- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Getting Started
- Console Guide
- Console Overview
- Bucket Management
- Bucket Overview
- Creating a Bucket
- Deleting a Bucket
- Querying Buckets
- Emptying a Bucket
- Setting Access Permission
- Setting Bucket Encryption
- Setting Hotlink Protection
- Setting Origin-Pull
- Setting CORS
- Setting Versioning
- Setting Up a Static Website
- Setting Lifecycle
- Setting Logging
- Accessing Bucket List Using Sub-Account
- Adding a Bucket Policy
- Setting Log Analysis
- Setting INTELLIGENT TIERING
- Setting Inventory
- Domain Name Management
- Setting Bucket Tags
- Setting Cross-Bucket Replication
- Enabling Global Acceleration
- Object Management
- Uploading Objects
- Downloading Objects
- Copying Objects
- Viewing Object Information
- Searching for Objects
- Sorting and Filtering Objects
- Direct Upload to ARCHIVE
- Modifying Storage Classes
- Deleting Incomplete Multipart Uploads
- Setting Object Access Permission
- Setting Object Encryption
- Custom Headers
- Deleting Objects
- Restoring Archived Objects
- Folder Management
- Data Extraction
- Setting Object Tags
- Exporting Object URLs
- Restoring a Historical Object Version
- Batch Operation
- Monitoring Reports
- Data Processing
- Data Processing Workflow
- Application Integration
- User Tools
- Tool Overview
- Installation and Configuration of Environment
- COSBrowser
- COSCLI (Beta)
- COSCLI Overview
- Download and Installation Configuration
- Common Options
- Common Commands
- Generating and Modifying Configuration Files - config
- Creating a Bucket - mb
- Deleting a Bucket - rb
- Tagging Bucket - bucket-tagging
- Querying Bucket/Object List - ls
- Obtaining Statistics on Different Types of Objects - du
- Uploading/Downloading/Copying Objects - cp
- Syncing Upload/Download/Copy - sync
- Deleting Objects - rm
- Getting File Hash Value - hash
- Listing Incomplete Multipart Uploads - lsparts
- Clearing Incomplete Multipart Uploads - abort
- Restoring Archived Objects - restore
- Getting Pre-signed URL - signurl
- FAQs
- COSCMD
- COS Migration
- FTP Server
- COSFS
- Hadoop
- COSDistCp
- Hadoop-cos-DistChecker
- HDFS TO COS
- Diagnostic Tool
- GooseFS
- Overview
- Update Log
- Getting Started
- Key Features
- Deployment Guide
- OPS Guide
- Data Security
- GooseFS on TKE Cloud Native Practices
- Quick Start
- Using GooseFS as Fluid Dataset Runtime
- Multi-Master Node Deployment
- Multiple-Master Affinity Scheduling
- Accelerating Data in COS
- Global Client Deployment
- Using Parameters for Encryption
- Manual Scaling
- Data Caching and Metadata Caching
- Data Affinity Scheduling
- Data Scheduling Based on Tolerations and Taints
- Data Preloading
- Deploying Multiple Datasets on the Same Cluster via Placement
- Best Practice
- Overview
- Access Control and Permission Management
- ACL Practices
- Cloud Access Management Practices
- Granting Sub-accounts Access to COS
- Cases of Permission Setting
- Working with COS API Authorization Policies
- Security Guidelines for Using Temporary Credentials for Direct Upload from Frontend to COS
- Generating and Using Temporary Keys
- Grant Sub-account Permissions to Pull Tag List
- Descriptions and Use Cases of Condition Keys
- Granting Sub-account Under One Root Account Permission to Manipulate Buckets Under Another Root Account
- Performance Optimization
- Data Migration
- Accessing COS Using the AWS S3 SDK
- Data Disaster Recovery and Backup
- Direct Data Upload
- Domain Name Management Practice
- Data Security
- Data Verification
- Big Data Practice
- Custom Processing
- Using COS in the Third-party Applications
- Using APIs to Zip Files
- Using APIs to Merge Files
- Developer Guide
- Creating Request
- Bucket
- Object
- Data Management
- Data Disaster Recovery
- Data Security
- Cloud Access Management
- Batch Operation
- Global Acceleration
- Data Processing
- Metadata Acceleration
- Data Workflow
- Monitoring and Alarms
- Troubleshooting
- API Documentation
- Introduction
- Common Request Headers
- Common Response Headers
- Error Codes
- Request Signature
- Operation List
- Service APIs
- Bucket APIs
- Basic Operations
- Access Control List (acl)
- Cross-Origin Resource Sharing (cors)
- Lifecycle
- Bucket Policy (policy)
- Hotlink Protection (referer)
- Tag (tagging)
- Static Website (website)
- Intelligent Tiering
- Bucket inventory(inventory)
- Versioning
- Cross-Bucket Replication(replication)
- Log Management(logging)
- Global Acceleration (Accelerate)
- Bucket Encryption (encryption)
- Custom Domain Name (Domain)
- Object APIs
- Batch Operation APIs
- Data Processing APIs
- Image Processing
- Basic Image Processing
- Scaling
- Cropping
- Rotation
- Converting Format
- Quality Change
- Gaussian Blurring
- Adjusting Brightness
- Adjusting Contrast
- Sharpening
- Grayscale Image
- Image Watermarking
- Text Watermarking
- Obtaining Basic Image Information
- Obtaining Image EXIF
- Obtaining Image’s Average Hue
- Removing Image Metadata
- Quick Thumbnail Template
- Limiting Output Image Size
- Pipeline Operators
- Image Advanced Compression
- Persistent Image Processing
- Image Compression
- Basic Image Processing
- Media Processing
- Image Processing
- Data Workflow APIs
- SDK Documentation
- SDK Overview
- Preparations
- Android SDK
- Object Operations
- Uploading Objects
- Downloading Objects
- Copying and Moving Objects
- Listing Objects
- Deleting Objects
- Restoring Archived Objects
- Querying Object Metadata
- Generating Pre-Signed URLs
- Configuring Preflight Requests for Cross-origin Access
- Server-Side Encryption
- Single-Connection Bandwidth Limit
- Extracting Object Content
- Getting Started
- Quick Experience
- Bucket Operations
- Remote Disaster Recovery
- Data Management
- Cloud Access Management
- Data Verification
- Image Processing
- Setting Custom Headers
- Setting Access Domain Names (CDN/Global Acceleration)
- Troubleshooting
- Object Operations
- C SDK
- C++ SDK
- .NET(C#) SDK
- Getting Started
- Bucket Operations
- Object Operations
- Uploading Objects
- Downloading Objects
- Copying and Moving Objects
- Listing Objects
- Deleting Objects
- Checking Whether Objects Exist
- Restoring Archived Objects
- Querying Object Metadata
- Object Access URL
- Getting Pre-Signed URLs
- Configuring Preflight Requests for Cross-Origin Access
- Server-Side Encryption
- Single-URL Speed Limits
- Extracting Object Content
- Cross-Region Disaster Recovery
- Data Management
- Cloud Access Management
- Image Processing
- Setting Custom Headers
- Setting Access Domain Names (CDN/Global Acceleration)
- Troubleshooting
- Backward Compatibility
- Go SDK
- iOS SDK
- Getting Started
- Quick Experience
- Bucket Operations
- Object Operations
- Uploading Objects
- Downloading Objects
- Listing Objects
- Copying and Moving Objects
- Extracting Object Content
- Checking Whether an Object Exists
- Deleting Objects
- Restoring Archived Objects
- Querying Object Metadata
- Server-Side Encryption
- Object Access URL
- Generating Pre-Signed URL
- Configuring CORS Preflight Requests
- Cross-region Disaster Recovery
- Data Management
- Cloud Access Management
- Image Processing
- Setting Custom Headers
- Setting Access Domain Names (CDN/Global Acceleration)
- Troubleshooting
- Java SDK
- Getting Started
- FAQs
- Bucket Operations
- Object Operations
- Uploading Objects
- Downloading Objects
- Copying and Moving Objects
- Listing Objects
- Deleting Objects
- Checking Whether Objects Exist
- Querying Object Metadata
- Modifying Object Metadata
- Object Access URL
- Getting Pre-Signed URLs
- Restoring Archived Objects
- Server-Side Encryption
- Client-Side Encryption
- Single-URL Speed Limits
- Extracting Object Content
- Data Management
- Cross-Region Disaster Recovery
- Cloud Access Management
- Image Processing
- Media Processing
- Troubleshooting
- Setting Access Domain Names (CDN/Global Acceleration)
- JavaScript SDK
- Node.js SDK
- PHP SDK
- Python SDK
- Getting Started
- Bucket Operations
- Bucket Management
- Object Operations
- Uploading Objects
- Downloading Objects
- Copying and Moving Objects
- Listing Objects
- Deleting Objects
- Checking Whether Objects Exist
- Querying Object Metadata
- Modifying Object Metadata
- Object Access URL
- Getting Pre-Signed URLs
- Restoring Archived Objects
- Extracting Object Content
- Server-Side Encryption
- Client-Side Encryption
- Single-URL Speed Limits
- Data Management
- Cloud Access Management
- Setting Access Domain Names (CDN/Global Acceleration)
- Troubleshooting
- Image Processing
- Mini Program SDK
- Error Codes
- FAQs
- COS Service Level Agreement
- Glossary
- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Getting Started
- Console Guide
- Console Overview
- Bucket Management
- Bucket Overview
- Creating a Bucket
- Deleting a Bucket
- Querying Buckets
- Emptying a Bucket
- Setting Access Permission
- Setting Bucket Encryption
- Setting Hotlink Protection
- Setting Origin-Pull
- Setting CORS
- Setting Versioning
- Setting Up a Static Website
- Setting Lifecycle
- Setting Logging
- Accessing Bucket List Using Sub-Account
- Adding a Bucket Policy
- Setting Log Analysis
- Setting INTELLIGENT TIERING
- Setting Inventory
- Domain Name Management
- Setting Bucket Tags
- Setting Cross-Bucket Replication
- Enabling Global Acceleration
- Object Management
- Uploading Objects
- Downloading Objects
- Copying Objects
- Viewing Object Information
- Searching for Objects
- Sorting and Filtering Objects
- Direct Upload to ARCHIVE
- Modifying Storage Classes
- Deleting Incomplete Multipart Uploads
- Setting Object Access Permission
- Setting Object Encryption
- Custom Headers
- Deleting Objects
- Restoring Archived Objects
- Folder Management
- Data Extraction
- Setting Object Tags
- Exporting Object URLs
- Restoring a Historical Object Version
- Batch Operation
- Monitoring Reports
- Data Processing
- Data Processing Workflow
- Application Integration
- User Tools
- Tool Overview
- Installation and Configuration of Environment
- COSBrowser
- COSCLI (Beta)
- COSCLI Overview
- Download and Installation Configuration
- Common Options
- Common Commands
- Generating and Modifying Configuration Files - config
- Creating a Bucket - mb
- Deleting a Bucket - rb
- Tagging Bucket - bucket-tagging
- Querying Bucket/Object List - ls
- Obtaining Statistics on Different Types of Objects - du
- Uploading/Downloading/Copying Objects - cp
- Syncing Upload/Download/Copy - sync
- Deleting Objects - rm
- Getting File Hash Value - hash
- Listing Incomplete Multipart Uploads - lsparts
- Clearing Incomplete Multipart Uploads - abort
- Restoring Archived Objects - restore
- Getting Pre-signed URL - signurl
- FAQs
- COSCMD
- COS Migration
- FTP Server
- COSFS
- Hadoop
- COSDistCp
- Hadoop-cos-DistChecker
- HDFS TO COS
- Diagnostic Tool
- GooseFS
- Overview
- Update Log
- Getting Started
- Key Features
- Deployment Guide
- OPS Guide
- Data Security
- GooseFS on TKE Cloud Native Practices
- Quick Start
- Using GooseFS as Fluid Dataset Runtime
- Multi-Master Node Deployment
- Multiple-Master Affinity Scheduling
- Accelerating Data in COS
- Global Client Deployment
- Using Parameters for Encryption
- Manual Scaling
- Data Caching and Metadata Caching
- Data Affinity Scheduling
- Data Scheduling Based on Tolerations and Taints
- Data Preloading
- Deploying Multiple Datasets on the Same Cluster via Placement
- Best Practice
- Overview
- Access Control and Permission Management
- ACL Practices
- Cloud Access Management Practices
- Granting Sub-accounts Access to COS
- Cases of Permission Setting
- Working with COS API Authorization Policies
- Security Guidelines for Using Temporary Credentials for Direct Upload from Frontend to COS
- Generating and Using Temporary Keys
- Grant Sub-account Permissions to Pull Tag List
- Descriptions and Use Cases of Condition Keys
- Granting Sub-account Under One Root Account Permission to Manipulate Buckets Under Another Root Account
- Performance Optimization
- Data Migration
- Accessing COS Using the AWS S3 SDK
- Data Disaster Recovery and Backup
- Direct Data Upload
- Domain Name Management Practice
- Data Security
- Data Verification
- Big Data Practice
- Custom Processing
- Using COS in the Third-party Applications
- Using APIs to Zip Files
- Using APIs to Merge Files
- Developer Guide
- Creating Request
- Bucket
- Object
- Data Management
- Data Disaster Recovery
- Data Security
- Cloud Access Management
- Batch Operation
- Global Acceleration
- Data Processing
- Metadata Acceleration
- Data Workflow
- Monitoring and Alarms
- Troubleshooting
- API Documentation
- Introduction
- Common Request Headers
- Common Response Headers
- Error Codes
- Request Signature
- Operation List
- Service APIs
- Bucket APIs
- Basic Operations
- Access Control List (acl)
- Cross-Origin Resource Sharing (cors)
- Lifecycle
- Bucket Policy (policy)
- Hotlink Protection (referer)
- Tag (tagging)
- Static Website (website)
- Intelligent Tiering
- Bucket inventory(inventory)
- Versioning
- Cross-Bucket Replication(replication)
- Log Management(logging)
- Global Acceleration (Accelerate)
- Bucket Encryption (encryption)
- Custom Domain Name (Domain)
- Object APIs
- Batch Operation APIs
- Data Processing APIs
- Image Processing
- Basic Image Processing
- Scaling
- Cropping
- Rotation
- Converting Format
- Quality Change
- Gaussian Blurring
- Adjusting Brightness
- Adjusting Contrast
- Sharpening
- Grayscale Image
- Image Watermarking
- Text Watermarking
- Obtaining Basic Image Information
- Obtaining Image EXIF
- Obtaining Image’s Average Hue
- Removing Image Metadata
- Quick Thumbnail Template
- Limiting Output Image Size
- Pipeline Operators
- Image Advanced Compression
- Persistent Image Processing
- Image Compression
- Basic Image Processing
- Media Processing
- Image Processing
- Data Workflow APIs
- SDK Documentation
- SDK Overview
- Preparations
- Android SDK
- Object Operations
- Uploading Objects
- Downloading Objects
- Copying and Moving Objects
- Listing Objects
- Deleting Objects
- Restoring Archived Objects
- Querying Object Metadata
- Generating Pre-Signed URLs
- Configuring Preflight Requests for Cross-origin Access
- Server-Side Encryption
- Single-Connection Bandwidth Limit
- Extracting Object Content
- Getting Started
- Quick Experience
- Bucket Operations
- Remote Disaster Recovery
- Data Management
- Cloud Access Management
- Data Verification
- Image Processing
- Setting Custom Headers
- Setting Access Domain Names (CDN/Global Acceleration)
- Troubleshooting
- Object Operations
- C SDK
- C++ SDK
- .NET(C#) SDK
- Getting Started
- Bucket Operations
- Object Operations
- Uploading Objects
- Downloading Objects
- Copying and Moving Objects
- Listing Objects
- Deleting Objects
- Checking Whether Objects Exist
- Restoring Archived Objects
- Querying Object Metadata
- Object Access URL
- Getting Pre-Signed URLs
- Configuring Preflight Requests for Cross-Origin Access
- Server-Side Encryption
- Single-URL Speed Limits
- Extracting Object Content
- Cross-Region Disaster Recovery
- Data Management
- Cloud Access Management
- Image Processing
- Setting Custom Headers
- Setting Access Domain Names (CDN/Global Acceleration)
- Troubleshooting
- Backward Compatibility
- Go SDK
- iOS SDK
- Getting Started
- Quick Experience
- Bucket Operations
- Object Operations
- Uploading Objects
- Downloading Objects
- Listing Objects
- Copying and Moving Objects
- Extracting Object Content
- Checking Whether an Object Exists
- Deleting Objects
- Restoring Archived Objects
- Querying Object Metadata
- Server-Side Encryption
- Object Access URL
- Generating Pre-Signed URL
- Configuring CORS Preflight Requests
- Cross-region Disaster Recovery
- Data Management
- Cloud Access Management
- Image Processing
- Setting Custom Headers
- Setting Access Domain Names (CDN/Global Acceleration)
- Troubleshooting
- Java SDK
- Getting Started
- FAQs
- Bucket Operations
- Object Operations
- Uploading Objects
- Downloading Objects
- Copying and Moving Objects
- Listing Objects
- Deleting Objects
- Checking Whether Objects Exist
- Querying Object Metadata
- Modifying Object Metadata
- Object Access URL
- Getting Pre-Signed URLs
- Restoring Archived Objects
- Server-Side Encryption
- Client-Side Encryption
- Single-URL Speed Limits
- Extracting Object Content
- Data Management
- Cross-Region Disaster Recovery
- Cloud Access Management
- Image Processing
- Media Processing
- Troubleshooting
- Setting Access Domain Names (CDN/Global Acceleration)
- JavaScript SDK
- Node.js SDK
- PHP SDK
- Python SDK
- Getting Started
- Bucket Operations
- Bucket Management
- Object Operations
- Uploading Objects
- Downloading Objects
- Copying and Moving Objects
- Listing Objects
- Deleting Objects
- Checking Whether Objects Exist
- Querying Object Metadata
- Modifying Object Metadata
- Object Access URL
- Getting Pre-Signed URLs
- Restoring Archived Objects
- Extracting Object Content
- Server-Side Encryption
- Client-Side Encryption
- Single-URL Speed Limits
- Data Management
- Cloud Access Management
- Setting Access Domain Names (CDN/Global Acceleration)
- Troubleshooting
- Image Processing
- Mini Program SDK
- Error Codes
- FAQs
- COS Service Level Agreement
- Glossary
Overview
After an object is uploaded to the bucket, COS will automatically generate a URL (i.e., default endpoint) for you to access the object directly. To use CDN or your own domain name to access COS objects, you can bind your own domain or CDN acceleration domain to the bucket where the objects are stored.
You can set a domain name to access objects as needed. If you want to access a file through CDN acceleration, you need to access it by using the URL generated with the CDN acceleration domain name.
Description
You can quickly download and deliver objects in a bucket by managing the following domain names:
- Default Endpoint: COS origin's domain name, which is automatically generated based on the bucket name and region when you create a bucket. It's important to distinguish it from the default CDN acceleration domain name.
- Default CDN Acceleration Domain: The domain name passing through CDN cache nodes, which is generated by default and you can choose to enable or disable.
Note:
Starting from May 9, 2022, COS will stop supporting default CDN acceleration domain names for buckets that have never used them. This change will not affect buckets that are using or once used default CDN acceleration domain names. However, we recommend you switch to custom CDN acceleration domain names instead. For more information on custom CDN acceleration domain names, see Enabling Custom CDN Acceleration Domain Name.
- Custom CDN Acceleration Domain: You can bind for your bucket a custom domain name to Tencent Cloud Content Delivery Network (CDN) and access objects in your bucket using this domain name. (If you have enabled Custom Domain in the legacy COS console, Custom Domain will be displayed in the new console instead of Custom CDN Acceleration Domain.)
- Custom Endpoint: You can bind your own domain name as a custom endpoint to the bucket for access to the objects in it.
Note:Currently, you must activate the CDN service to use Custom CDN Acceleration Domain in COS.
- For domain names connected to a CDN node in the Chinese mainland, you need to complete ICP filing. You are not required to do so through Tencent Cloud though.
- For domain names connected to a CDN node outside the Chinese mainland, ICP filing is not required, but you need to note that your data and operations in Tencent Cloud still need to comply with local laws and regulations as well as General Service Level Agreements.
With CDN acceleration enabled for Default CDN Acceleration Domain or Custom CDN Acceleration Domain, if the origin is a public-read bucket, the objects on the origin can be accessed via Default CDN Acceleration Domain or Custom CDN Acceleration Domain. If the origin is a private-read bucket, we recommend you enable origin-pull authentication and CDN authentication.
- Origin-pull Authentication (CDN service authorization must be added before it can be enabled): If the data requested by a user is not cached on the edge node, CDN will fetch the data from the origin. If COS is used as the origin and origin-pull authentication is enabled, the CDN edge node will access the COS origin server by using a special service identity (which must be authorized by the CDN service) to get and cache the data in the private bucket.
- CDN Authentication: When a user attempts to acquire cached data by accessing an edge node, the edge server will verify the authentication field in the accessed URL based on the authentication configuration rules to prevent unauthorized access and realize hotlink protection, thus improving the security and reliability of the data cached on the edge node.
CDN authentication and origin-pull authentication do not conflict with each other, but whether to enable them can affect the level of data protection as shown below:
| Bucket access permission | CDN origin-pull authentication | CDN authentication | Origin can be accessed via CDN acceleration domain name |
Origin can be accessed via COS endpoint |
Scenarios |
|---|---|---|---|---|---|
| Public read | Disabled | Disabled | Yes | Yes | Site-wide public access |
| Public read | Enabled | Disabled | Yes | Yes | Not recommended |
| Public read | Disabled | Enabled | URL authentication is required | Yes | Not recommended |
| Public read | Enabled | Enabled | URL authentication is required | Yes | Not recommended |
| Private read + CDN service authorization | Enabled | Enabled | URL authentication is required | COS authentication is required | Full-linkage protection |
| Private read + CDN service authorization | Disabled | Enabled | URL authentication is required | COS authentication is required | Not recommended |
| Private read + CDN service authorization | Enabled | Disabled | Yes | COS authentication is required | Origin protection |
| Private read + CDN service authorization | Disabled | Disabled | No | COS authentication is required | Not recommended |
| Private read | Disabled | Enabled or disabled | No | COS authentication is required | CDN is unavailable |
Note:
- Take the first row in the above list as an example. If the origin bucket is public read, and neither origin-pull authentication nor CDN authentication is enabled, then you can directly access CDN edge nodes and the origin bucket by using the CDN acceleration domain name, and directly access the origin bucket by using the COS domain name.
- The Origin protection above is useful in cases where your data cached on CDN edge nodes may be maliciously pulled due to a lack of CDN authentication. Therefore, we strongly recommend you enable CDN authentication as well for data security concerns.
- After CDN acceleration is enabled for a domain name, anyone can directly access the origin via the domain name. Therefore, if you need to keep your data private, be sure to protect your data on the origin through Authentication Configuration.
Yes
No
Was this page helpful?