Configure mirroring-based back-to-origin rules in several special scenarios - Object Storage Service

This topic describes how to configure mirroring-based back-to-origin rules in several special scenarios.

Scenario 1

Customer A creates a bucket named bucket-01 in the China (Hangzhou) region and has the following requirements:

When a requester requests an object that does not exist in the examplefolder directory of bucket-01, OSS searches the destfolder directory of https://example.com to obtain the required object.
The MD5 hashes of the objects in the origin must be checked. If the MD5 hashes of the objects in the origin do not match the MD5 hashes calculated by Object Storage Service (OSS), these objects are not stored in bucket-01.

To meet the preceding requirements, perform the following steps to configure a mirroring-based back-to-origin rule:

Log on to the OSS console.
In the left-side navigation pane, click Buckets. On the Buckets page, find and click the desired bucket.
In the left-side navigation tree, choose Data Management > Mirroring-based Back-to-origin.
On the Mirroring-based Back-to-origin page, click Create Rule.

In the Create Rule panel, configure the required parameters. The following table describes the parameters. Retain the default settings for other parameters.

Parameter	Description
Method	Select Mirroring.
Condition	Select Object Name Prefix and set the parameter to examplefolder/.
Replace or Delete File Prefix	Select Replace or Delete File Prefix and set the parameter to destfolder/. Note This parameter is displayed only when you configure the Object Name Prefix parameter.
Origin URL	Select https in the first text box, enter example.com in the second text box, and leave the third text box empty.
MD5 Verification	Select Perform MD5 verification. When the response to the back-to-origin request contains the Content-MD5 header, OSS checks whether the MD5 hash of the object obtained from the origin matches the value of the Content-MD5 header. If the calculated MD5 hash of the object matches the value of the Content-MD5 header obtained from the origin, the client obtains the object from the origin, and OSS stores the object. If the calculated MD5 hash of the object does not match the value of the Content-MD5 header obtained from the origin, OSS does not store the object, but the object is returned to the client.

Click OK.
The following content shows the access process after the preceding back-to-origin rule is configured:
1. A requester accesses https://bucket-01.oss-cn-hangzhou.aliyuncs.com/examplefolder/example.txt for the first time.
2. If bucket-01 does not contain the examplefolder/example.txt object, OSS retrieves the object at https://example.com/destfolder/example.txt.
3. After OSS obtains the object from the origin, OSS performs the following operations:
  - If the response to the back-to-origin request contains the Content-MD5 header, OSS calculates the MD5 hash of the object obtained from the origin, and matches the calculated MD5 hash with the value of the Content-MD5 header obtained from the origin. If the calculated MD5 hash matches the value of the Content-MD5 header obtained from the origin, OSS stores the object as examplefolder/example.txt in bucket-01 and returns the object to the requester. If the calculated MD5 hash does not match the value of the Content-MD5 header obtained from the origin, the object is returned to the requester but is not stored in bucket-01.
  - If the response to the back-to-origin request does not contain the Content-MD5 header, OSS stores the object as examplefolder/example.txt in bucket-01 and returns the object to the requester.

Scenario 2

Customer B creates a bucket named bucket-02 in the China (Beijing) region, and two origins, which are Origin A (https://example.com) and Origin B (https://example.org). The two origins have the same directories. Customer B has the following requirements:

When a requester requests an object that does not exist in the bucket-02/dir1 directory, OSS searches the example1 directory of https://example.com for the object.
When a requester requests an object that does not exist in the bucket-02/dir2 directory, OSS searches the example2 directory of https://example.org for the object.
Determine whether to request objects from the specified address based on whether the redirection policy is configured for Origin A and Origin B.

To meet the preceding requirements, refer to the steps described in Scenario 1 to configure two mirroring-based back-to-origin rules that have the parameter settings described in the following tables.

Parameter settings for Rule 1

Parameter	Description
Method	Select Mirroring.
Condition	Select Object Name Prefix and set the parameter to dir1/.
Replace or Delete File Prefix	Select Replace or Delete File Prefix and set the parameter to example1/. Note This parameter is displayed only when you configure the Object Name Prefix parameter.
Origin URL	Select https in the first text box, enter example.com in the second text box, and leave the third text box empty.
3xx Response	Select Follow Origin to Redirect Request. Note If Follow Origin to Redirect Request is not selected, OSS directly returns the URL specified in the redirection rule to the requester.

Parameter settings for Rule 2

Parameter	Description
Method	Select Mirroring.
Condition	Select Object Name Prefix and set the parameter to dir2.
Replace or Delete File Prefix	Select Replace or Delete File Prefix and set the parameter to example2/. Note This parameter is displayed only when you configure the Object Name Prefix parameter.
Origin URL	Select https in the first text box, enter example.org in the second text box, and then leave the third text box empty.
3xx Response	Select Follow Origin to Redirect Request.

The following content shows the access process after the preceding back-to-origin rules are configured:

A requester requests https://bucket-02.oss-cn-beijing.aliyuncs.com/dir1/example.txt for the first time.
If the example.txt object does not exist in the dir1 directory of bucket-02, OSS retrieves the object at https://example.com/example1/example.txt.
- If a redirection rule is specified for example1/example.txt of Origin A, OSS sends a new request to the URL specified in the redirection rule for Origin A, stores the object as dir1/example1/example.txt in bucket-02, and then returns the object to the requester.
- If no redirection rule is specified for example1/example.txt of Origin A, OSS stores the object as dir1/example1/example.txt in bucket-02 and returns the object to the requester.
If a requester requests https://bucket-02.oss-cn-beijing.aliyuncs.com/dir2/example.txt, the object obtained by using the back-to-origin rule is stored in the dir2/example2 directory of bucket-02.

Scenario 3

Customer C creates two buckets, bucket-03 and bucket-04, in the China (Shanghai) region. The access control list (ACL) of bucket-03 is public-read and the ACL of bucket-04 is private. Customer C has the following requirements:

When a requester requests an object that does not exist in the examplefolder directory of the root directory of bucket-03, OSS searches the examplefolder directory of bucket-04 for the object.
The query string included in the request URL for an object can be transferred to the origin.
The header1, header2, and header3 HTTP headers included in the request URL for an object can be transferred to the origin.

To meet the preceding requirements, refer to the steps described in Scenario 1 and configure a mirroring-based back-to-origin rule that has the following parameter settings.

Parameter	Description
Method	Select Mirroring.
Condition	Select Object Name Prefix and set the parameter to examplefolder/.
Origin Type	Select OSS Private Bucket and then select bucket-04 from the Source Bucket drop-down list. Note When you configure Origin Type, OSS generates a role named `AliyunOSSMirrorDefaultRole` in the RAM console and attaches the AliyunOSSReadOnlyAccess policy to the role to grant the read-only permissions on all buckets.
Origin URL	Select https in the first text box and leave the other text boxes empty.
Origin Parameter	Select Transfer with Query String. OSS transfers the query string included in the URL of the required object to the origin.
Set Transmission Rule of HTTP Header	Select Transmit Specific HTTP Headers for Allow and add the header1, header2, and header3 HTTP headers. Back-to-origin rules do not support some HTTP headers, such as `authorization`, `authorization2`, `range`, `content-length`, and `date`, and HTTP headers that start with `x-oss-`, `oss-`, and `x-drs-`. Important When requesters retrieve data in a private bucket, do not select Transmit All HTTP Headers. Otherwise, the back-to-origin request fails.

The following content shows the access process after the preceding back-to-origin rule is configured:

A requester accesses https://bucket-03.oss-cn-shanghai.aliyuncs.com/examplefolder/example.png?caller=lucas&production=oss for the first time.
If examplefolder/example.png does not exist in bucket-03, OSS sends a request to https://bucket-04.oss-cn-shanghai.aliyuncs.com/examplefolder/example.png?caller=lucas&production=oss to obtain the object.
bucket-04 collects access statistics based on the ?caller=lucas&production=oss parameter passed to the origin and returns example.png to OSS.
OSS stores the object as examplefolder/example.png in bucket-03.

If the request includes the header1, header2, and header3 HTTP headers, these headers are also transferred to bucket-04.