How to Upload Objects to COS
Cloud Object Storage (COS) supports the following object upload methods:
1. Upload objects via the COS console on the bucket file list webpage. For detailed operations, refer to the Object upload document. Uploading Files to COS but Unable to Access, What to Do?
If you cannot access files after uploading them to COS, refer to the following steps for troubleshooting.
Step One: Use COS Diagnosis Tool to Determine
Step Two: Check Access Permission Configuration
When uploading files, if public read/private write access permission is not specified, the file's access permission is inherited by default from the bucket. For example, if the bucket access permissions are private read/write, the file's access permissions will be the same. You can view object permissions in the file detail of the file list. To access a file with private read/write permissions, you need to carry a valid signature. If you access the object address directly without a valid signature, an AccessDenied error will be reported. The object address format without a signature is: https://<BucketName-APPID>.cos.<Region>.myqcloud.com/<ObjectKey>.
The object address format with a signature is https://<BucketName-APPID>.cos.<Region>.myqcloud.com/<ObjectKey>?q-sign-algorithm=sha1&q-ak=AKXXX&q-sign-time=1704855332;1704858932&q-key-time=1704855332;1704858932&q-header-list=host&q-url-param-list=&q-signature=XXX&x-cos-security-token=XXX.
To access a file with "public-read/private-write" permissions, no signature is needed for direct access. In this scenario, any user can download the object directly through the object URL without identity verification. However, note that making resources publicly readable poses security risks. Once the resource URL is leaked, anyone can access it, possibly leading to traffic theft by malicious users. For more information, see COS authorization and identity verification process. Step Three: Check Domain Configuration
If you use a custom domain name to access COS, domain resolution issues may exist. Ensure the domain resolution is correct. The error message is UserCnameInvalid. Please check whether DNS resolution is correct or whether it has taken effect (normally takes no more than 48 hours). If you host a static website on COS, select static website origin server when configuring COS. For relevant guidelines, see enable custom origin site domain. Step Four: Check Hotlink Protection Configuration
If the error You are denied by bucket referer rule appears, it means the referer parameter in your access does not match the hotlink protection settings. You can disable hotlink protection or ensure your request carries the referer parameter. For the operation guide, see Setting Hotlink Protection. Step Five: Check COS Configuration in Third-Party Storage Component
If you use a third-party storage component (such as PicGo) to integrate with COS, please check whether there is an error in the COS configuration. Reference Using COS in Third-Party Applications. Step Six: Check Other Items
If the account is in arrears, images and other files cannot be opened.
File upload may be incomplete, making files inaccessible. Please ensure complete multipart upload to COS.
How to Download Objects From COS
Does COS Limit the Upload and Download Bandwidth?
Public cloud in the Chinese mainland region: single-account single-region default bandwidth uplink and downstream are 15Gbit/s each.
Other regions: single-account single-region default bandwidth uplink and downstream are 10Gbit/s each. If bandwidth reaches this threshold, the request will trigger flow control. If you have higher bandwidth requirements, contact after-sales engineer. How Can I Directly Preview a File In My Browser without Downloading It?
Step One: Configure Custom Domain Name
For buckets created after January 1, 2024, if you use default domain names (including default bucket domain name, static website domain, and global acceleration domain) to access files, any type of file will not support preview but direct download. For details, see COS Bucket Domain Name Security Management Notification.If you wish to preview files directly through a browser or download objects of apk or ipa type in the bucket, access the objects through a custom domain name.
Step 2: Configure the correct Content-Type and Content-Disposition headers
Ensure the Content-Type header is configured correctly when requesting a COS file, and the Content-Disposition header parameter value is set to inline (means the browser should attempt to open the content). When the browser supports the current file format, it will directly open the file rather than download it. For header parameter configuration, see Custom Headers. How do I directly download a file in my browser without previewing it?
You can go to the COS console and set the Content-Disposition parameter value in the custom object Headers to attachment (means the browser should prompt user to download the Content). For detailed directions, see Custom Headers. You can also let your browser pop up a window for the file to be downloaded by setting the value of the request parameter response-content-disposition in the GET Object API to attachment. For more information, see GET Object. Note:
To use the response-* parameter in a request, the request must be signed.
How do I determine if I am accessing COS over a private network?
Tencent Cloud COS adopts intelligent resolution for COS endpoints. In this way, the optimal linkage can be provided for you to access COS with different ISPs.
If you have deployed a CVM within Tencent Cloud for accessing COS over a private network, you must first ensure that the CVM resides in the same region as the COS bucket, then use the nslookup command on the CVM to resolve the COS endpoint. If a private IP is returned, access between the CVM and COS is over a private network; otherwise, it is over a public network.
Note:
If you access COS service through CVM, use default Tencent Cloud private network DNS address to access over the private network. Do not change CVM service settings as much as possible to avoid private network resolution failure causing connection failure to COS.
If your CVM service deployed in Tencent Cloud is in a different region from the COS bucket but within the available COS regions, you can access files via the COS private network global acceleration domain to achieve cross-region private network access between CVM and COS. Cross-region private network access via the private network global acceleration domain may incur additional fees. For details, see Private Network Global Acceleration. Determining a Private Network Access
Tencent Cloud products within the same region can access each other over a private network, incurring no traffic fees. Therefore, we recommend choosing the same region when you purchase different Tencent Cloud products to save on costs.
Note:
The private networks of Public Cloud regions do not interconnect with those of Finance Cloud regions.
The following shows how to determine access over a private network:
For example, when a CVM accesses COS, to determine whether a private network is used for access, use the nslookup command on the CVM to resolve the COS endpoint. If a private IP is returned, access between the CVM and COS is over a private network; otherwise, it is over a public network.
Note:
Private IP addresses generally take the form of 10.*.*.* or 100.*.*.*, while VPC IP addresses typically take the form of 169.254.*.*. Both forms belong to the private network.
Assume that examplebucket-1250000000.cos.ap-guangzhou.myqcloud.com is the destination bucket address. After executing the nslookup command, you can see the following information:
nslookup examplebucket-1250000000.cos.ap-guangzhou.myqcloud.com
Server: 10.138.224.65
Address: 10.138.224.65
Name: examplebucket-1250000000.cos.ap-guangzhou.myqcloud.com
Address: 10.148.214.13
Name: examplebucket-1250000000.cos.ap-guangzhou.myqcloud.com
Address: 10.148.214.14
Among them, 10.148.214.13 and 10.148.214.14 represent access to COS through private network.
Note:
The private IPs of Tencent Cloud BM instances may be different from those of CVM instances, and their formats are usually 9.*.*.* or 10.*.*.*. If you have any queries, please contact us. How do I download a folder?
You can log in to the COSBrowser, select the folder to be downloaded, and click Download to download the folder or files in batches. You can also download the folder using the COSCMD, COSCLI tool. For more information, see COSCMD Tool and COSCLI Tool. How do I upload or download multiple files using COS?
COS allows you to upload or download multiple files through various methods such as the console, APIs/SDKs, and tools.
When I upload a new file to a bucket in which another file of the same name exists, will the old file be overwritten or will the new file be saved with a different version name?
The versioning feature is now available in COS. If versioning is not enabled for the bucket, when you upload a new file to a bucket in which another file of the same name already exists, the older one will be directly overwritten; if versioning is enabled, multiple versions of the object will co-exist.
What is the minimum part size of a multipart upload in COS?
When uploading large files using multipart upload, can I replace an invalid signature to continue the multipart upload?
Yes.
How do I generate a temporary URL for files in COS?
I have set a validity period for a signature, but why can it still be used to download objects after it has expired?
By default, the browser will cache objects that have been loaded successfully. Therefore, if you access the same URL, the cached object will be returned without requesting the server again. Therefore, you are advised to use the Cache-Control: no-cache header during object upload to prevent browser caching (see PUT Object or Initiate Multipart Upload for details). Alternatively, you can specify the response-cache-control=no-cache request header during object download to prevent browser caching (see GET Object for details). What should I do if I upload a file on the console and "Failed to upload. System error." is displayed?
This error may occur due to an unstable local network environment. You can try the upload again in a different network environment.
How do I prevent others from downloading my COS files?
To do so, you can set your bucket permission to private read/write. For more information, see Setting Access Permission. You can also configure a hotlink protection whitelist on your bucket to block any access from domain names not in the list. For more information, see Setting Hotlink Protection. Can I use case-insensitive download URLs?
No. COS filenames are case-sensitive, and thus so are the download URLs. If you have enabled CDN acceleration for your bucket, you can go to the CDN console to configure Cache Ignore URL Case, which will increase the hit rate to some extent. What should I do if the error "your policy or acl has reached the limit (Status Code: 400; Error Code: PolicyFull)" occurs when I am uploading files or creating a bucket?
COS allows each root account to have up to 1,000 bucket ACLs. If more bucket ACLs have been configured, this error will occur. Therefore, you can delete unnecessary bucket ACLs.
Note:
You are not advised to use object-level ACLs or policies. When calling APIs or SDKs, if you do not need ACL control over a file, we recommend leaving the ACL-related parameters (such as x-cos-acl and ACL) empty to inherit the bucket permissions.
Why Is Downloading Apk/Ipa Files Via Default Domain Not Supported
Why Preview Files with Default Domain Is Not Supported
To ensure the security and stability of the overall service, starting from January 1, 2024, newly created buckets do not support previewing files in the browser using the bucket's default domain (including storage bucket domain name, static website domain, and global acceleration domain). For reference, please see the COS Bucket Domain Usage Security Management Notification (Effective January 2024) document. Previewing Txt Format File Online with Garbled Characters Issue, What Should Be Done
Follow the steps below for troubleshooting:
1. Ensure the encoding (such as UTF-8, GBK) used in the txt format file matches the original file. If inconsistent, please see the Custom Headers document and set the Content-Type accordingly. For example, if the txt format file uses UTF-8 encoding, set the Content-Type to text/plain;charset=UTF-8. 2. The browser may have compatibility issues. Try using a different browser to preview files.
3. Check whether there is damage in the file content or reupload it in another file format.