Binding a Domain Name
Before exposing APIs, bind independent domain names to the group to which the APIs belong, so that API callers can access these APIs. The APIs can also be accessed using the debugging domain name allocated to the group.
- Debugging domain name (previously called "subdomain name"): The system automatically allocates a unique debugging domain name to each API group for internal testing. The domain name can be accessed 1000 times a day, and it cannot be modified.
- Independent domain name: You can add five custom domain names for API callers to call your open APIs. There is no limit on the number of times these domain names can be accessed.
- Groups under the same gateway cannot be bound with a same independent domain name.
- By default, the debugging domain name of an API group can only be resolved to a server in the same VPC as the gateway. If you want to resolve the domain name to a public network, bind an EIP to the gateway.
- If the independent domain name you select is a wildcard domain name (for example, *.aaa.com), you can use any of its subdomain names (for example, default.aaa.com and 1.aaa.com) to access all APIs in the group to which the domain name is bound.
Constraints
- If a domain name is already bound to a port, it cannot be bound to the same port again.
- If different ports are used for the same domain name, all ports take effect no matter whether any of them are bound to, modified, or unbound from the SSL certificate or whether client authentication is enabled or disabled.
- If you access backend services through a load balance channel, the port bound to the independent domain name must be the same as the access port of the backend server in the load balance channel.
- After an independent domain name is bound to a port, if you use an IP address to access an API, you need to add the header parameter host to the request. The host value should include the port number for the access protocol, unless you are using the default ports 80 or 443, in which case the host value is not necessary.
Prerequisites
- There is an independent domain name available.
- An A record points the independent domain name to the address of the gateway. For details, see Adding an A Record Set.
- If the API group contains HTTPS APIs, create an SSL certificate for the independent name.
Procedure
- Go to the APIG console.
- Select a dedicated gateway at the top of the navigation pane.
- Choose API Management > API Groups.
- Click a group name.
- Click the Group Information tab.
- In the Independent Subdomain Names area, click Bind Independent Domain Name. Then configure the domain name information.
Table 1 Independent domain name configuration Parameter
Description
Domain Name
Domain name to be bound to the API group.
Minimum TLS Version
The minimum TLS version that can be used to access the domain name. TLS 1.1 and TLS 1.2 (recommended) are supported.
This parameter applies only to HTTPS and does not take effect for HTTP and other access modes. Configure HTTPS cipher suites using the ssl_ciphers parameter on the Parameters tab.
HTTP-to-HTTPS Auto Redirection
HTTP-to-HTTPS auto redirection can be enabled for independent domain names.
HTTP Port
The default value is 80, which is the default HTTP port number. You can customize the inbound port. For details, see Custom Inbound Port. If the HTTP port is not used, select suspend.
HTTPS Port
The default value is 443, which is the default HTTPS port. You can customize the inbound port. For details, see Custom Inbound Port. If the HTTPS port is not used, select suspend.
- Click OK.
If the domain name is no longer needed, click Unbind Domain Name to unbind it from the API group.
- (Optional) If the API group contains HTTPS APIs, bind an SSL certificate to the independent domain name.
- In the row that contains the domain name, click Select SSL Certificate.
- Select an SSL certificate and click OK.
- If a CA certificate has been uploaded for the SSL certificate, you can enable client authentication (HTTPS two-way authentication). Enabling or disabling client authentication will affect the existing services. Exercise caution when performing this operation.
- If no SSL certificate is available, click Create SSL Certificate to create one. For details, see SSL Certificates.
Troubleshooting
- Failure in binding an independent domain name: It already exists or is not CNAMEd to the debugging domain name of the API group.
- Failure in binding an SSL certificate: The domain name used to generate the SSL certificate is different from the target independent domain name.
HTTP-to-HTTPS Auto Redirection
Gateways created after November 30, 2022 support HTTP-to-HTTPS auto redirection.
Constraints
Redirection is only suitable for GET and HEAD requests. Redirecting other requests may cause data loss due to browser restrictions.
Conditions for enabling redirection:
- The frontend request protocol is set to HTTPS or HTTP&HTTPS (see Creating an API).
- An independent domain name and SSL certificate have been bound to the API group to which the API belongs. For details, see the preceding descriptions in this section.
After binding an independent domain name to the API group, enable HTTP-to-HTTPS Auto Redirection for the domain name.
Follow-Up Operations
After binding independent domain names to the API group, create APIs in the group to selectively expose backend capabilities. For details, see Creating an API.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
