Container Registry supports custom domain names. You can use this feature to configure a custom domain name with an SSL certificate for a Container Registry Enterprise Edition instance. Then, you can use the custom domain name to access the instance based on the HTTPS protocol.
Prerequisites
A domain name with an Internet Content Provider (ICP) filing is obtained.
A domain name consists of a series of labels that are separated by periods (.). You can identify the location of a Container Registry Enterprise Edition instance based on the domain name of the instance. You can register a domain name by using the Domain Names service. For more information, see What is Domain Names?
NoteIf the Container Registry Enterprise Edition instance for which you want to configure a domain name is deployed in a region in which ICP filings are not required, you do not need to obtain an ICP filing for the domain name.
An SSL certificate is obtained for the domain name.
SSL certificates comply with the HTTPS protocol. If a Container Registry Enterprise Edition instance uses a domain name that has an SSL certificate, you can enable HTTPS authentication and encryption for the instance. This secures data transmission.
SSL Certificates Service provides digital server certificates that are issued by certification authorities (CAs) both inside and outside China on the Alibaba Cloud platform. SSL Certificates Service helps you transform your services from HTTP to HTTPS at the minimum cost. You can purchase or upload an SSL certificate in the Certificate Management Service console. For more information, see Purchase an SSL certificate.
NoteIf you want to use an SSL certificate that is purchased from and signed by a third-party certificate service provider, you must upload the SSL certificate to Certificate Management Service. For more information, see Upload an SSL certificate.
Domain name certificates support TLS 1.1 and 1.2.
Alibaba Cloud DNS is activated.
Alibaba Cloud DNS can resolve a custom domain name to the IP addresses of the Container Registry Enterprise Edition instance. Then, requests can be routed to the Container Registry Enterprise Edition instance. For more information, see Activate Alibaba Cloud DNS PrivateZone.
A RAM role that has permissions on SSL certificates is configured.
Before you use a custom domain name, create a RAM role for your Alibaba Cloud account and grant the RAM role permissions to access SSL certificates. This allows Container Registry to access SSL certificates. For more information, see Grant permissions to a RAM role before you use a custom domain name to manage SSL certificates.
Add a custom domain name
A Container Registry Enterprise Edition instance supports default and custom domain names.
Each instance provides two default domain names: a public domain name and a virtual private cloud (VPC) domain name.
You can add custom domain names for an instance.
Log on to the Container Registry console.
In the top navigation bar, select a region.
On the Instances page, click the Enterprise Edition instance that you want to manage.
In the left-side navigation pane, choose .
On the page that appears, click Add Domain Name.
In the Add Domain Name dialog box, specify Domain Name and Certificate ID, and then click Confirm.
NoteYou can delete a domain name on the Domain page. To do this, find the domain name that you want to delete on that page, click Delete in the Actions column. In the dialog box that appears, select Confirm to delete and then click Confirm.
Configure access control and Alibaba Cloud DNS
Internet access
After you configure Internet access control and add the custom domain name in Alibaba Cloud DNS, you can use the custom domain name to access your Container Registry Enterprise Edition instance over the Internet.
Configure access control for the Internet. For more information, see Configure Internet access control.
Log on to the Alibaba Cloud DNS console.
In the left-side navigation pane, click Domain Name Resolution.
On the Authoritative Domains tab, click Add Domain Name. In the Add Domain Name dialog box, enter a custom domain name and click OK.
On the Authoritative Domain Names tab, find the custom domain name that you want to add, and click DNS Settings in the Actions column.
On the DNS Settings page, click Add DNS Record.
In the Add DNS Record panel, configure parameters and click OK. The following table describe the parameters.
Parameter
Description
Record Type
Select CNAME from the drop-down list.
Hostname
Enter the custom domain name.
DNS Request Source
Select the region in which the domain name visitor is located and the carrier network that the domain name visitor uses. In this example, select Default.
Record Value
Enter the default public domain name.
TTL
The amount of time that the record is cached. A smaller value indicates a higher speed at which the record takes effect. The default time is 10 minutes.
After you add a record, you can use the custom domain name to access your Container Registry Enterprise Edition instance over the Internet.
VPC access
After you configure VPC access control and PrivateZone, you can use the custom domain name to access your Container Registry Enterprise Edition instance over the VPC.
Configure the access control for the VPC. For more information, see Configure a VPC ACL.
Log on to the Alibaba Cloud DNS console.
In the left-side navigation pane, click PrivateZone.
On the Authoritative Zones tab, click Add Zone.
In the Add Zone dialog box, enter the custom domain name (for example, www.example.com) for the Zone Name parameter, select Recursive Resolution Proxy for Subdomain Names, and then click OK.
On the Authoritative Zones tab, find the private zone for which you want to configure DNS settings, and click DNS Settings in the Actions column.
On the Configure DNS Settings tab, click Add DNS Record.
In the Add DNS Record dialog box, configure parameters and click OK. The following table describe the parameters.
Parameter
Description
Record Type
Select CNAME from the drop-down list.
Hostname
Set the parameter to @.
Record Value
Enter the default domain name of the VPC.
TTL Period
Retain the default value.
On the Configure DNS Settings tab, you can view the new host record.
Return to the PrivateZone page. On the Authoritative Zones tab, find the zone that you want to associate and click Associate VPC in the Actions column.
In the Associate VPC panel, select the VPC in step 1. Then, click OK.
On the Authoritative Zones tab, the value in the VPC Association Status column of the zone changes to Associated. Then, you can use the custom domain name to access your Container Registry Enterprise Edition instance over the VPC.