Accessing a Bucket Using a User-Defined Domain Name

After you upload a file to a bucket, OBS generates an access address for the file that includes the bucket's default domain name. Accessing this address using a browser will automatically download the file. To avoid exposing the default domain name of a bucket or to preview files online through a browser, you can bind a user-defined domain name to the bucket and use it to access the files in the bucket.

Scenarios

File preview: To avoid automatic file downloads, you can bind a user-defined domain name to a bucket for online file preview.
Preventing domain names from being blocked: Some application platforms may block the default domain name of a bucket. To access files in a bucket, you can bind a user-defined domain name to the bucket.
Keeping the access address unchanged: To keep website or file access addresses unchanged after a migration or storage location change, you can upload the files to a bucket and bind a user-defined domain name to the bucket. This will establish a mapping between the website domain name and the default bucket domain name. In this way, you can still access the files using the original address.
Improved brand image: Having a fixed and personalized domain name for accessing an enterprise website can make the enterprise appear more professional and reliable. This enhances enterprise image and improves customer experience.
Easy access: You can use a user-defined domain name that is easy to remember to access a bucket and files in the bucket.

Principles

The following describes the process of accessing objects in a bucket using a user-defined domain name and the process of accessing objects in a bucket using the default bucket domain name.

Figure 1 shows the process of accessing objects in a bucket using a user-defined domain name.

Figure 1 Using a user-defined domain name to access objects in a bucket

A user enters a file access address (that includes a user-defined domain name) in the browser to initiate an access request.
DNS maps the user-defined domain name to the default domain name of the bucket.
DNS translates the default domain name of the bucket to the IP address of the OBS server.
OBS returns the IP address of the server to the client.
The client sends a request with the user-defined domain name specified in the Host header to the IP address of the OBS server.
OBS identifies the user-defined domain name in the Host header and returns a response with Content-Disposition set to inline to the client, which indicates that the file is expected to be displayed in the browser.

Figure 2 shows the process of accessing objects in a bucket using its default domain name (bucketName.obs.endpoint.myhuaweicloud.com).

Figure 2 Using the default domain name of a bucket to access objects in the bucket

A user enters a file access address (that includes the default domain name of the bucket) in the browser to initiate an access request.
DNS translates the default domain name of the bucket to the IP address of the OBS server.
OBS returns the IP address of the server to the client.
The client sends a request with the default domain name specified in the Host header to the IP address of the OBS server.
OBS identifies the default domain name in the Host header and returns a response with Content-Disposition set to attachment to the client, which indicates that the file is expected to be downloaded and saved locally.

Constraints

**Table 1** Constraints
Item	Description
Bucket version	Only buckets whose version is 3.0 or later support user-defined domain names. The bucket version can be viewed in the Basic Information area of the bucket's Overview page on OBS Console.
Number of domain names	By default, a bucket can have up to 20 user-defined domain names bound.
Functions	User-defined domain names currently only allow requests over HTTP. If you want to use a user-defined domain name to access OBS over HTTPS, you need to configure CDN and manage HTTPS certificates on the CDN console. For details, see Configuring an HTTPS Certificate. A user-defined domain name can be bound to only one bucket. Chinese domain names are not supported. The suffix of a user-defined domain name can contain 2 to 6 uppercase or lowercase letters. As required by the MIIT, if the bucket which a user-defined domain name is bound to is in a Chinese mainland region, you must complete the ICP filing. NOTE: If an acceleration domain name is also required, to prevent objects in OBS buckets from being directly downloaded upon access, you need to perform other required operations after the user-defined domain name and the acceleration domain name have been configured. For details, see With CDN Acceleration Enabled, Why Are the Objects in My OBS Bucket Directly Downloaded When I Access Them?

Prerequisites

There is a bucket with objects. For details, see Creating a Bucket.
There is a second-level domain.
As required by the MIIT, if the bucket which a user-defined domain name is bound to is in a Chinese mainland region, you must complete the ICP filing.

Configuring a User-Defined Domain Name

You can use OBS Console, APIs, or SDKs to configure user-defined domain names.

Using OBS Console

To configure a user-defined domain name on OBS Console, perform the following steps:

1: Configure a User-Defined Domain Name

In the navigation pane of OBS Console, choose Object Storage.
In the bucket list, click the bucket you want to operate. The Objects page is displayed.
In the navigation pane, choose Domain Name Mgmt.

Figure 3 Domain name management page
Click Configure User Domain Name in the upper part of the page or click Configure User Domain Name in the lower card area of the page. In the displayed dialog box, enter the domain name and click OK.

The domain name suffix can contain 2 to 6 uppercase or lowercase letters, for example, .com and .cn.

Figure 4 Configuring a user domain name

2: Configure CNAME Record

Configure a CNAME record to map the user-defined domain name to the default domain name of the bucket.

If you add a domain name registered with Huawei Cloud, click Resolve. A CNAME record will be added by Huawei Cloud DNS.

If it is a domain name not registered with Huawei Cloud, skip this step and go to 2.

Manually configure the CNAME record.

The CNAME record configuration varies depending on DNS service providers. If your DNS service provider is not Huawei Cloud, refer to Configuring a CNAME Record.

If you use Huawei Cloud DNS, perform the following steps:

Log in to the Huawei Cloud console. On the homepage, choose Networking > Domain Name Service. The DNS console is displayed.
In the navigation pane, choose Public Zones.
Locate the row that contains the domain name to which you want to add a record set and click the domain name.
On the Record Sets tab, click Add Record Set.

Configure the parameters. Retain the default values for those not listed in the table below. For details, see Adding a CNAME Record Set.

**Table 2** Parameters
Parameter	Description	Example Value
Name	Prefix of the domain name to be resolved. For example, if the domain name is example.com, the prefix can be as follows: www: The domain name is www.example.com, which is usually used for a website. Left blank: The domain name is example.com. To use an at sign (@) as the domain name prefix, just leave this parameter blank. abc: The domain name is abc.example.com, a subdomain of example.com. mail: The domain name is mail.example.com, which is usually used for email servers. : The domain name is .example.com, which is a wildcard domain name, indicating all subdomains of example.com.	Leave it blank.
Type	Type of the record set, which is CNAME here. A message may be displayed indicating that the record set you are trying to add conflicts with an existing record set. For details, see Why Is a Message Indicating Conflict with an Existing Record Set Displayed When I Add a Record Set?	CNAME – Map one domain to another
Line	Resolution line. The DNS server will return the IP address of the specific line, depending on where the visitors come from. This parameter is only configurable for public zone record sets. Default: returns the default resolution result irrespective of where the visitors come from. ISP: returns the resolution result based on visitors' carrier networks. For details, see Configuring ISP Lines. Region: returns the resolution result based on visitors' geographical locations. For details, see Configuring Region Lines. Custom line: returns a specific IP address based on the IP address range of visitors. For details, see Configuring Custom Lines.	Default
TTL (s)	Cache duration of the record set on a local DNS server, in seconds. The value ranges from 1 to 2147483647, and the default value is 300. If your service address changes frequently, set TTL to a smaller value. For details, see What Is TTL?	300
Value	Domain name alias. You can enter only one domain name. NOTE: If CDN acceleration is not used, set this parameter to the bucket domain name. If CDN acceleration is used, set this parameter to the domain name specified in the CNAME record allocated by CDN.	webserver01.example.com

Click OK.
Check whether the CNAME record takes effect.
Open the Windows command line interface and run the following command:
```
nslookup -qt=cname User-defined domain name bound to the bucket
```
- Without CDN acceleration: If the output is the bucket domain name, the CNAME record has taken effect.
- With CDN acceleration: If the output is the CNAME domain name allocated by CDN, the CNAME record has taken effect.

Using APIs

Configuring a Custom Domain Name for a Bucket

Using SDKs

Java: not supported

Python: not supported

BrowserJS: not supported

.NET: not supported

Android: not supported

iOS: not supported

PHP: not supported

Node.js: not supported

Follow-Up Operations

Accessing a User-Defined Domain Name Over HTTPS

User-defined domain names currently only allow requests over HTTP. To use HTTPS, you can submit a service ticket.

You can also manage HTTPS certificates on the CDN console to allow access over HTTPS. For details, see Configuring an HTTPS Certificate.

Preventing Data Theft

Some rogue websites may steal links from other websites to enrich their content without any costs. Link stealing hurts the interests of the original websites and it is also a strain on their servers. URL validation is designed to address this issue.

To prevent data stored in buckets from being theft, you can specify Referer (a whitelisted, blacklisted, or empty Referer) in the HTTP header to allow access only from specific sources. For details, see Configuring URL Validation to Prevent Unauthorized Access to Your Data.

Configuring Static Website Hosting

If you want to host your static website on OBS and use a user-defined domain name to access the website, you need to configure static website hosting for the storage space. For details, see Static Website Hosting.