You can access the objects under a bucket using your own domain name (the custom domain name, such as test.cos.com
). See the following procedures:
Bind a bucket to your own domain name and enable CDN acceleration. For more information, see Domain Name Management - Custom Domain Names.
Configure HTTPS in the CDN Console. For more information, see HTTPS Configuration.
This section uses an example to describe the steps of supporting HTTPS access in COS by configuring custom domain names through reverse proxy (CDN acceleration is disabled). In this example, we use the custom domain name https://test.cos.com
to directly access the bucket testhttps-12345678 in South China without enabling CDN acceleration. Specific steps are as follows:
Bind the bucket testhttps to the domain name https://test.cos.com
and disable CDN acceleration. For more information, see Domain Name Management - Custom Domain Names.
Configure a reverse proxy for the domain name https://test.cos.com
on the server, as shown below (the Nginx configuration is for reference only):
server {
listen 443;
server_name test.cos.com ;
ssl on;
ssl_certificate /usr/local/nginx/conf/server.crt;
ssl_certificate_key /usr/local/nginx/conf/server.key;
error_log logs/test.cos.com.error_log;
access_log logs/test.cos.com.access_log;
location / {
root /data/www/;
proxy_pass http://testhttps-12345678.cos.ap-guangzhou.myqcloud.com; //Configure the default download domain name for a bucket
}
}
Server.crt;
and server.key
are HTTPS certificates for your own (custom) domain names. If no HTTPS certificate is in place for your domain names, you can apply for one on the Tencent Cloud SSL Certificate page.
If no certificate is available, the following configuration information can be deleted, but an alarm will occur during access. Click Continue to access the bucket:
ssl on;
ssl_certificate /usr/local/nginx/conf/server.crt;
ssl_certificate_key /usr/local/nginx/conf/server.key;
Resolve your domain names at your DNS resolution provider. If you are using Tencent Cloud DNS, go to the Cloud DNS Console to resolve the domain name test.cos.com
to the IP of the server in step 2.
After configuring the custom domain name to support HTTPS access, you can download objects in the bucket using your domain name. According to your business needs, you can directly access web pages and images in a browser through the static website feature. For more information, see Setting up a Static Website.
After the configuration is completed, add the following information to the Nginx configuration, restart Nginx, and refresh the browser cache.
proxy_set_header Host $http_host;
There is a risk of hotlinking for public buckets. You can enable the Referer allowlist by setting hotlink protection to prevent malicious hotlinking. Follow the steps below:
proxy_set_header Referer www.test.com;
errorcode: -46616
; error message: the refer allowlist is not hit) may occur if you directly open the file. However, by using a custom domain name configured with a proxy, the web page can be opened.
Was this page helpful?