After an object is uploaded to the bucket, COS will automatically generate a URL (i.e., default endpoint) for you to access the object directly. To use CDN or your own domain name to access COS objects, you can bind your own domain or CDN acceleration domain to the bucket where the objects are stored.
You can set a domain name to access objects as needed. If you want to access a file through CDN acceleration, you need to access it by using the URL generated with the CDN acceleration domain name.
You can quickly download and deliver objects in a bucket by managing the following domain names:
Starting from May 9, 2022, COS will stop supporting default CDN acceleration domain names for buckets that have never used them. This change will not affect buckets that are using or once used default CDN acceleration domain names. However, we recommend you switch to custom CDN acceleration domain names instead. For more information on custom CDN acceleration domain names, see Enabling Custom CDN Acceleration Domain Name.
Currently, you must activate the CDN service to use Custom CDN Acceleration Domain in COS.
- For domain names connected to a CDN node in the Chinese mainland, you need to complete ICP filing. You are not required to do so through Tencent Cloud though.
- For domain names connected to a CDN node outside the Chinese mainland, ICP filing is not required, but you need to note that your data and operations in Tencent Cloud still need to comply with local laws and regulations as well as General Service Level Agreements.
With CDN acceleration enabled for Default CDN Acceleration Domain or Custom CDN Acceleration Domain, if the origin is a public-read bucket, the objects on the origin can be accessed via Default CDN Acceleration Domain or Custom CDN Acceleration Domain. If the origin is a private-read bucket, we recommend you enable origin-pull authentication and CDN authentication.
CDN authentication and origin-pull authentication do not conflict with each other, but whether to enable them can affect the level of data protection as shown below:
|Bucket access permission||CDN origin-pull authentication||CDN authentication||Origin can be accessed via
CDN acceleration domain name
|Origin can be accessed via
|Public read||Disabled||Disabled||Yes||Yes||Site-wide public access|
|Public read||Enabled||Disabled||Yes||Yes||Not recommended|
|Public read||Disabled||Enabled||URL authentication is required||Yes||Not recommended|
|Public read||Enabled||Enabled||URL authentication is required||Yes||Not recommended|
|Private read + CDN service authorization||Enabled||Enabled||URL authentication is required||COS authentication is required||Full-linkage protection|
|Private read + CDN service authorization||Disabled||Enabled||URL authentication is required||COS authentication is required||Not recommended|
|Private read + CDN service authorization||Enabled||Disabled||Yes||COS authentication is required||Origin protection|
|Private read + CDN service authorization||Disabled||Disabled||No||COS authentication is required||Not recommended|
|Private read||Disabled||Enabled or disabled||No||COS authentication is required||CDN is unavailable|
- Take the first row in the above list as an example. If the origin bucket is public read, and neither origin-pull authentication nor CDN authentication is enabled, then you can directly access CDN edge nodes and the origin bucket by using the CDN acceleration domain name, and directly access the origin bucket by using the COS domain name.
- The Origin protection above is useful in cases where your data cached on CDN edge nodes may be maliciously pulled due to a lack of CDN authentication. Therefore, we strongly recommend you enable CDN authentication as well for data security concerns.
- After CDN acceleration is enabled for a domain name, anyone can directly access the origin via the domain name. Therefore, if you need to keep your data private, be sure to protect your data on the origin through Authentication Configuration.