- Updates and Announcements
- User Tutorial
- Product Introduction
- Purchase Guide
- Quick Start
- Operation Guide
- Purchasing Instances
- Creating an Enterprise Edition Instance
- Access Configuration
- Manage Image Repository
- Image Distribution
- Image Security
- Synchronization and Replication
- Configuring Image Tag Retention
- Image Cleanup
- DevOps
- OCI Artifacts Management
- Operation Guide for TCR Individual
- Terminating/Returning Instances
- Best Practices
- TCR Personal migration
- Using the Delivery Assembly Line to Implement Container DevOps
- TKE Clusters Use the TCR Addon to Enable Secret-free Pulling of Container Images via Private Network
- Synchronizing Images to TCR Enterprise Edition from External Harbor
- TKE Serverless Clusters Pull TCR Container Images
- Image Data Synchronization and Replication Between Multiple Platforms in Hybrid Cloud
- Nearby Access Through Image Synchronization Between Multiple Global Regions
- Using Custom Domain Name and CCN to Implement Cross-Region Private Network Access
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance Management APIs
- DescribeInstances
- DescribeInstanceStatus
- CreateInstanceToken
- CreateInstance
- ModifyInstanceToken
- DescribeInstanceToken
- DeleteInstanceToken
- DeleteInstance
- RenewInstance
- CheckInstanceName
- CheckInstance
- ModifyInstance
- DescribeRegions
- DescribeInstanceCustomizedDomain
- DescribeImageAccelerateService
- DeleteInstanceCustomizedDomain
- DeleteImageAccelerateService
- CreateInstanceCustomizedDomain
- CreateImageAccelerationService
- Namespace APIs
- Image Repository APIs
- Custom Account APIs
- Trigger APIs
- Instance Synchronization APIs
- Access Control APIs
- Helm Chart APIs
- Tag Retention APIs
- Data Types
- Error Codes
- FAQs
- Service Level Agreement
- Contact Us
- Glossary
- Updates and Announcements
- User Tutorial
- Product Introduction
- Purchase Guide
- Quick Start
- Operation Guide
- Purchasing Instances
- Creating an Enterprise Edition Instance
- Access Configuration
- Manage Image Repository
- Image Distribution
- Image Security
- Synchronization and Replication
- Configuring Image Tag Retention
- Image Cleanup
- DevOps
- OCI Artifacts Management
- Operation Guide for TCR Individual
- Terminating/Returning Instances
- Best Practices
- TCR Personal migration
- Using the Delivery Assembly Line to Implement Container DevOps
- TKE Clusters Use the TCR Addon to Enable Secret-free Pulling of Container Images via Private Network
- Synchronizing Images to TCR Enterprise Edition from External Harbor
- TKE Serverless Clusters Pull TCR Container Images
- Image Data Synchronization and Replication Between Multiple Platforms in Hybrid Cloud
- Nearby Access Through Image Synchronization Between Multiple Global Regions
- Using Custom Domain Name and CCN to Implement Cross-Region Private Network Access
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance Management APIs
- DescribeInstances
- DescribeInstanceStatus
- CreateInstanceToken
- CreateInstance
- ModifyInstanceToken
- DescribeInstanceToken
- DeleteInstanceToken
- DeleteInstance
- RenewInstance
- CheckInstanceName
- CheckInstance
- ModifyInstance
- DescribeRegions
- DescribeInstanceCustomizedDomain
- DescribeImageAccelerateService
- DeleteInstanceCustomizedDomain
- DeleteImageAccelerateService
- CreateInstanceCustomizedDomain
- CreateImageAccelerationService
- Namespace APIs
- Image Repository APIs
- Custom Account APIs
- Trigger APIs
- Instance Synchronization APIs
- Access Control APIs
- Helm Chart APIs
- Tag Retention APIs
- Data Types
- Error Codes
- FAQs
- Service Level Agreement
- Contact Us
- Glossary
Overview
Tencent Container Registry (TCR) Enterprise Edition allows you to configure and use custom domain names, which facilitates the use of the domain access service uniformly planned by your company. In addition, you can continue using the original domain name after migrating from another image registry service to TCR, which helps maintain the service continuity.
TCR Enterprise Edition instances with any specifications all support configuring multiple domain names without affecting the normal use of existing default domain names of the instances. To use a custom domain name, you need to provide the SSL certificate associated with the domain name and access the instance over HTTPS. This document describes how to use a custom domain name to access a TCR Enterprise Edition instance.
Concepts
Domain name
A domain name is a string of characters separated by dots. A domain name in TCR Enterprise Edition is used to access the instance service and directly determines the access address of an image repository.
SSL certificate
An SSL certificate is used for compliance with the HTTPS protocol, so that TCR Enterprise Edition can implement encrypted transfer and identity verification over the HTTPS protocol, ensuring the transfer security.
DNSPod
DNSPod can route the access traffic to a custom domain name to the corresponding IP address of a TCR Enterprise Edition instance.
Prerequisites
Before configuring and using a custom domain name, you need to complete the following:
- Get a domain name. You can register one in Tencent Cloud Domains.Note
- Get an ICP filing for you domain name if you want to use it in a public network environment.
- You do not need to get an ICP filing if your TCR Enterprise Edition instance is outside the Chinese mainland.
- Get a certificate for the domain name. You can purchase a certificate in SSL Certificates and confirm that it has been bound to the custom domain name to be used by the instance.
- Activate DNSPod. For more information, see Private DNS.
Directions
Creating custom domain name
- Log in to the TCR console and select Domain Name Management on the left sidebar.
- On the Domain Name Management page, select the region and ID of the instance for which you want to add a custom domain name.
- Click Add Domain Name. In the *Add Domain Name pop-up window, configure the domain name and certificate information as prompted as shown below:
- Domain Name: enter the custom domain name to be used. We recommend you use a common domain suffix.
- Certificate: select a certificate bound to the custom domain name. Only a certificate managed in SSL Certificates can be selected.Note
If your custom domain name has been filed with MIIT, and a DNS record has been added in the Domains console, you can enter it in the Domain Name input box and select a certificate.
- Click OK.
After adding a custom domain name successfully, you can view it on the Domain Name Management page. Then, you can perform the following operations to manage the custom domain name as shown below:
Setting access control and DNS
You can use the custom domain name in the public network or VPC. We recommend you use a VPC to access the instance preferably.
Configuring private network access control
Connect a VPC to the instance and confirm that the private network access IP is generated normally as instructed in Private Network Access Control.
Configuring Private DNS
Go to the Private DNS console, create a private domain with the added custom domain name, and associate it with the connected VPC. Use an A record to configure DNS in the private domain, and use the private network access IP of the created private network access linkage as the record value. For more information, see Private DNS.
Updating domain certificate
If you need to update the certificate bound to your custom domain name for reasons such as certificate expiration or upgrade, go to the Domain Name Management page, click Update Certificate on the right of the row of the custom domain name and select an SSL certificate again. Certificate update requires redelivery of the SSL certificate information, during which the custom domain name can still be accessed normally.
Deleting custom domain name
On the Domain Name Management page, click Delete on the right of the row of the specified custom domain name to delete it. Doing so may invalidate the existing container image pull configuration and thus affect application update. Therefore, do so with caution.
Yes
No
Was this page helpful?