Create a domain name

Prerequisites

Complete the ICP filing for your domain name.

Procedure

1. Log on to the AI Gateway console.

2. In the navigation pane on the left, choose Domain Name. In the top menu bar, select a region.

3. Click Add Domain Name, configure the following parameters, and click OK.

   Parameter	Description
   Domain Name	Enter a full domain name such as hello.com or a wildcard domain name such as *.hello.com. Each domain name has independent protocol, certificate, and routing configurations. Important *.hello.com matches a.hello.com, b.hello.com, and a.b.hello.com. However, a certificate for *.hello.com covers only a.hello.com and b.hello.com, not a.b.hello.com.
   	Select HTTP or HTTPS. Supported ports: HTTP: port 80. HTTPS: port 443.
   If you select the HTTPS protocol
   Certificate	Select a certificate from SSL Certificate Service. Note If you do not have a certificate, click Purchase/Upload Certificate to go to the SSL Certificate Service console. Purchase SSL Certificates.
   Always Use HTTPS	When enabled, only the HTTPS port is active. All HTTP requests are redirected to HTTPS.
   Enable HTTP/2?	Specifies whether to use HTTP/2, negotiated during the TLS handshake through ALPN. Use gateway instance configuration: Uses the gateway-level EnableHttp2 setting. Changes to EnableHttp2 apply automatically. Enabled: Uses HTTP/2 after TLS handshake. Off: Does not use HTTP/2. Note For HTTP connections, the gateway upgrades to HTTP/2 automatically through the HTTP Upgrade header. This setting applies only to HTTPS.
   TLS Version	Set the supported TLS version range. Minimum TLS version: Default is 1.0. Maximum TLS version: Default is 1.3.
   Cipher Suite	Select a Default or Custom cipher suite. Default: Uses the default cipher suite. Default cipher suite: ECDHE-ECDSA-AES128-GCM-SHA256 (Supported versions: TLS 1.2, TLS 1.3) ECDHE-RSA-AES128-GCM-SHA256 (Supported versions: TLS 1.2, TLS 1.3) ECDHE-ECDSA-AES256-GCM-SHA384 (Supported versions: TLS 1.2, TLS 1.3) ECDHE-RSA-AES256-GCM-SHA384 (Supported versions: TLS 1.2, TLS 1.3) ECDHE-ECDSA-CHACHA20-POLY1305 (Supported versions: TLS 1.2, TLS 1.3) ECDHE-RSA-CHACHA20-POLY1305 (Supported versions: TLS 1.2, TLS 1.3) ECDHE-ECDSA-AES128-SHA (Supported versions: TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3) ECDHE-RSA-AES128-SHA (Supported versions: TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3) ECDHE-ECDSA-AES256-SHA (Supported versions: TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3) ECDHE-RSA-AES256-SHA (Supported versions: TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3) AES128-GCM-SHA256 (Supported versions: TLS 1.2, TLS 1.3) AES256-GCM-SHA384 (Supported versions: TLS 1.2, TLS 1.3) AES128-SHA (Supported versions: TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3) AES256-SHA (Supported versions: TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3) Custom: Select specific cipher suites to allow. Note Custom cipher suites apply only to TLS 1.0, 1.1, and 1.2 connections, not TLS 1.3.
   Mutual authentication mTLS	Enable or disable mutual authentication mTLS. Disabled by default.
   Mutual authentication CA certificate	Required when mutual authentication mTLS is enabled. Select a CA certificate to verify client identity.
   resource	Select a resource group, or click Create Resource Group to create one.

Verify the result

Configure an accessible route for the domain name.

• If DNS resolution is configured, access the domain name in a web browser to verify.

• If DNS is not configured, verify with the following commands. The examples use hello.com as the domain name. Replace {public IP address} with your gateway's public IP address.

  • Verify HTTP

    curl http://hello.com --resolve "hello.com:80:{public IP address}"

  • Verify HTTPS

    curl -v -k https://hello.com --resolve "hello.com:443:{public IP address}" --cacert my-cert.pem