Cloud-native Gateway provides multi-domain name management, which lets you manage protocols, certificates, and routing configurations for different domain names. The gateway also supports wildcard domains. For example, if you bind the wildcard domain *.hello.com, you can access the gateway using subdomains such as 1.hello.com and 2.hello.com.
Prerequisites
You must complete the ICP filing for your domain names.
For Chinese mainland regions, you must obtain an ICP filing for your domain name through Alibaba Cloud or add Alibaba Cloud as a service provider to your existing ICP filing. For regions outside the Chinese mainland, no ICP filing is required.
Procedure
-
Log on to the MSE console. In the top navigation bar, select a region.
-
In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the ID of the gateway.
-
In the left-side navigation pane, click Routes. Then, click the Domain tab.
-
Click Add Domain Name. In the Add Domain Name panel, configure the parameters and then click OK.
Parameter
Description
Domain Name
Enter a fully qualified domain name, such as
hello.com, or a wildcard domain, such as*.hello.com. This lets you independently manage protocols, certificates, and routing configurations for the domain name, isolating it from others.ImportantA wildcard domain such as
*.hello.comcan match subdomains such asa.hello.com,b.hello.com, and even multi-level subdomains likea.b.hello.com. However, a wildcard certificate for*.hello.comcovers only single-level subdomains likea.hello.comandb.hello.com, and does not cover multi-level subdomains likea.b.hello.com.Protocol
Select HTTP or HTTPS.
If you set Protocol to HTTPS, you must also configure the following parameters.
Certificate
Select a certificate from Alibaba Cloud Certificate Management Service to use with the HTTPS protocol.
NoteIf you have not purchased or uploaded an SSL certificate, click Purchase/Upload Certificate to go to the Certificate Management Service console. For more information, see Purchase an SSL certificate.
Always Use HTTPS
When enabled, this option redirects all HTTP requests to HTTPS. The gateway then serves traffic only on the HTTPS port.
HTTP/2
Determines whether to use HTTP/2 during the TLS handshake using Application-Layer Protocol Negotiation (ALPN).
-
Use global configuration: Determines whether the current domain name uses HTTP/2 based on the value of
EnableHttp2in the parameter configuration, and dynamically follows the value ofEnableHttp2in the parameter configuration. -
Enable: The domain name uses the HTTP/2 protocol after a successful TLS handshake.
-
Disable: The domain name does not use the HTTP/2 protocol after a successful TLS handshake.
NoteFor HTTP connections, the gateway automatically uses the HTTP Upgrade mechanism to upgrade the connection to HTTP/2 if requested by the client. Therefore, this setting applies only to the HTTPS protocol.
TLS Version
Defines the range of TLS versions allowed for this domain name.
-
Minimum Version: The minimum TLS version allowed for this domain name. The default is TLS 1.0.
-
Maximum Version: The maximum TLS version allowed for this domain name. The default is TLS 1.2.
-
Verify the results
Make sure that an accessible routing rule is configured for a path under this domain name. For more information, see Create a routing rule.
-
If the public DNS record for your domain name has propagated, you can verify the configuration by accessing the domain name in a web browser.
-
If you have not configured DNS resolution for your domain name, you can verify the configuration using the following method. For example, if your domain name is
hello.com, replace {public IP} in the following command with your gateway's public IP address.-
Verify HTTP
curl http://hello.com --resolve "hello.com:80:{public IP}" -
Verify HTTPS
curl -v -k https://hello.com --resolve "hello.com:443:{public IP}" --cacert my-cert.pem
-