Help & Documentation Cloud Object Storage Best Practice Configuring Custom Domain Names to Support HTTPS Access

Configuring Custom Domain Names to Support HTTPS Access

Last updated: 2019-08-12 16:21:19

PDF

You can access the objects under a bucket using your own domain name (the custom domain name, such as test.cos.com). See the following procedures:

Enabling CDN Acceleration

1. Bind custom domain name

Bind a bucket to your own domain name and enable CDN acceleration. For more information, see Domain Name Management - Custom Domain Names.

2. Configure HTTPS access

Configure HTTPS in the CDN Console. For more information, see HTTPS Configuration.

Disabling CDN Acceleration

This section uses an example to describe the steps of supporting HTTPS access in COS by configuring custom domain names through reverse proxy (CDN acceleration is disabled). In this example, we use the custom domain name https://test.cos.com to directly access the bucket testhttps-12345678 in South China without enabling CDN acceleration. Specific steps are as follows:

1. Bind custom domain name

Bind the bucket testhttps to the domain name https://test.cos.com and disable CDN acceleration. For more information, see Domain Name Management - Custom Domain Names.

2. Configure the reverse proxy for a domain name

Configure a reverse proxy for the domain name https://test.cos.com on the server, as shown below (the Nginx configuration is for reference only):

server {
    listen        443;
    server_name  test.cos.com ;

    ssl on;
    ssl_certificate /usr/local/nginx/conf/server.crt;
    ssl_certificate_key /usr/local/nginx/conf/server.key;

    error_log logs/test.cos.com.error_log;
    access_log logs/test.cos.com.access_log;
    location / {
        root /data/www/;
        proxy_pass  http://testhttps-12345678.cos.ap-guangzhou.myqcloud.com; //Configure the default download domain name for a bucket 
    }

}

Server.crt; and server.key are HTTPS certificates for your own (custom) domain names. If no HTTPS certificate is in place for your domain names, you can apply for one on the Tencent Cloud SSL Certificate page.
If no certificate is available, the following configuration information can be deleted, but an alarm will occur during access. Click Continue to access the bucket:

    ssl on;
    ssl_certificate /usr/local/nginx/conf/server.crt;
    ssl_certificate_key /usr/local/nginx/conf/server.key;

3. Resolve domain names to the server

Resolve your domain names at your DNS resolution provider. If you are using Tencent Cloud DNS, go to the Cloud DNS Console to resolve the domain name test.cos.com to the IP of the server in step 2.

Other configurations

Open the web page directly in a browser

  • After configuring the custom domain name to support HTTPS access, you can download objects in the bucket using your domain name. According to your business needs, you can directly access web pages and images in a browser through the static website feature. For more information, see Static Website Settings.

  • After the configuration is completed, add the following information to the Nginx configuration, restart Nginx, and refresh the browser cache.

proxy_set_header Host $http_host;

There is a risk of hotlinking for public buckets. You can enable the Referer whitelist by setting hotlink protection to prevent malicious hotlinking. Follow the steps below:

  1. Enable the hotlink protection feature in the COS Console and select Whitelist. For more information, see Hotlink Protection.
  2. Add the following information to the Nginx configuration, restart Nginx, and refresh the browser cache.
    proxy_set_header   Referer www.test.com;
  3. After the configuration, an error (error code: errorcode: -46616; error message: the refer whitelist is not hit) may occur if you directly open the file. However, by using a custom domain name configured with a proxy, the web page can be opened.