After an object is uploaded to the bucket, COS will automatically generate a URL (i.e., default domain name) for you to access this object directly. To use CDN or your own domain name to access COS objects, you can bind your own domain or CDN to the bucket where the objects are stored.
You can set a domain name to access objects as needed. To accelerate access using CDN, you can access using the URL generated with the CDN acceleration domain name.
You can quickly download and deliver objects in a bucket by managing the following domain names:
Currently, you must activate the CDN service to use a custom domain name in COS.
- For domain names connected to a CDN node in Mainland China, you need to complete ICP filing. You are not required to do so through Tencent Cloud though.
- For domain names connected to a CDN node outside Mainland China, ICP filing is not required, but please note that your data and operations in Tencent Cloud still need to comply with local laws and regulations as well as General Service Level Agreements.
With CDN acceleration enabled for the default or custom CDN acceleration domain name, if the origin server is a public-read bucket, the objects in the origin server can be accessed via the default or custom CDN acceleration domain name. If the origin server is a private-read bucket, it is recommended to enable the CDN origin-pull authentication and CDN authentication configuration options.
CDN authentication configuration and CDN origin-pull authentication do not conflict with each other, but whether to enable them can affect the level of data protection, as shown below:
|Bucket access permission||CDN origin-pull authentication||CDN authentication||Origin server can be accessed via CDN acceleration domain name||Origin server can be accessed via
|Public read||Disabled||Disabled||Accessible||Accessible||Site-wide public access|
|Public read||Enabled||Disabled||Yes||Yes||Not recommended|
|Public read||Disabled||Enabled||URL authentication is required||Yes||Not recommended|
|Public read||Enabled||Enabled||URL authentication is required||Accessible||Not recommended|
|Private read + CDN service authorization||Enabled||Enabled||URL authentication is required||COS authentication is required||Protection throughout link|
|Private read + CDN service authorization||Disabled||Enabled||URL authentication is required||COS authentication is required||Not recommended|
|Private read + CDN service authorization||Enabled||Disabled||Yes||COS authentication is required||Origin server protection|
|Private read + CDN service authorization||Disabled||Disabled||No||COS authentication is required||Not recommended|
|Private read||Disabled||Enabled or disabled||No||COS authentication is required||CDN is unavailable|
- Take the first row in the above list as an example. If the origin bucket is public read, and neither CDN origin-pull authentication nor CDN authentication configuration is enabled, then you can directly access CDN edge servers and the origin bucket using the CDN domain name, and directly access the origin bucket using the COS domain name.
- The Origin site protection above is useful in cases where your data cached on CDN edge nodes may be maliciously pulled due to a lack of CDN authentication. Therefore, it is strongly recommended to enable CDN authentication as well for data security concerns.
- After CDN acceleration is enabled for a domain name, anyone can directly access the origin server via the domain name. Therefore, if you need to keep your data private, be sure to protect your data in the origin server through Authentication Configuration.