CDN acceleration is used to speed up the download and delivery of COS bucket content, especially if the same content is downloaded repeatedly.
You can quickly download and deliver objects in a bucket by managing the following domain names:
Currently, you must activate the CDN service to use a custom domain name in COS.
- For domain names connected to a CDN node in Mainland China, you need to complete ICP filing. You are not required to do so through Tencent Cloud though.
- For domain names connected to a CDN node outside Mainland China, ICP filing is not required, but please note that your data and operations in Tencent Cloud still need to comply with local laws and regulations as well as General Service Level Agreements.
With CDN acceleration enabled for the default or custom CDN acceleration domain name, if the origin server is a public-read bucket, the objects in the origin server can be accessed via the default or custom CDN acceleration domain name. If the origin server is a private-read bucket, it is recommended to enable the CDN origin-pull authentication and CDN authentication configuration options.
CDN authentication configuration and CDN origin-pull authentication do not conflict with each other, but whether to enable them can affect the level of data protection, as shown below:
|Bucket access permission||CDN origin-pull authentication||CDN authentication configuration||Origin server can be accessed via CDN acceleration domain name||Origin server can be accessed via COS origin server's domain name||Scenarios|
|Public read||No||No||Yes||Yes||Site-wide public access|
|Public read||Yes||No||No||Yes||No recommendation|
|Public read||No||Yes||Requires URL authentication||Yes||No recommendation|
|Public read||Yes||Yes||Requires URL authentication||Yes||No recommendation|
|Private read + CDN service authorization||Yes||Yes||Requires URL authentication||Requires COS authentication||Full link protection|
|Private read + CDN service authorization||No||Yes||Requires URL authentication||Requires COS authentication||No recommendation|
|Private read + CDN service authorization||Yes||No||Yes||Requires COS authentication||origin server protection|
|Private read + CDN service authorization||No||No||No||Requires COS authentication||No recommendation|
|Private read||No||Yes or No||No||Requires COS authentication||CDN not available|
- Take the first row in the above list as an example. If the origin bucket is public read, and neither CDN origin-pull authentication nor CDN authentication configuration is enabled, then you can directly access CDN edge servers and the origin bucket using the CDN domain name, and directly access the origin bucket using the COS domain name.
- After CDN acceleration is enabled for a domain name, anyone can directly access the origin server via the domain name. Therefore, if you need to keep your data private, be sure to protect your data in the origin server through Authentication Configuration.