Feature Overview
Users can access objects in a bucket using their own custom domain (e.g.,
example.com). Follow the steps below for detailed instructions:Instructions
Enable CDN acceleration
Step 1. Bind a custom domain name
Bind the bucket to your own endpoint and enable CDN acceleration. For detailed directions, please see Enabling Custom Accelerated Domain Name.
Step 2. Perform HTTPS configuration
You can configure HTTPS access in the CDN console. For detailed directions, please see HTTPS Configuration Guide.
Disabling CDN Acceleration
This section provides a step-by-step example of configuring a custom domain with HTTPS access through reverse proxy in Cloud Object Storage (COS) with CDN acceleration disabled. In this example, we will access the Guangzhou-based bucket named testhttps-1250000000 directly via the custom domain
https://example.com without enabling CDN acceleration. Follow the steps below:Step 1. Bind a custom domain name
HTTPS certificate hosting for custom origin server domain names of COS is supported in public cloud regions in the Chinese mainland and in Singapore. You can bind the certificate to the added custom origin server domain names via the console. For details, see Method 1. If no HTTPS certificate is available for your domain name, click Apply for Free Certificate.
HTTPS certificate hosting currently is not supported in other regions. If you need to use HTTPS certificates, see Method 2.
Method 1:
Bind a custom origin domain name via the COS console
Bind the bucket testhttps-1250000000 to the domain https://example.com with CDN acceleration disabled. For detailed instructions, please refer to the Enable Custom Origin Domain Name documentation.Method 2: Configure reverse proxy for the domain
Set up a reverse proxy for the domain https://example.com on the server. Refer to the following configuration (the Nginx configuration provided is for reference only):server {listen 443;server_name example.com ;ssl on;ssl_certificate /usr/local/nginx/conf/server.crt;ssl_certificate_key /usr/local/nginx/conf/server.key;error_log logs/example.com.error_log;access_log logs/example.com.access_log;location / {root /data/www/;proxy_pass http://testhttps-1250000000.cos.ap-guangzhou.myqcloud.com; // Configure the default download domain for the bucket}}
The
server.crt; and server.key are the HTTPS certificates for your custom domain. If your domain does not have an HTTPS certificate, please visit the Tencent Cloud SSL Certificate page to apply for one.
If you do not have a certificate temporarily, you can remove the following configuration information. However, a warning will appear when accessing the site. Click "Continue" to proceed:ssl on;ssl_certificate /usr/local/nginx/conf/server.crt;ssl_certificate_key /usr/local/nginx/conf/server.key;
Step 2. Resolve the domain name at a server
Configure your domain's DNS resolution at your DNS provider. If you are using Tencent Cloud DNS, go to the DNS Resolution Console and resolve the domain
example.com to the server IP from step 1. For detailed instructions, refer to Quickly Add Domain Resolution.Step 3. Perform advanced configurations
Accessing web pages directly through a browser
After configuring your custom domain to support HTTPS, you can use your domain to download objects from the bucket. If you need to access web pages, images, etc., directly in the browser, you can use the static website feature. For detailed instructions, please refer to Setting up a Static Website.
Once the configuration is complete, add a line of information to the Nginx configuration, restart Nginx, and refresh the browser cache.
proxy_set_header Host $http_host;
Configure Hotlink Protection
If the bucket is public, there is a risk of hotlinking. Users can prevent malicious hotlinking by setting up hotlink protection and enabling a Referer whitelist. Follow the steps below:
1. Log in to the COS console, enable the hotlink protection feature, and configure an allowlist. For detailed directions, please see Setting Hotlink Protection.
2. Add the following code to the Nginx configuration file, restart Nginx, and refresh the browser cache.
proxy_set_header Referer www.test.com;
3. After completing the setup, opening the file directly will display an error message:
Error code: -46616. Error description: Not in the referer allowlist. However, accessing the custom domain through a proxy will allow the webpage to load normally.{errorcode: -46616,errormsg: "not hit white referer, retcode:-46616"}