Cloud-native gateways provide a multi-domain name management capability. This capability allows you to manage protocols, certificates, and route configurations of different domain names. For example, if you associate the *.hello.com
wildcard domain name with a cloud-native gateway, you can use the subdomains of the wildcard domain name, such as 1.hello.com
and 2.hello.com
, to access the cloud-native gateway.
Prerequisites
Internet Content Provider (ICP) filings for domain names are obtained.
If you want to associate independent domain names with cloud-native gateways in a region in the Chinese mainland, you must apply for ICP filings in the Alibaba Cloud ICP Filing system or add Alibaba Cloud as a service provider to the ICP filing information of the domain names. If you want to associate independent domain names with cloud-native gateways in a region outside the Chinese mainland, ICP filings are not required.
Procedure
Log on to the MSE console. In the top navigation bar, select a region.
In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the name of the gateway.
In the left-side navigation pane, click Routes. On the page that appears, click the Domain Names tab.
On the Domain tab, click Add Domain Name. In the Add Domain Name panel, configure the parameters and click OK.
Parameter
Description
Domain Name
Enter a complete domain name, such as
hello.com
, or a wildcard domain name, such as*.hello.com
. You can independently manage the protocols and certificates of the domain name. Route configurations are isolated based on the domain name.Important*.hello.com
can be used to match subdomains such asa.hello.com
,b.hello.com
, anda.b.hello.com
. If the domain name for which you want to apply for a certificate is*.hello.com
, the certificate can only be used for thea.hello.com
andb.hello.com
subdomains. The certificate cannot be used for thea.b.hello.com
subdomain.Protocol
Select HTTP or HTTPS from the drop-down list. The supported port number varies based on the protocol.
HTTP: Port 80 is supported.
HTTPS: Port 443 is supported.
Parameters that you must configure if you select HTTPS as the protocol.
Certificate
Select the certificate that is associated with the HTTPS protocol in Alibaba Cloud Certificate Management Service.
NoteIf you did not purchase or upload a Secure Sockets Layer (SSL) certificate, click Purchase/Upload Certificate to go to the Certificate Management Service console and purchase or upload an SSL certificate. For more information about how to purchase an SSL certificate, see Purchase SSL certificates.
Redirection to HTTPS
If you turn on Redirection to HTTPS, only the HTTPS port can be accessed and HTTP requests are redirected to the HTTPS port.
HTTP/2
Select an option to specify whether to use HTTP/2 during the TLS handshake based on Application-Layer Protocol Negotiation (ALPN). Valid values:
Use Global Configuration: The system dynamically determines whether the current domain name uses the HTTP/2 protocol based on the value of
EnableHttp2
.Enable: The current domain name uses the HTTP/2 protocol for communications after the TLS handshake succeeds.
Disable: The current domain name does not use the HTTP/2 protocol for communications after the TLS handshake succeeds.
NoteIf the HTTP protocol is used, the gateway uses HTTP Upgrade to automatically upgrade HTTP to HTTP/2 based on client requirements. Therefore, you need to configure this parameter based on your business requirements only if you select HTTPS from the drop-down list of the Protocol parameter.
TLS Version
Select the earliest and latest TLS versions when the current domain name uses TLS for communication.
Minimum TLS Version: the earliest TLS version that you select for the current domain name. Default value: TLS 1.0.
Maximum TLS Version: the latest TLS version that you select for the current domain name. Default value: TLS 1.3.
Verify the result
The system automatically configures a routing rule for the path of the associated domain name. For more information, see Create a routing rule.
If the resolution of your domain name takes effect, you can verify the result by directly accessing a website that meets the configured routing rule from a browser.
If you do not configure the Domain Name System (DNS) resolution for your domain name, you can run one of the following commands to verify the result based on the supported protocol. In the following examples, the associated domain name is
hello.com
. Replace {Public IP address} in the following URLs with your public IP address:HTTP:
curl http://hello.com --resolve "hello.com:80:{Public IP address}"
HTTPS:
curl -v -k https://hello.com --resolve "hello.com:443:{Public IP address}" --cacert my-cert.pem