Note:Starting from May 9, 2022, Cloud Object Storage (COS) will stop supporting default CDN acceleration domains for buckets that have never used them. This change will not affect buckets that are using or once used default CDN acceleration domains. However, we recommend you switch to custom CDN acceleration domains instead. For operation guide on custom CDN acceleration, see Enabling Custom CDN Acceleration Domain Name.
A default CDN acceleration domain name is a CDN acceleration domain name COS automatically assigns to a bucket in the format of BucketName-APPID.file.myqcloud.com
. After it is enabled, you can use it to enjoy an accelerated access experience.
Log in to the COS console, click Bucket List on the left sidebar, and click the name of a bucket that you want to enable acceleration for.
Note:Domain Management is inaccessible if you have never used the CDN service. To activate it, go to the CDN console.
Click Domains and Transfer > Default CDN Acceleration Domain and find the Default CDN Acceleration Domain area. By default, the value of Status is Disabled. Click Edit, change the status to Enabled, and set other configuration items as described below.
BucketName-APPID.file.myqcloud.com
. After it is enabled, you can use it to enjoy an accelerated access experience.Note:For private-read buckets, after origin-pull authentication and CDN service authorization are enabled, the CDN edge node will no longer need to carry a signature when accessing the origin, and the resources cached by CDN will be delivered over the public network. In such case, data security will be under threat. Therefore, we recommend that you enable CDN authentication.
Origin-pull authentication is used to verify the service identity of the CDN edge node so as to prevent unauthorized access. Find the details below.
(1) Complete the CDN service authorization.
Note:Before enabling origin-pull authentication, you need to add the CDN service authorization.
Follow the steps below:
Adding CDN service authorization will enable the CDN edge node to assume the service identity which allows it to perform operations on a bucket. Find the details below.
After the CDN service authorization is completed, the CDN edge node can perform three operations on the bucket: Get Object
, Head Object
, and Options Object
. The authorization will be automatically written into the bucket access policy (see below for an example). Then, the CDN edge node does not need to do anything else while forwarding traffic to the origin.
{
"Statement":[
{
"Action":[
"name/cos:GetObject",
"name/cos:HeadObject",
"name/cos:OptionsObject"
],
"Effect": "allow",
"Principal":{
"qcs":[
"qcs::cam::uin/100000000001:service/cdn"
]
},
"Resource":[
"qcs::cos:ap-chengdu:uid/1250000000:examplebucket-1250000000/*"
]
}
],
"version": "2.0"
}
(2) After authorization, enable Origin-pull Authentication.
After clicking Save, you will see that the default acceleration domain name is being deployed (which is expected to be completed in about 5 minutes).
Note:After the default CDN acceleration is enabled, anyone can access the origin through this domain name. If your data requires privacy, be sure to enable the authentication to protect your data on the origin.
After you enable the default CDN acceleration domain and origin-pull authentication, the CDN authentication status will appear in the Default CDN Acceleration Domain area. You can click Authentication Configuration to go to the Access Control page of the corresponding domain.
Alternatively, you can log in to the CDN console, click Domain Management, select Default CDN Acceleration Domain, and click Access Control > Authentication Configuration. For detailed configuration directions, see Authentication Configuration.
After the above steps are completed, default CDN acceleration is enabled. You can disable it in the following ways:
Note:When you delete a domain name in the CDN console, you are deleting a CDN acceleration record of the default CDN acceleration domain name, not the domain name itself. To enable CDN acceleration, you can activate the domain name again in the COS console.
Was this page helpful?