Getting Started with CDN

Operation Process

Procedure	Description
Preparations	Register a HUAWEI ID and enable CDN.
Step 1: Add a Domain Name	Add a domain name to CDN for acceleration and configure an origin server for the domain name.
Step 2: Configure a CNAME Record	After you add a domain name, the system automatically assigns a CNAME to it. The CNAME cannot be accessed directly. You must configure a CNAME record that points your domain name to the assigned CNAME address. This ensures that requests to your domain name are redirected to CDN PoPs for acceleration.
Step 3: Verify the CNAME Record	The time it takes for the CNAME record to take effect depends on the DNS provider. You can check whether the CNAME record has taken effect by yourself.
(Optional) Recommended Configurations	After adding the domain name for acceleration, configure cache rules, smart compression, and secure acceleration to improve the cache hit ratio, optimize the acceleration effect, and enhance security.

Preparations

Register a HUAWEI ID and specify a payment method.
Enable CDN.
Prepare a domain name for acceleration and an origin server (service server) based on the domain name admission conditions, content moderation requirements, and domain name description in the Notes and Constraints.

Step 1: Add a Domain Name

Add your domain name to CDN for acceleration. In this example, the domain name www.example.com is used.

Log in to the CDN console.
In the navigation pane, choose Domains.

On the Domains page, click Add Domain Names and specify domain parameters.

Figure 1 Adding a domain name
Click to enlarge

**Table 1** Parameter description
Parameter	Item	Description
Domain Names	-	A domain name can contain up to 200 characters, including letters, digits, hyphens (-), periods (.), and asterisks (). It can start with a letter, digit, or asterisk. An asterisk, if any, must be the first character. Each label of a domain name (for example, in .**.com) can contain up to 63 characters. You can add up to 100 domain names under each account. CDN does not allow access from websites containing illicit content. For details, see "Content moderation" in Restrictions. The existing domain names connected to CDN are reviewed regularly. If a domain name involves any violations, CDN acceleration will be suspended for the domain name and other domain names in your account. If a domain name has been in the Disabled or Rejected state for more than 120 days, CDN starts the domain name deletion process and deletes the domain name records after confirmation. If CDN acceleration is required for the domain name, add the domain name again. If a domain name has not been accessed for more than 180 days, CDN starts the domain name suspension process and disables CDN acceleration for the domain name after confirmation. An acceleration domain name must be unique. You can add a domain name including a wildcard (). For example, if you add .test.com to CDN as an acceleration domain name and have it resolved to the CNAME provided by CDN, all of the level-2 domain names under .test.com, such as a.test.com, will enjoy CDN acceleration by default. However, level-3 domain names (such as b.a.test.com*) would not. If you add a wildcard domain name to a particular account, you cannot add any of the level-2 domain names under that domain name to other accounts. You will be billed for the acceleration service provided to all of the level-2 domain names under a wildcard domain name. If there are multiple level-2 domain names, billing will be based on the traffic generated by the wildcard domain name, not on each of the level-2 domain names.
Enterprise Project	-	This parameter is only available if Huawei Cloud Enterprise Project Management Service is enabled. For details, see Enterprise Management User Guide. You cannot select disabled enterprise projects.
Service Area	Global	CDN schedules all user requests to the optimal PoP nearby. Apply for a license for the domain name from the Ministry of Industry and Information Technology (MIIT). For details, see ICP License Service.
	Chinese mainland	CDN schedules all user requests to PoPs in the Chinese mainland. Apply for a license for the domain name from the MIIT. For details, see ICP License Service.
	Outside Chinese mainland	CDN schedules all user requests to PoPs outside the Chinese mainland. You do not need to apply for a license for the domain name from the MIIT.
Service Type	Website	CDN is perfect for web portals, e-commerce platforms, news apps, and user generated content (UGC)–focused apps. The cache format includes but is not limited to .zip, .exe, .wmv, .gif, .png, .bmp, .wma, .rar, .jpeg, and .jpg.
	File download	CDN is useful for download clients, game clients, app stores, and websites that provide download services based on HTTP or HTTPS.
	On-demand services	CDN accelerates delivery of on-demand services, such as online education, video sharing, music or video on demand, and other audiovisual content.
	Whole site	CDN is a good option for websites that consist of both dynamic and static content and for sites with abundant ASP, JSP, or PHP requests. CAUTION: WSA is an independent cloud service and is billed separately. It shares the same console with CDN. You need to enable WSA before adding domain names for whole site acceleration. For details about how to enable WSA, see Enabling WSA. When Service Type is set to Whole site, the origin server type cannot be set to OBS bucket.
Origin Protocol	-	Protocol used by CDN PoPs to pull content from the origin server. HTTP HTTPS (Ensure that the origin server supports HTTPS access.) Same as user: The origin protocol is the same as the client access protocol. For example, if a client accesses CDN using HTTP, CDN also uses HTTP for origin pull.

Verify domain name ownership. When you add a domain name to CDN for the first time, verify your ownership of the domain name to avoid unauthorized or malicious use. The following uses file verification as an example. For DNS resolution verification, see Verifying Domain Name Ownership.
1. When adding a domain name to CDN, verify the ownership of the domain name when you encounter the scenario shown in the following figure.
  Figure 2 Verifying domain name ownership
2. Click View Methods and click the File Upload tab. Do not close the verification page before the verification is complete.
3. Click verification.html to download the file.
4. Upload the file to the root directory of your domain server.
5. Click Verify to verify the ownership of the domain name.
  
  Huawei Cloud CDN will access http://example.com/verification.html to obtain the verification file. If the system verifies that the obtained file is correct, the verification is successful. Ensure that the verification file is accessible.

Add an origin server. An origin server is a service server. When a client accesses a resource that is not cached on CDN PoPs, CDN requests the resource from the origin server and returns the resource to the client.

In the Origin Server Settings area, click Add Origin Server to add an origin server for the domain name.

Figure 3 Adding an origin server
Click to enlarge

**Table 2** Parameter description
Parameter	Description
Type	IP address CDN PoPs access the IP address directly to pull origin content. IPv4 is supported, but IPv6 is not supported. If multiple IP addresses are configured, CDN uses the load balancing mechanism to pull content from the origin server.
	Domain name Start with a letter or digit. Use only letters, digits, hyphens (-), and periods (.). Enter up to 255 characters. Each label of a domain name (for example, * in .**.com) can contain up to 63 characters. An origin domain cannot be the same as an acceleration domain name. You can also enter the domain name of an object storage bucket. Pay attention to the following points when selecting this option: You cannot use private object storage buckets as origin servers when you set Type to Domain name. If you use an object storage bucket as your origin server, the object storage service will charge the origin pull traffic based on its billing standards. When back-to-source by mirroring is configured on OBS and range requests are enabled on CDN, if the mirror origin server does not comply with the RFC Range Requests standard, the response to range requests is not 206 and CDN fails to pull content. If you use an OBS bucket created after January 1, 2022 as the origin server and want to enable online preview, log in to the CDN console, choose Domains in the navigation pane, click the target domain name, click the Advanced Settings tab, click Edit next to HTTP Headers, and set Content-Disposition to inline. For details, see How Do I Preview OBS Objects in My Web Browser?
	OBS bucket Select an OBS bucket domain name under your account or customize one. OBS charges the CDN origin pull traffic based on the billing standard for outgoing Internet traffic. If you set a bucket of OBS 3.0 or a later version as the origin server, you can purchase OBS pull traffic packages to deduct origin pull traffic. For details, see OBS Billing for CDN Acceleration. Notes: If your OBS private bucket is unsuitable as an origin for your domain name, do not set the private bucket as the origin server. If you enter a domain name of an OBS bucket, the entered domain name must end with .myhuaweicloud.com or .myhuaweicloud.cn. If you set an OBS private bucket as the origin server and want to filter user requests, enable OBS authorization and OBS Pull Authentication. Otherwise, origin pull will fail. To use a custom OBS private bucket as the origin server, configure a policy for the private bucket. For details, see Configuring a Policy for a Custom OBS Private Bucket. If you have enabled static website hosting for your OBS bucket, select the Static website hosting checkbox when adding a domain name. In this way, a full list of files in the bucket will not be displayed when users access the bucket. When back-to-source by mirroring is configured on OBS and range requests are enabled on CDN, if the mirror origin server does not comply with the RFC Range Requests standard, the response to range requests is not 206 and CDN fails to pull content. In this case, submit a service ticket. When Service Type is set to Whole site, the origin server type cannot be set to OBS bucket. If the origin server is an OBS private bucket, when a client requests the homepage of the acceleration domain name and origin pull is triggered, origin pull can succeed only when the request method is GET or HEAD. For other request methods, CDN blocks the request and returns status code 403. NOTE: If you use an OBS bucket created after January 1, 2022 as the origin server and want to enable online preview, log in to the CDN console, choose Domains in the navigation pane, click the target domain name, click the Advanced Settings tab, click Edit next to HTTP Headers, and set Content-Disposition to inline. For details, see How Do I Preview OBS Objects in My Web Browser?
Address	Address accessed by CDN PoPs during origin pull. If the origin server type is IP address, you can enter multiple IP addresses and separate them with commas (,). Each IP address is an origin server. A domain name can have up to 50 origin servers. The number of IP addresses you can enter cannot exceed the total number of available origin servers of the domain name.
Host Header	A host is specified in the HTTP request header. It is the domain name of the site accessed by CDN PoPs when CDN pulls content from the origin server. CDN obtains resources from the corresponding site based on the host details during origin pull. After a domain name is added, the default host will be the domain name. Change the host in a timely fashion if either of the following conditions is met: If you set Type to Domain name and enter the domain name of an object storage bucket, set the host to the domain name of the bucket. If you want CDN to pull content from a custom domain name, specify the host. For example, suppose an origin server is bound to two sites, www.origin01.com and www.origin02.com, and the domain name connected to CDN is www.example01.com. If you need CDN to pull content from www.origin02.com, you would need to set the host to www.origin02.com.
OBS Pull Authentication	Applies when an OBS bucket is used as an origin server. Enable this switch if access to the bucket requires authentication. In this way, CDN PoPs carry the authentication information during origin pull. If the information does not match the OBS bucket, origin pull fails. Enabled by default for a private bucket Disabled by default for a public bucket
Priority	Enter a number from 1 to 1,000. A larger number indicates a higher priority. CDN pulls content from the origin server with the highest priority first. If such origin server is faulty, CDN pulls content from the origin server with a lower priority. You can configure up to six rules with unique priorities. NOTE: On April 10, 2025 (Beijing time), CDN updated the origin server priority function and stopped using the concept of primary and standby origin servers. Currently, the default priorities of the original primary and standby origin servers are as follows: Primary origin server: 70 Standby origin server: 30
Weight	The value ranges from 1 to 100. A larger value indicates that content is pulled from this origin server more frequently. If there are multiple origin servers with the same priority, the weight determines the proportion of content pulled from each origin server.
Origin Ports	Ports for CDN PoPs to pull content. Range: 1 to 65535. Default ports: 80 for HTTP and 443 for HTTPS. If Type is set to OBS bucket, the port numbers cannot be changed.

Click OK. Repeat 3.a to add more origin servers. You can add up to 50 origin servers.

Configure optional settings. Attacks and malicious traffic will result in a bill higher than your normal expenditures. This bill cannot be waived or refunded. Enable usage capping and burst bandwidth alert for your domain name to reduce such risks.
1. With usage capping, CDN will disable the acceleration service for the domain name once its access bandwidth reaches the specified threshold, helping you avoid excess billing.
2. With burst bandwidth alerts, CDN will alert you when the access bandwidth reaches the specified threshold, helping you identify abnormal requests promptly and reduce risks of unexpected billing. By default, this function is enabled without a specific threshold. You can disable it as required.
Agree to the agreement by selecting I have read and agree to Cross-Border Data Transfer Compliance Commitment and click OK in the lower right corner of the page.
Test your domain name before configuring a CNAME record that points your domain name to the assigned CNAME address to ensure that your domain configurations are correct.
1. Ping the CNAME for the domain name you added to obtain the IP address.
  Example: If the domain name is www.example.com and the generated CNAME address is www.example.com.9c****e7.c.cdnhwc1.com, you can ping www.example.com.9c****e7.c.cdnhwc1.com to get the IP address 10.0.0.0.
2. Edit the hosts file on the local PC.
  If you use a Windows system, map the domain name www.example.com to the IP address 10.0.0.0 in the hosts file in the C:\Windows\System32\drivers\etc\ directory.
  Figure 4 Testing the domain name
1. Access your domain name to test services. If the test results meet your expectation, the configurations are correct.

Step 2: Configure a CNAME Record

After you add a domain name, the system automatically assigns a CNAME to it. The CNAME cannot be accessed directly. You must configure a CNAME record that points your domain name to the assigned CNAME address at the DNS provider. This ensures that requests to your domain name are redirected to CDN PoPs for acceleration.

The following uses Huawei Cloud DNS as an example to describe the configuration process.

Obtain the CNAME of the domain name.

Log in to the CDN console.
In the navigation pane, choose Domains.
In the domain name list, search for www.example.com and copy the CNAME www.example.com.9c****e7.c.cdnhwc1.com in the CNAME column.

Add a CNAME record.

Log in to the DNS console.
In the navigation pane, choose Public Zones.

The public zone list is displayed.
Click the domain name you want to add a record set to.
Click Add Record Set in the upper right corner.
Set the parameters as prompted. The following is an example:
Type: Select CNAME – Map one domain to another.

Name: Enter www.

Line: Select Default.

TTL (s): Retain the default value.

Value: Enter www.example.com.9c****e7.c.cdnhwc1.com.
Click OK.
- After the CNAME record takes effect, the status changes to . However, CNAME resolution may fail the verification and the status changes to , indicating that no CNAME record is configured for the domain name. If you have correctly configured the CNAME record, ignore the error message.
- A CNAME record takes effect immediately after being added. If you modify the CNAME record, then the change takes effect within 72 hours.
- If you encounter a resolution conflict, see Rules for Handling Record Set Conflicts.

Step 3: Verify the CNAME Record

The length of time before the CNAME record takes effect depends on the DNS provider. To check whether a CNAME record has taken effect:

Open the command line interface that comes with Windows and run the following command:

nslookup -qt=cname Acceleration domain name

If the CNAME is displayed, the CNAME record has taken effect.

Click to enlarge

If the CNAME record has taken effect, your domain name has been successfully connected to CDN for acceleration.

(Optional) Recommended Configurations

After adding an acceleration domain name, configure cache rules, smart compression, and secure acceleration to improve the cache hit ratio, optimize the acceleration effect, and enhance security.

Scenario	Configuration Item	Description
The cache hit ratio is low and the acceleration effect is not obvious.	Cache Rules	Set a proper cache TTL and priority for different resources to improve the cache hit ratio, reduce the origin pull ratio, and relieve the pressure on the origin server. Notes: The cache rule priority is an integer ranging from 1 to 1,000. A greater number indicates a higher priority. After you modify or add a cache rule, purge the cache of the corresponding resource. Set the cache TTL of dynamic resources to 0, so dynamic resources are not cached. Otherwise, access exceptions may occur.
	Smart Compression	Compress static content on your websites by reducing file size. This speeds up file transfer and saves you a lot of bandwidth. Smart compression includes gzip compression and Brotli compression. The performance of Brotli compression is 15% to 25% higher than that of gzip compression. With smart compression, CDN automatically compresses .js, .html, .css, .xml, .json, .shtml, and .htm files.
	URL Parameters	Ignore or retain parameters after the question mark (?) in URLs to improve the cache hit ratio and speed up content distribution. If resources do not change with URL parameters, ignore query parameters. If resources change with URL parameters, retain query parameters.
The origin pull efficiency needs to be improved to reduce pull consumption.	Range Requests	Configure range requests to accelerate distribution of large files during origin pull and reduce bandwidth consumption. Range requests are enabled by default for download acceleration. The origin server must support the Range header.
Redirection is enabled for origin server resources.	Redirect from Origin	If 301 or 302 redirection is configured for the origin server address, the origin server returns status code 301 or 302 to CDN for a pull request. If this function is enabled on CDN, CDN PoPs will redirect to the address specified in the 301 or 302 response to obtain the resource, cache the resource, and return the resource to the user.
The security performance needs to be improved.	HTTPS Certificates	Configure a Secure Sockets Layer (SSL) certificate to improve the domain name security.
	Access Control	Identify and filter visitors to restrict their access and improve CDN resource security.
	CDN-WAF Integration	Huawei Cloud CDN works with WAF to defend against web attacks during content delivery acceleration, providing a more secure acceleration experience.
Attacks or malicious traffic can cause sudden spikes and extra costs. CDN can help you reduce the risk of unexpected billing.	Usage Cap	Set a usage cap so CDN will disable the acceleration service for your domain name when the access bandwidth reaches the threshold you specify, helping you avoid excessive fees.
	Burst Bandwidth Alert	When burst bandwidth alerts are configured, CDN will notify you once access bandwidth reaches the specified threshold. This allows you to promptly identify abnormal requests and mitigate the risks of unexpected billing.
	IP Access Frequency	You can enable IP access frequency control to restrict the number of queries per seconds (QPS) to a URL sent from a single IP address to a single PoP to defend against CC attacks and malicious theft and reduce the risk of high bills.
	Cloud Eye Monitoring	After enabling Cloud Eye monitoring for domain names in your account, you can view real-time metrics such as traffic, bandwidth, and status codes, and configure alarms. When monitoring metrics meet the defined alarm conditions, notifications are sent via email or SMS, helping you promptly detect potential risks and avoid unexpected issues.
	Request Rate Limiting	After request rate limiting is enabled, when a single request reaches the rate limiting condition, the access speed of the user is limited to reduce the risk of burst bandwidth.