lower price.
Clients retrieve static resources from the nearest POPs. This minimizes the network transmission distance and ensures the quality of data transmission.

Architecture

If an origin server is an OSS bucket, Alibaba Cloud CDN caches the static resources, including scripts, images, audio files, and video files, from the bucket to POPs. When users request the resources, the POPs return the requested resources to the users. This accelerates content delivery.

The following figure shows the architecture. 场景图

Use scenarios

You can use content delivery network (CDN) services in the following scenarios: static content delivery acceleration, dynamic content delivery acceleration, and secure acceleration. Alibaba Cloud CDN serves to accelerate only the delivery of static content. If you want to accelerate the delivery of dynamic content or accelerate content delivery while ensuring high security, you can use Dynamic Content Delivery Network (DCDN).

The website image.example.com requires acceleration for image retrieval from an OSS bucket. The following table describes the business requirements and related information.

Item	Description	Example
Website domain name	The domain name that is accelerated by Alibaba Cloud CDN.	image.example.com
Business type	Determine the business type based on the website content. If the website distributes images, set the business type to Image and Small File.	Image and Small File
Acceleration region	The region where the website visitors are located.	Chinese Mainland Only
Origin domain name	Select an OSS bucket that belongs to the current Alibaba Cloud account, or enter the public domain name of an OSS bucket.	***.oss-cn-hangzhou.aliyuncs.com
Other features	Enable other features based on your business requirements.	Increase cache hit ratios by adding cache rules. Specify domain names for origin fetch by configuring origin hosts. Protect OSS buckets from unauthorized access by enabling access control for private OSS buckets. Accelerate delivery for specific resources by enabling range origin fetch. Increase the cache hit ratio and accelerate file distribution by enabling parameter filtering. Protect POPs from hotlinking by configuring Referer whitelists or Referer blacklists. Protect websites from hotlinking issues and IP theft by enabling URL signing.

Procedure

The following figure shows how to use Alibaba Cloud CDN to accelerate content delivery for a website. The preceding scenario is used as an example. 流程图

Billing

If the origin server is an OSS bucket, you are charged for outbound data transfer from Alibaba Cloud CDN (charged by Alibaba Cloud CDN) and data transfer from OSS to Alibaba Cloud CDN (charged by OSS). For more information, see Billing of OSS content acceleration.

Prerequisites

An Alibaba Cloud account is created, and real-name verification is completed for the account. For more information, visit the Sign up to Alibaba Cloud and Real-name Registration pages.

OSS is activated, an OSS bucket is created, and related resources are uploaded to the OSS bucket. For more information, see Activate OSS.
A domain name to be accelerated is prepared.

Configure Alibaba Cloud CDN to accelerate the retrieval of resources from an OSS bucket

Step 1: Activate Alibaba Cloud CDN and add a domain name to accelerate

Log on to the Alibaba Cloud CDN console.
In the left-side navigation pane, click Domain Names. On the Domain Names page, click Add Domain Name and configure the following parameters:
- Domain Name to Accelerate: the domain name that is used to access your website by users. In this example, enter image.example.com.
- Region: the region in which you want to accelerate the delivery of images in OSS, such as Chinese Mainland Only.
Note
- If you set the Region parameter to Chinese Mainland Only, you need to apply for an ICP filing for the domain name. For more information, see Prepare and check a domain name.
- The first time you add a domain name to Alibaba Cloud CDN, the system verifies the ownership of the domain name before you can add the domain name. Follow the on-screen instructions to complete the verification. For more information, see Verify the ownership of a domain name.
Click Add Origin Server and configure the parameters. Set Origin Info to OSS Domain and select the OSS bucket that you want to accelerate from the Domain Name drop-down list. Use the default values for other parameters and click OK.
After you add an origin server, read and select the compliance commitment, click Next, and then wait for manual review.
Note
If your accelerated domain name does not require manual review, you can proceed to the next step. You can configure the cache expiration, bandwidth cap, and HTML optimization features in the Recommended Features step based on your business requirements. The features improve the cache hit ratio, security, and access performance of the Alibaba Cloud CDN.
When the Status of the domain name is Enabled, view the CNAME of the accelerated domain name. In this example, the CNAME is image.example.com.w.kunlunsl.com.

Step 2: Add a CNAME record

After you add a domain name to Alibaba Cloud CDN, the system assigns a CNAME to the domain name. You must add a CNAME record in the system of your DNS service provider to map the domain name to the CNAME before requests can be redirected to POPs.

In the following example, Alibaba Cloud DNS is used to show how to add a CNAME record. For more information, see Add a CNAME record for a domain name.

Log on to the Alibaba Cloud DNS console with the Alibaba Cloud account to which the accelerated domain name belongs.
In the left-side navigation pane, click Domain Name Resolution. Find the domain name for which you want to add a CNAME and click DNS Settings in the Actions column.
Click Add DNS Record and add a CNAME record.
- Record Type: Select CNAME.
- Hostname: Enter image.
- Record Value: Enter the CNAME assigned by Alibaba Cloud CDN to your accelerated domain name, such as image.example.com.w.kunlunsl.com.
- Keep the default values for other parameters.
Click OK.

Step 3: (Optional) Configure recommended settings

To improve acceleration performance, secure data transmission, and accelerate content delivery, you can enable the corresponding features based on your business requirements.

In the Alibaba Cloud CDN console, go to the Domain Names page, find the domain name that you want to manage, and then click Manage in the Actions column.

Configure the following features based on your business requirements.

Scenario	Description	References
Increase the cache hit ratio	Specify a time-to-live (TTL) value for cached resources based on the following rules to increase the cache hit ratio: Specify a TTL of one month or longer for static files that are infrequently updated, such as images and application packages. Specify a TTL based on your business requirements for static files that are frequently updated, such as JavaScript and CSS files. Specify a TTL of 0 seconds to disable caching for dynamic files, such as PHP, JSP, and ASP files.	Create a cache rule for resources
Specify a site to which POPs redirect requests	By default, the address of the host is the domain name of the OSS bucket. In this example, the domain name of the OSS bucket is ***.oss-cn-hangzhou.aliyuncs.com. If a custom domain name such as origin.developer.aliyundoc.com is mapped to the OSS bucket, you need to set Domain Type to Custom Domain, and set the origin host to origin.developer.aliyundoc.com.	For more information, see Configure the default origin host.
Protect OSS buckets from unauthorized access	By default, OSS buckets are accessible over the Internet. If you want to protect OSS buckets from unauthorized access, you can set the ACL of OSS buckets to private and enable the private bucket access feature. This way, Alibaba Cloud CDN has permissions to redirect requests only to OSS buckets that belong to the same account as Alibaba Cloud CDN.	Configure access to private OSS buckets Before you perform this operation, set the ACL of OSS buckets to private to allow only authorized access. For more information, see Bucket ACLs.
Accelerate file distribution on POPs	After you enable range origin fetch, the OSS bucket that serves as the origin server returns the chunk of file that is specified by the Range header to POPs. This reduces origin traffic and accelerates content delivery. Range origin fetch is suitable for large file distribution scenarios such as audio and video streaming. Range origin fetch is not suitable for small file distribution scenarios. You do not need to enable range origin fetch when you use Alibaba Cloud CDN to accelerate the delivery of images.	Range origin fetch
Increase the cache hit ratio Increase file distribution efficiency	After you enable the parameter filtering feature, POPs remove parameters that follow the question mark (?) from request URLs. This way, requests that carry different query strings but are destined for the same resource can hit the cache. This increases the cache hit ratio and reduces origin traffic.	Ignore parameters
Protect websites from hotlinking	After you configure a Referer whitelist or blacklist, Alibaba Cloud CDN allows or blocks requests based on user identities. If a request is allowed, Alibaba Cloud CDN returns the URL of the requested resource. If a request is blocked, Alibaba Cloud CDN returns the HTTP 403 status code.	Configure a Referer whitelist or blacklist to enable hotlink protection
Protect websites from hotlinking and IP theft	URL signing cannot be performed without the origin server. The origin server generates signed URLs based on the URL signing settings on the POPs. After you enable URL signing, only requests that pass authentication can access resources on POPs.	Configure URL signing

Related operations

Allow Alibaba Cloud CDN to access resources in an OSS bucket

After the CNAME record takes effect and you set the ACL of the resources to be accessed to public-read, you can access resources in the OSS bucket by using one of the following methods:

Concatenate the accelerated domain name and file path, and then enter the concatenated URL into a web browser. For example, if the accelerated domain name is aliyundoc.com and you want to access the file image_01.jpg in the root directory, you can send a request to http://aliyundoc.com/image_01.jpg.
Set the domain name of the OSS bucket to the accelerated domain name in your client. This way, you can access resources in the OSS bucket by using the accelerated domain name from your client.