Overview

Last updated: 2020-05-27 16:21:26

    Overview

    CDN acceleration is used to speed up the download and delivery of COS bucket content, especially if the same content is downloaded repeatedly.

    Description

    You can quickly download and deliver objects in a bucket by managing the following domain names:

    • Default domain name: COS origin server's domain name, which is automatically generated based on the bucket name and region when you create a bucket. It’s important to distinguish it from the default CDN acceleration domain name.
    • Default CDN acceleration domain name: the domain name passing through CDN cache nodes, which is generated by default, and you can choose to enable or disable.
    • Custom CDN acceleration domain name: you can bind for your bucket a custom domain name to Tencent Cloud Content Delivery Network (CDN), and access objects in your bucket using this domain name.
    • Custom origin domain name: you can bind a custom domain name to the current bucket, and access the objects in the bucket via the custom domain name.

    Currently, you must activate the CDN service to use a custom domain name in COS.

    • For domain names connected to a CDN node in Mainland China, you need to complete ICP filing. You are not required to do so through Tencent Cloud though.
    • For domain names connected to a CDN node outside Mainland China, ICP filing is not required, but please note that your data and operations in Tencent Cloud still need to comply with local laws and regulations as well as General Service Level Agreements.

    With CDN acceleration enabled for the default or custom CDN acceleration domain name, if the origin server is a public-read bucket, the objects in the origin server can be accessed via the default or custom CDN acceleration domain name. If the origin server is a private-read bucket, it is recommended to enable the CDN origin-pull authentication and CDN authentication configuration options.

    • Origin-pull authentication (CDN service authorization must be added before it can be enabled): If the data requested by a user is not cached in the edge node, CDN fetches the data from the origin server. If COS is used as the origin server and origin-pull authentication is enabled, the CDN edge server accesses the COS origin server using a special service identity (which must be authorized by CDN service) to acquire and cache the data in the private bucket.
    • CDN authentication: when a user attempts to acquire cached data by accessing an edge server, the edge server verifies the authentication field in the accessed URL based on the authentication configuration rules to prevent unauthorized access and realize hotlink protection, thus improving the security and reliability of the data cached in the edge server.

    CDN authentication configuration and CDN origin-pull authentication do not conflict with each other, but whether to enable them can affect the level of data protection, as shown below:

    Bucket access permission CDN origin-pull authentication CDN authentication configuration Origin server can be accessed via CDN acceleration domain name Origin server can be accessed via COS origin server's domain name Scenarios
    Public read No No Yes Yes Site-wide public access
    Public read Yes No No Yes No recommendation
    Public read No Yes Requires URL authentication Yes No recommendation
    Public read Yes Yes Requires URL authentication Yes No recommendation
    Private read + CDN service authorization Yes Yes Requires URL authentication Requires COS authentication Full link protection
    Private read + CDN service authorization No Yes Requires URL authentication Requires COS authentication No recommendation
    Private read + CDN service authorization Yes No Yes Requires COS authentication origin server protection
    Private read + CDN service authorization No No No Requires COS authentication No recommendation
    Private read No Yes or No No Requires COS authentication CDN not available
    • Take the first row in the above list as an example. If the origin bucket is public read, and neither CDN origin-pull authentication nor CDN authentication configuration is enabled, then you can directly access CDN edge servers and the origin bucket using the CDN domain name, and directly access the origin bucket using the COS domain name.
    • After CDN acceleration is enabled for a domain name, anyone can directly access the origin server via the domain name. Therefore, if you need to keep your data private, be sure to protect your data in the origin server through Authentication Configuration.

    Was this page helpful?

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback
    Help