tencent cloud

Cloud Object Storage

Release Notes and Announcements
Release Notes
Announcements
Product Introduction
Overview
Features
Use Cases
Strengths
Concepts
Regions and Access Endpoints
Specifications and Limits
Service Regions and Service Providers
Billing
Billing Overview
Billing Method
Billable Items
Free Tier
Billing Examples
Viewing and Downloading Bill
Payment Overdue
FAQs
Getting Started
Console
Getting Started with COSBrowser
User Guide
Creating Request
Bucket
Object
Data Management
Batch Operation
Global Acceleration
Monitoring and Alarms
Operations Center
Data Processing
Content Moderation
Smart Toolbox
Data Processing Workflow
Application Integration
User Tools
Tool Overview
Installation and Configuration of Environment
COSBrowser
COSCLI (Beta)
COSCMD
COS Migration
FTP Server
Hadoop
COSDistCp
HDFS TO COS
GooseFS-Lite
Online Tools
Diagnostic Tool
Use Cases
Overview
Access Control and Permission Management
Performance Optimization
Accessing COS with AWS S3 SDK
Data Disaster Recovery and Backup
Domain Name Management Practice
Image Processing
Audio/Video Practices
Workflow
Direct Data Upload
Content Moderation
Data Security
Data Verification
Big Data Practice
COS Cost Optimization Solutions
Using COS in the Third-party Applications
Migration Guide
Migrating Local Data to COS
Migrating Data from Third-Party Cloud Storage Service to COS
Migrating Data from URL to COS
Migrating Data Within COS
Migrating Data Between HDFS and COS
Data Lake Storage
Cloud Native Datalake Storage
Metadata Accelerator
GooseFS
Data Processing
Data Processing Overview
Image Processing
Media Processing
Content Moderation
File Processing Service
File Preview
Troubleshooting
Obtaining RequestId
Slow Upload over Public Network
403 Error for COS Access
Resource Access Error
POST Object Common Exceptions
API Documentation
Introduction
Common Request Headers
Common Response Headers
Error Codes
Request Signature
Action List
Service APIs
Bucket APIs
Object APIs
Batch Operation APIs
Data Processing APIs
Job and Workflow
Content Moderation APIs
Cloud Antivirus API
SDK Documentation
SDK Overview
Preparations
Android SDK
C SDK
C++ SDK
.NET(C#) SDK
Flutter SDK
Go SDK
iOS SDK
Java SDK
JavaScript SDK
Node.js SDK
PHP SDK
Python SDK
React Native SDK
Mini Program SDK
Error Codes
Harmony SDK
Endpoint SDK Quality Optimization
Security and Compliance
Data Disaster Recovery
Data Security
Cloud Access Management
FAQs
Popular Questions
General
Billing
Domain Name Compliance Issues
Bucket Configuration
Domain Names and CDN
Object Operations
Logging and Monitoring
Permission Management
Data Processing
Data Security
Pre-signed URL Issues
SDKs
Tools
APIs
Agreements
Service Level Agreement
Privacy Policy
Data Processing And Security Agreement
Contact Us
Glossary
DokumentasiCloud Object StorageUse Cases Domain Name Management Practice Supporting HTTPS for Custom Endpoints

Supporting HTTPS for Custom Endpoints

PDF
Mode fokus
Ukuran font
Terakhir diperbarui: 2025-11-14 17:29:10

Overview

You can access the objects under a bucket using your own endpoint (the custom endpoint, for example, test.cos.com). Detailed directions are as follows:
Supporting HTTPS for a custom endpoint with CDN acceleration enabled
Supporting HTTPS for a custom endpoint with CDN acceleration disabled

Directions

Enabling CDN Acceleration

Step 1. Bind a custom domain name

Bind the bucket to your own endpoint and enable CDN acceleration. For detailed directions, please see Enabling Custom Accelerated Domain Name.

Step 2. Perform HTTPS configuration

You can configure HTTPS access in the CDN console. For detailed directions, please see HTTPS Configuration Guide.

Disabling CDN Acceleration

This section uses an example to describe how to support HTTPS access in COS by configuring custom endpoints through a reverse proxy (with CDN acceleration disabled). In this example, we use the custom endpoint https://test.cos.com to directly access the testhttps-1250000000 bucket in the Guangzhou region with CDN acceleration disabled. The specific steps are as follows:

Step 1. Bind a custom domain name

HTTPS certificate hosting for custom origin server domain names of COS is supported in public cloud regions in the Chinese mainland and in Singapore. You can bind the certificate to the added custom origin server domain names via the console. For details, see Method 1. If no HTTPS certificate is available for your domain name, click Apply for Free Certificate.
This feature is currently not supported in other regions. To use an HTTPS certificate, see Method 2.

Method 1
: Bind a custom origin server domain name via the COS console
Bind the testhttps-1250000000 bucket to the https://test.cos.com domain and disable CDN acceleration. For detailed directions, please see Enabling Custom Accelerated Domain Name.

Method 2:
Configure a reverse proxy for the domain name
Configure a reverse proxy for the https://test.cos.com endpoint on the server, as shown below (the Nginx configuration is for reference only):
server {
  listen        443;
  server_name  test.cos.com ;

  ssl on;
  ssl_certificate /usr/local/nginx/conf/server.crt;
  ssl_certificate_key /usr/local/nginx/conf/server.key;

  error_log logs/test.cos.com.error_log;
  access_log logs/test.cos.com.access_log;
  location / {
      root /data/www/;
      proxy_pass  http://testhttps-1250000000.cos.ap-guangzhou.myqcloud.com; // Configure the default download domain for the bucket. 
  }
}
Server.crt; and server.key are HTTPS certificates for your own (custom) domain. If no HTTPS certificate is available for your domain, you can apply for one at Tencent Cloud SSL Certificate Service. If no certificate is available, the following configuration information can be deleted, but an alarm will occur during access. Click Continue to access the bucket:
ssl on;
ssl_certificate /usr/local/nginx/conf/server.crt;
ssl_certificate_key /usr/local/nginx/conf/server.key;

Step 2. Resolve the domain name at a server

Resolve your endpoint at your endpoint’s DNS provider.

Step 3. Perform advanced configurations

Opening the web page in a browser directly After configuring the custom endpoint to support HTTPS, you can download objects in the bucket using your domain. If your business requires directly accessing web pages and images in a browser, you can use the static website feature. For detailed directions, please see Setting Up a Static Website. After the configuration is completed, add the following code to the Nginx configuration file, restart Nginx, and refresh the browser cache.
proxy_set_header Host $http_host;
Configuring referer hotlink protection Public buckets might be hotlinked. You can use the hotlink protection feature to set a referer allowlist to prevent malicious hotlinking as follows:
1.1 Log in to the COS console, enable the hotlink protection feature, and configure an allowlist. For detailed directions, please see Setting Hotlink Protection.
1.2 Add the following code to the Nginx configuration file, restart Nginx, and refresh the browser cache.
proxy_set_header   Referer www.test.com;
1.3 After the configuration, if you open the file directly, the error errorcode: -46616 (error message: not hit white refer) will be reported. In this case, you can access the custom endpoint with a proxy to open the page.
{
errorcode: -46616,
errormsg: "not hit white refer, retcode:-46616"
}

Topik sebelumnya: Switch bucket to custom domainTopik selanjutnya: Setting CORS

Bantuan dan Dukungan

Apakah halaman ini membantu?

masukan