Alibaba Cloud CDN OSS Static Acceleration Configuration Tutorial

Why is the OSS CDN architecture recommended?

It is extremely inefficient to use OSS directly as an external chain. The correct architectural logic should be:

User → CDN edge node → OSS origin

This has three irreplaceable advantages:

Greatly reduce the pressure on the origin site: user requests first hit the CDN cache, and only when the cache is missing will the source OSS be returned. This means that OSS has lower request pressure and fewer back-to-origin times.

Access is significantly faster: The greatest value of a CDN is the reduction in physical distance. The user can obtain the resource from the nearest edge node. For example, the user is in Hong Kong and your OSS is in Hangzhou. With CDN, users take resources directly from Hong Kong nodes, and the delay is greatly reduced.

Traffic costs are more cost-effective: Many people do not know that the price of CDN traffic is usually more cost-effective than OSS external network outflow traffic, especially when the traffic is large.

The whole process of actual combat deployment

Phase 1: Origin Station (OSS) Configuration

1. Create a Bucket

When creating a bucket in the OSS console, refer to the following suggestions:

Permission setting: For public static resources, select Public Read. For private resources, enable CDN back-to-origin authorization.

Region selection: as close as possible to the source station business. For domestic business, choose East/South China; for overseas business, choose Hong Kong or Singapore.

2. Upload and directory specification

It is recommended to standardize the directory structure (such as/images,/js,/static) when uploading images, JS, CSS, videos, and font files.

。 This not only facilitates management, but also facilitates subsequent configuration of cache rules.

Phase 2: Acceleration (CDN) core configuration

1. Add an accelerated domain name

Click "domain name management"-"add domain name" in the CDN console, fill in your resource domain name (such as cdn.example.com)

。

Accelerated region: Mainland China users must choose "Mainland China" (ICP filing required); Overseas users choose "Global" or "Overseas 」.

Business type: general static resource station preferred "image small file", very suitable for pictures, JS and CSS acceleration.

2. Configure the OSS source station

Select "OSS domain name" in the source information, and directly associate the created OSS Bucket

。

The third stage: performance and safety depth optimization

1. Scientific configuration of cache rules (key to success or failure)

CDN has no effect, often the cache rules are set wrong.

Image classes (jpg, png, gif, webp): It is recommended to set the cache for 30 days, because these files rarely change.

JS/CSS: Considering the version update, it is recommended to set 1 hour.

HTML pages: It is recommended to set "do not cache" to ensure that users can see the latest pages.

2. Turn on Ignore Parameters to increase hit rate

When enabled, requests like? v = 1 and? v = 2 are treated as the same resource

to increase the cache hit rate

。 However, note that if your business relies on parameters for image processing or version control, do not open them indiscriminately.

3. Open Range Source (recommended for large files)

If you have videos or large files to download, turning on this feature allows CDN to split back to the source on demand instead of pulling the entire file at once, thus reducing back-to-source traffic and speeding up response.

4. Automated management: OSS automatically refreshes CDN

It is recommended to turn on "OSS automatically refresh CDN cache 」. When OSS files are updated, CDN will automatically refresh synchronously to prevent users from accessing the old content.

。

The fourth stage: on-line and security reinforcement

Domain name CNAME resolution: resolve the CNAME address provided by CDN to your DNS resolution background.

Use the Alibaba Cloud account where the CDN domain name is located, log on to the Cloud DNS console, find the domain name on the Domain Name Resolution page, and click Resolution Settings.

Click Add Record to create a CNAME record:

Enable HTTPS: Upload an SSL certificate in HTTPS Configuration. HTTPS is now standard.

Private bucket back-to-origin authorization: If your bucket is private, you must enable OSS private bucket back-to-origin on the CDN side, otherwise the back-to-origin will fail.

Configure URL authentication (anti-theft chain): If resources are easy to be stolen, it is recommended to turn on authentication to generate signed URLs, which will automatically expire after expiration.

Traffic capping (very important): Configure bandwidth or traffic caps to prevent bill explosions caused by swiped traffic. At the same time, it is recommended to turn on the balance alarm.

Troubleshooting common problems

Return 403: Check the bucket permission, URL authentication configuration, or IP address restriction.

Low cache hit ratio: Check for X-Cache in HTTP response headers. If it is MISS, check whether the cache time is too short or whether the origin site disables caching.

Private Bucket cannot be accessed: There is a high probability that the "OSS private bucket back-to-origin" authorization is not enabled.

Conclusion

What really affects the acceleration effect is not only "opening CDN", but also the details of cache policy, back-to-origin rules, security configuration and flow control.

。 Reasonable configuration of this scheme, not only can make your website as fast as lightning, but also significantly reduce the pressure and cost of the source station.